CYB 240 Project One Milestone Template
CYB 240 Project One Milestone Template
To complete this template, replace the phrases in
ackets with the relevant information.
Firewall OpenVAS Report
Vulnerability One
Identification: [Insert identification.]
Description: [Insert description.]
Mitigation: [Insert mitigation.]
Vulnerability Two
Identification: [Insert identification.]
Description: [Insert description.]
Mitigation: [Insert mitigation.]
Windows Server OpenVAS Report
Vulnerability One
Identification: [Insert identification.]
Description: [Insert description.]
Mitigation: [Insert mitigation.]
Vulnerability Two
Identification: [Insert identification.]
Description: [Insert description.]
Mitigation: [Insert mitigation.]
Ubuntu Server OpenVAS Report
Vulnerability One
Identification: [Insert identification.]
Description: [Insert description.]
Mitigation: [Insert mitigation.]
Vulnerability Two
Identification: [Insert identification.]
Description: [Insert description.]
Mitigation: [Insert mitigation.]
CYB 240 Project One Milestone Guidelines and Ru
ic Vulnerability Mitigation Report
CYB 240 Project One Milestone Guidelines and Ru
ic
Vulnerability Mitigation Report
Overview
Working within a team to identify vulnerabilities is a daily occu
ence for a cybersecurity analyst. Being able to analyze vulnerability reports and
help the security team mitigate the vulnerabilities is essential. Making system-wide updates and changes can be both good and bad. It is good to
fix issues, but you have to make sure you don’t
eak anything in the process.
The purpose of this assignment is to walk you through how to read and interpret vulnerability analysis scan (OpenVAS) reports and how to
identify vulnerabilities from them. The vulnerabilities that you identify for this assignment will be used in Project One, which will be submitted in
Module Six. The scenario below is the same one you will use in your project as well.
Scenario
You are a cybersecurity analyst working for an IT company that is having issues with its computer systems. The company has supplied you with
OpenVAS reports that detail several issues with security. You will use the reports to identify the vulnerabilities that you will analyze for your
project. The system you will be working with is three tiered with a database back-end server and a web server front end. The system contains
oth Windows and Linux components.
Prompt
Review the three OpenVAS reports generated from the Project One lab environment. They can be accessed by selecting the menu icon above
your list of labs, as shown in the screenshot below. Note that you will not need to complete any work in the lab environment for this assignment.
There is no Milestone One lab to complete.
1
Use the template provided for this milestone. An example has also been provided to give you additional details for this activity. The template
and the example are linked in the Project One Milestone task in Module Four of your course.
You must address the critical elements listed below.
I. Vulnerability Mitigation Report
A. Firewall OpenVAS Report
i. Select two vulnerabilities from the report for identification, including the CVSS number and the name of each
vulnerability.
ii. Provide a description of each identified vulnerability, including its risks and CVE number(s) if applicable.
iii. Provide mitigation techniques for each vulnerability identified.
B. Windows Server OpenVAS Report
i. Select two vulnerabilities from the report for identification, including the CVSS number and the name of each
vulnerability.
ii. Provide a description of each identified vulnerability, including its risks and CVE number(s) if applicable.
2
iii. Provide mitigation techniques for each vulnerability identified.
C. Ubuntu Server OpenVAS Report
i. Select two vulnerabilities from the report for identification, including the CVSS number and the name of each
vulnerability.
ii. Provide a description of each identified vulnerability, including its risks and CVE number(s) if applicable.
iii. Provide mitigation techniques for each vulnerability identified.
Project One Milestone Ru
ic
Guidelines for Submission: Submit your completed template. Use a file name that includes the course code, the assignment title, and your
name—for example, CYB_123_Assignment_Firstname_Lastname.docx.
