Case 1: Using an E-mail Address to Determine a Network’s Operating System
Alexander Rocco Corporation has multiple OSs running in its many offices. Before conducting a security test to determine the vulnerabilities you need to correct, you want to determine whether any OSs are running that you’re not aware of. Christy Fitzgerald, the network administrator/security officer, is resistant to giving you information after he learns you’re there to discover network security vulnerabilities. He sees you as a threat to his position. After several hours of interviews, you can ascertain only that Mike’s personal e-mail address is vetman2601@gmail.com, and an old RHEL server is running on one of the company’s systems. Based on this information, answer the following questions:
Questions:
a. What tools might you use after learning Mike’s e-mail address?
b. What can you determine by entering Mike’s e-mail address into Google? What about just the handle “vetman2601”?
c. Could the information you learned from Google be used to conduct vulnerability testing?
d. Write a memo to the IT manager, Bob Jones, about the potential issues with running a old RHEL 5.8 server, and mention the importance of patch hygiene. Make sure your memo explains how you gathered this information and offers constructive feedback. Your memo shouldn’t point a finger at any company employees; it should discuss problems on a general level.
__________________________________________________________________________________________________________________________________________________________________
Case 2: Using Dumpster-Diving Skills
You have observed that Alexander Rocco Corporation uses Alika’s Cleaning Company for its janitorial services. The company’s floors are vacuumed and mopped each night, and the trash is collected in large bins placed outside for pickup on Tuesdays and Fridays. You decide to visit the dumpster Thursday evening after the cleaning crew leaves. Wearing surgical gloves and carrying a large plastic sheet, you place as much of the trash on the sheet as possible. Sorting through the material, you find the following items: a company phone directory; a Windows NT training kit; 23 outdated Oracle magazines; notes that appear to be programs written in HTML, containing links to a SQL Server database; 15 company memos from key employees; food wrappers; an empty bottle of expensive vodka; torn copies of several resumes; an unopened box of new business cards; and an old pair of women’s running shoes.
Question
a. Based on this information, write a report explaining the relevance these items have. What recommendations, if any, might you give to Alexander Rocco management?