<!DOCTYPE html>
<html lang="en"><head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="ie=edge">
<<!DOCTYPE html>
<html lang="en"><head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="ie=edge">
<title>Assignment Information</title>
<!-- HTML RUBRIC TEMPLATE -->
<!-- Bootstrap Grid -->
<link rel="stylesheet" href="/shared/custom_html/shared/bootstrap/4.0.0/css/bootstrap.min.css">
<!--globalCampus.css containing typography standards -->
<link rel="stylesheet" href="/shared/HTML-Template-Library/GC Core Paced/module_templates/../assets/css/main.min.css">
<style>
h2 {
margin-bottom: 0;
}
p {
margin-top: 0;
}
#rubric-responsive table {
margin-left: auto;
margin-right: auto;
border-collapse: collapse;
max-width: 1080px;
width: 100%;
table-layout: fixed;
}
#rubric-responsive thead th:first-child {
width: 17%;
}
#rubric-responsive thead th:last-child {
width: 10%;
}
#rubric-responsive th,
#rubric-responsive td,
#rubric-responsive tbody > tr > :nth-child(1) {
border: 1px solid black;
padding: 7px;
}
#rubric-responsive th,
#rubric-responsive tbody > tr > :nth-child(1) {
background-color: #f5f5f5;
}
#rubric-responsive th {text-align: center;
}
#rubric-responsive td,
#rubric-responsive tbody > tr > :nth-child(1) {
vertical-align: text-top;
}
/* Center data in "Value" column */
#rubric-responsive tbody > tr > :last-child {
text-align: center;
}
/* Style first column like header row in case <th> isn't used */
#rubric-responsive tbody > tr > :nth-child(1) {
font-weight: bold;
text-align: center;
}
/* right align total: text */
#rubric-responsive tbody > tr:last-child > :nth-child(1) {
font-weight: bold;
text-align: right;
}
@media only screen and (max-width: 800px) {
/* Display table elements as block */
#rubric-responsive table,
#rubric-responsive thead,
#rubric-responsive tbody,
#rubric-responsive th,
#rubric-responsive td,
#rubric-responsive tr,
#rubric-responsive tfoot {
display: block;
}
#rubric-responsive caption {
display: inline-block;
margin: 0px auto;
}
/* Remove border from table and center it on screen */
#rubric-responsive table {
border: none;
margin-left: auto;
margin-right: auto;
margin-top: 20px;
}
/* Hide table headers (but not display: none; (for accessibility) */
#rubric-responsive thead tr {
position: absolute;
top: -9999px;
left: -9999px;
}
/* Style responsive table rows */
#rubric-responsive tr {
border: 1px solid #ccc;
}
/* Style responsive table cells */
#rubric-responsive td {
border: none;
border-bottom: 1px solid #eee;
}
#rubric-responsive td:before {
/* Bring "data-title" attribute into table cells */
content: attr(data-attr);
/* display it as inline block so it doesn't interfere with <td> */
display: inline-block;
/* make it take up it's entire "row" */
width: 100%;
/* bold font so it looks like a th */
font-weight: bold;
}
/* Remove "data-title" attribute from first child <td> cells */
/* this removes "Criteria" from the Total row, and will remove criteria from any <td> cells that should be <th> */
#rubric-responsive tbody>tr>td:first-child:before {
content: none;
}
/* Center data in "Value" column */
#rubric-responsive tbody > tr > :last-child {
text-align: left;
}
/* Don't display "100%" cell */
#rubric-responsive tr:last-child td:last-of-type {
display: none;
}
/* Add "100%" after Total: */
#rubric-responsive
tr:last-child
td:first-of-type::after {
content: " 100%";
}
/* remove padding from last row */
#rubric-responsive tr:last-child > td {
padding: 7px;
}
}
/* Print Styles*/
@media print {
@page {
size: landscape;
}
span.rsbtn_text {
display: none !important;
}
p,
ul,
ol,
li,
table,
thead,
tbody,
th,
td,
tr,
tfoot {
font-size: 12px;
}
h1,
h2 {
font-size: 90%;
}
h3,
h4,
h5,
h6 {
font-size: 80%;
}
h1,
h2,
h3,
h4,
h5,
h6,
p {
margin-bottom: 5px;
margin-top: 0px;
}
ul,
ol {
margin-bottom: 5px;
margin-top: 0px;
}
.d-print-none {
display: none;
}
.d-print-block {
display: block;
}
}
</style>
<style>
img {