Critical Elements Proficient (100%) Needs Improvement (55%) Not Evident (0%) Value
Firewall OpenVAS
Report: Identification
Selects two vulnerabilities from the
eport for identification, including the
CVSS number and the name of each
vulnerability
Addresses “Proficient” criteria, but
there are gaps in clarity, logic, or
detail
Does not address critical element, or
esponse is i
elevant
10
Firewall OpenVAS
Report: Description
Provides a description of each
identified vulnerability, including its
isks and CVE number(s) if applicable
Addresses “Proficient” criteria, but
there are gaps in clarity, logic, or
detail
Does not address critical element, or
esponse is i
elevant
10
Firewall OpenVAS
Report: Mitigation
Provides mitigation techniques for
each vulnerability identified
Addresses “Proficient” criteria, but
there are gaps in clarity, logic, or
detail
Does not address critical element, or
esponse is i
elevant
10
Windows Server
OpenVAS Report:
Identification
Selects two vulnerabilities from the
eport for identification, including the
CVSS number and the name of each
vulnerability
Addresses “Proficient” criteria, but
there are gaps in clarity, logic, or
detail
Does not address critical element, or
esponse is i
elevant
10
Windows Server
OpenVAS Report:
Description
Provides a description of each
identified vulnerability, including its
isks and CVE number(s) if applicable
Addresses “Proficient” criteria, but
there are gaps in clarity, logic, or
detail
Does not address critical element, or
esponse is i
elevant
10
Windows Server
OpenVAS Report:
Mitigation
Provides mitigation techniques for
each vulnerability identified
Addresses “Proficient” criteria, but
there are gaps in clarity, logic, or
detail
Does not address critical element, or
esponse is i
elevant
10
Ubuntu Server
OpenVAS Report:
Identification
Selects two vulnerabilities from the
eport for identification, including the
CVSS number and the name of each
vulnerability
Addresses “Proficient” criteria, but
there are gaps in clarity, logic, or
detail
Does not address critical element, or
esponse is i
elevant
10
3
Critical Elements Proficient (100%) Needs Improvement (55%) Not Evident (0%) Value
Ubuntu Server
OpenVAS Report:
Description
Provides a description of each
identified vulnerability, including its
isks and CVE number(s) if applicable
Addresses “Proficient” criteria, but
there are gaps in clarity, logic, or
detail
Does not address critical element, or
esponse is i
elevant
10
Ubuntu Server
OpenVAS Report:
Mitigation
Provides mitigation techniques for
each vulnerability identified
Addresses “Proficient” criteria, but
there are gaps in clarity, logic, or
detail
Does not address critical element, or
esponse is i
elevant
10
Articulation of
Response
Submission has no major e
ors
elated to citations, grammar,
spelling, or organization
Submission has some e
ors related
to citations, grammar, spelling, or
organization that negatively impact
eadability and articulation of main
ideas
Submission has critical e
ors related
to citations, grammar, spelling, or
organization that prevent
understanding of ideas
10
Total 100%
4
CYB 240 Project One Milestone Guidelines and Ru
ic Vulnerability Mitigation Report
Overview
Scenario
Prompt
Project One Milestone Ru
ic
CYB 240 Project One Milestone
Vulnerability Mitigation Report
Example
Overview
For your milestone assignment, you will be creating a vulnerability mitigation report. That report will
contain the three areas below. Read their descriptions for information on where you can find the details
to complete your milestone activity.
Identification: Identification comes from the OpenVAS report. Include the CVSS number of
severity, as well as the name of the vulnerability.
Description: The description comes from the Summary and Impact sections of the OpenVAS
eport. Make sure to discuss risks; also include the CVE number if applicable.
Mitigation: The mitigation techniques come from the Solution section of the OpenVAS report.
The CVE and other references noted may also contain mitigation information you might want to
include.
Example
Review this example. Do not use this example for your milestone or project.
Identification: CVSS: 10.0 Apache Web Server End Of Life Detection (Windows).
Description: The Apache web server is out of date, and it is recommended not to be used until
updated. The risk of not updating this server is leaving the network open to known
vulnerabilities on the old server.
Mitigation: Update the Apache web server version and verify that the new version has been
installed.