float: right;
margin-left: 20px;
width: 38vw;
}
@media only screen and (max-width: 800px) {
img {
float:none;
align: center;
width:100vw;
display: block;
margin-left: auto;
margin-right: auto;
}
</style>
</head>
<body>
<h1>CYB 240 Project One Milestone Guidelines and Rubric</h1>
<p><strong>Vulnerability Mitigation Report</strong></p>
<!--Begin copy to add more sections. Use appropriate heading tags for subsections-->
<h2>Overview</h2>
<p>Working within a team to identify vulnerabilities is a daily occurrence for a cybersecurity analyst. Being able to analyze vulnerability reports and help the security team mitigate the vulnerabilities is essential. Making system-wide updates and changes can be both good and bad. It is good to fix issues, but you have to make sure you don’t break anything in the process.</p>
<p>The purpose of this assignment is to walk you through how to read and interpret vulnerability analysis scan (OpenVAS) reports and how to identify vulnerabilities from them. The vulnerabilities that you identify for this assignment will be used in <strong>Project One</strong>, which will be submitted in <strong>Module Six</strong>. The scenario below is the same one you will use in your project as well.</p>
<h2>Scenario</h2>
<p>You are a cybersecurity analyst working for an IT company that is having issues with its computer systems. The company has supplied you with OpenVAS reports that detail several issues with security. You will use the reports to identify the vulnerabilities that you will analyze for your project. The system you will be working with is three tiered with a database back-end server and a web server front end. The system contains both Windows and Linux components.</p>
<h2>Prompt</h2>
<p>Review the three OpenVAS reports generated from the Project One lab environment. They can be accessed by selecting the menu icon above your list of labs, as shown in the screenshot below. Note that you will not need to complete any work in the lab environment for this assignment. There is no Milestone One lab to complete.</p>
<p><img src="course_documents/CYB240_ProjectOneMilestone_image.jpg" alt="To locate your OpenVAS reports, navigate to the menu icon above your list of labs and expand it to find your three reports." title="To locate your OpenVAS reports, navigate to the menu icon above your list of labs and expand it to find your three reports." data-d2l-editor-default-img-style="true" style="width: auto; max-width: 100vw; float: none; display: block; margin-left: auto; margin-right: auto;"></p>
<p>Use the template provided for this milestone. An example has also been provided to give you additional details for this activity. The template and the example are linked in the Project One Milestone task in Module Four of your course.</p>
<p>You must address the <strong>critical elements</strong> listed below.</p>
<ol type="I">
<li><strong>Vulnerability Mitigation Report</strong></li>
<ol type="A">
<li><strong>Firewall OpenVAS Report</strong></li>
<ol type="i">
<li>Select two vulnerabilities from the report for <strong>identification</strong>, including the CVSS number and the name of each vulnerability.</li>
<li>Provide a <strong>description </strong>of each identified vulnerability, including its risks and CVE number(s) if applicable.</li>
<li>Provide <strong>mitigation </strong>techniques for each vulnerability identified.</li>
</ol>
<li><strong>Windows Server OpenVAS Report</strong></li>
<ol type="i">
<li>Select two vulnerabilities from the report for <strong>identification</strong>, including the CVSS number and the name of each vulnerability.</li>
<li>Provide a <strong>description </strong>of each identified vulnerability, including its risks and CVE number(s) if applicable.</li>
<li>Provide <strong>mitigation </strong>techniques for each vulnerability identified.</li>
</ol>
<li><strong>Ubuntu Server OpenVAS Report</strong></li>
<ol type="i">
<li>Select two vulnerabilities from the report for <strong>identification</strong>, including the CVSS number and the name of each vulnerability.</li>
<li>Provide a <strong>description </strong>of each identified vulnerability, including its risks and CVE number(s) if applicable.</li>
<li>Provide <strong>mitigation </strong>techniques for each vulnerability identified.</li>
</ol>
</ol>
</ol>
<!--End copy to add section->
<!--Do NOT change text for "What to Submit" heading-->
<h2>What to Submit</h2>
<p>Submit your completed template. Use a file name that includes the course code, the assignment title, and your name—for example, CYB_123_Assignment_Firstname_Lastname.docx.</p>
<h2 style="text-align: center;">Project One Milestone Rubric</h2>
<div id="rubric-responsive">
<table>
<thead>
<tr><!--Do NOT change text for "Criteria" column heading-->
<th class="table-borderless" scope="col">Criteria</th>
<th scope="col">Proficient (100%)</th>
<th scope="col">Needs Improvement (55%)</th>
<th scope="col">Not Evident (0%)</th>
<!--Do NOT change text for "Value" column heading-->
<th scope="col">Value</th>
</tr>
</thead>
<tbody><!--Begin copy to add ROWS. Update "td data-attr=" to match table headings exactly before copying and pasting.-->
<tr>
<th scope="row">Firewall OpenVAS Report: Identification</th>
<td data-attr="Proficient (100%)">Selects two vulnerabilities from the report for identification, including the CVSS number and the name of each vulnerability</td>
<td data-attr="Needs Improvement (55%)">Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail</td>
<td data-attr="Not Evident (0%)">Does not address critical element, or response is irrelevant</td>
<td data-attr="Value">10</td>
</tr>
<tr>
<th scope="row">Firewall OpenVAS Report: Description</th>
<td data-attr="Proficient (100%)">Provides a description of each identified vulnerability, including its risks and CVE number(s) if applicable</td>
<td data-attr="Needs Improvement (55%)">Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail</td>
<td data-attr="Not Evident (0%)">Does not address critical element, or response is irrelevant</td>
<td data-attr="Value">10</td>
</tr>
<tr>
<th scope="row">Firewall OpenVAS Report: Mitigation</th>
<td data-attr="Proficient (100%)">Provides mitigation techniques for each vulnerability identified</td>
<td data-attr="Needs Improvement (55%)">Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail</td>
<td data-attr="Not Evident (0%)">Does not address critical element, or response is irrelevant</td>
<td data-attr="Value">10</td>
</tr>
<tr>
<th scope="row">Windows Server OpenVAS Report: Identification</th>
<td data-attr="Proficient (100%)">Selects two vulnerabilities from the report for identification, including the CVSS number and the name of each vulnerability</td>
<td data-attr="Needs Improvement (55%)">Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail</td>
<td data-attr="Not Evident (0%)">Does not address critical element, or response is irrelevant</td>
<td data-attr="Value">10</td>
</tr>
<tr>
<th scope="row">Windows Server OpenVAS Report: Description</th>
<td data-attr="Proficient (100%)">Provides a description of each identified vulnerability, including its risks and CVE number(s) if applicable</td>
<td data-attr="Needs Improvement (55%)">Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail</td>
<td data-attr="Not Evident (0%)">Does not address critical element, or response is irrelevant</td>
<td data-attr="Value">10</td>
</tr>
<tr>
<th scope="row">Windows Server OpenVAS Report: Mitigation</th>
<td data-attr="Proficient (100%)">Provides mitigation techniques for each vulnerability identified</td>
<td data-attr="Needs Improvement (55%)">Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail</td>
<td data-attr="Not Evident (0%)">Does not address critical element, or response is irrelevant</td>
<td data-attr="Value">10</td>
</tr>
<tr>
<th scope="row">Ubuntu Server OpenVAS Report: Identification</th>
<td data-attr="Proficient (100%)">Selects two vulnerabilities from the report for identification, including the CVSS number and the name of each vulnerability</td>
<td data-attr="Needs Improvement (55%)">Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail</td>
<td data-attr="Not Evident (0%)">Does not address critical element, or response is irrelevant</td>
<td data-attr="Value">10</td>
</tr>
<tr>
<th scope="row">Ubuntu Server OpenVAS Report: Description</th>
<td data-attr="Proficient (100%)">Provides a description of each identified vulnerability, including its risks and CVE number(s) if applicable</td>
<td data-attr="Needs Improvement (55%)">Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail</td>
<td data-attr="Not Evident (0%)">Does not address critical element, or response is irrelevant</td>
<td data-attr="Value">10</td>
</tr>
<tr>
<th scope="row">Ubuntu Server OpenVAS Report: Mitigation</th>
<td data-attr="Proficient (100%)">Provides mitigation techniques for each vulnerability identified</td>
<td data-attr="Needs Improvement (55%)">Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail</td>
<td data-attr="Not Evident (0%)">Does not address critical element, or response is irrelevant</td>
<td data-attr="Value">10</td>
</tr>
<tr>
<th scope="row">Articulation of Response</th>
<td data-attr="Proficient (100%)">Submission has no major errors related to citations, grammar, spelling, or organization</td>
<td data-attr="Needs Improvement (55%)">Submission has some errors related to citations, grammar, spelling, or organization that negatively impact readability and articulation of main ideas</td>
<td data-attr="Not Evident (0%)">Submission has critical errors related to citations, grammar, spelling, or organization that prevent understanding of ideas</td>
<td data-attr="Value">10</td>
</tr>
<!--End copy to add ROWS--> <!--Paste additional ROWS here.-->
<tr><!--Update "colspan" if columns are removed. Number should equal 1 less than total number of columns.-->
<td colspan="4" style="text-align: right;">Total:</td>
<td>100%</td>
</tr>
</tbody>
</table>
<p></p>
</div>
</body></html><!DOCTYPE html>
<html lang="en"><head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="ie=edge">
<title>Assignment Information</title>
<!-- HTML RUBRIC TEMPLATE -->
<!-- Bootstrap Grid -->
<link rel="stylesheet" href="/shared/custom_html/shared/bootstrap/4.0.0/css/bootstrap.min.css">
<!--globalCampus.css containing typography standards -->
<link rel="stylesheet" href="/shared/HTML-Template-Library/GC Core Paced/module_templates/../assets/css/main.min.css">
<style>
h2 {
margin-bottom: 0;
}
p {
margin-top: 0;
}
#rubric-responsive table {
margin-left: auto;
margin-right: auto;
border-collapse: collapse;
max-width: 1080px;
width: 100%;
table-layout: fixed;
}
#rubric-responsive thead th:first-child {
width: 17%;
}
#rubric-responsive thead th:last-child {
width: 10%;
}
#rubric-responsive th,
#rubric-responsive td,
#rubric-responsive tbody > tr > :nth-child(1) {
border: 1px solid black;
padding: 7px;
}
#rubric-responsive th,
#rubric-responsive tbody > tr > :nth-child(1) {
background-color: #f5f5f5;
}
#rubric-responsive th {text-align: center;
}
#rubric-responsive td,
#rubric-responsive tbody > tr > :nth-child(1) {
vertical-align: text-top;
}
/* Center data in "Value" column */
#rubric-responsive tbody > tr > :last-child {
text-align: center;
}
/* Style first column like header row in case <th> isn't used */
#rubric-responsive tbody > tr > :nth-child(1) {
font-weight: bold;
text-align: center;
}
/* right align total: text */
#rubric-responsive tbody > tr:last-child > :nth-child(1) {
font-weight: bold;
text-align: right;
}
@media only screen and (max-width: 800px) {
/* Display table elements as block */
#rubric-responsive table,
#rubric-responsive thead,
#rubric-responsive tbody,
#rubric-responsive th,
#rubric-responsive td,
#rubric-responsive tr,
#rubric-responsive tfoot {
display: block;
}
#rubric-responsive caption {
display: inline-block;
margin: 0px auto;
}
/* Remove border from table and center it on screen */
#rubric-responsive table {
border: none;
margin-left: auto;
margin-right: auto;
margin-top: 20px;
}
/* Hide table headers (but not display: none; (for accessibility) */
#rubric-responsive thead tr {
position: absolute;
top: -9999px;
left: -9999px;
}
/* Style responsive table rows */
#rubric-responsive tr {
border: 1px solid #ccc;
}
/* Style responsive table cells */
#rubric-responsive td {
border: none;
border-bottom: 1px solid #eee;
}
#rubric-responsive td:before {
/* Bring "data-title" attribute into table cells */
content: attr(data-attr);
/* display it as inline block so it doesn't interfere with <td> */
display: inline-block;
/* make it take up it's entire "row" */
width: 100%;
/* bold font so it looks like a th */
font-weight: bold;
}
/* Remove "data-title" attribute from first child <td> cells */
/* this removes "Criteria" from the Total row, and will remove criteria from any <td> cells that should be <th> */
#rubric-responsive tbody>tr>td:first-child:before {
content: none;
}
/* Center data in "Value" column */
#rubric-responsive tbody > tr > :last-child {
text-align: left;
}
/* Don't display "100%" cell */
#rubric-responsive tr:last-child td:last-of-type {
display: none;
}
/* Add "100%" after Total: */
#rubric-responsive
tr:last-child
td:first-of-type::after {
content: " 100%";
}
/* remove padding from last row */
#rubric-responsive tr:last-child > td {
padding: 7px;
}
}
/* Print Styles*/
@media print {
@page {
size: landscape;
}
span.rsbtn_text {
display: none !important;
}
p,
ul,
ol,
li,
table,
thead,
tbody,
th,
td,
tr,
tfoot {
font-size: 12px;
}
h1,
h2 {
font-size: 90%;
}
h3,
h4,
h5,
h6 {
font-size: 80%;
}
h1,
h2,
h3,
h4,
h5,
h6,
p {
margin-bottom: 5px;
margin-top: 0px;
}
ul,
ol {
margin-bottom: 5px;
margin-top: 0px;
}
.d-print-none {
display: none;
}
.d-print-block {
display: block;
}
}
</style>
<style>
img {
float: right;
margin-left: 20px;
width: 38vw;
}
@media only screen and (max-width: 800px) {
img {
float:none;
align: center;
width:100vw;
display: block;
margin-left: auto;
margin-right: auto;
}
</style>
</head>
<body>
<h1>CYB 240 Project One Milestone Guidelines and Rubric</h1>
<p><strong>Vulnerability Mitigation Report</strong></p>
<!--Begin copy to add more sections. Use appropriate heading tags for subsections-->
<h2>Overview</h2>
<p>Working within a team to identify vulnerabilities is a daily occurrence for a cybersecurity analyst. Being able to analyze vulnerability reports and help the security team mitigate the vulnerabilities is essential. Making system-wide updates and changes can be both good and bad. It is good to fix issues, but you have to make sure you don’t break anything in the process.</p>
<p>The purpose of this assignment is to walk you through how to read and interpret vulnerability analysis scan (OpenVAS) reports and how to identify vulnerabilities from them. The vulnerabilities that you identify for this assignment will be used in <strong>Project One</strong>, which will be submitted in <strong>Module Six</strong>. The scenario below is the same one you will use in your project as well.</p>
<h2>Scenario</h2>
<p>You are a cybersecurity analyst working for an IT company that is having issues with its computer systems. The company has supplied you with OpenVAS reports that detail several issues with security. You will use the reports to identify the vulnerabilities that you will analyze for your project. The system you will be working with is three tiered with a database back-end server and a web server front end. The system contains both Windows and Linux components.</p>
<h2>Prompt</h2>
<p>Review the three OpenVAS reports generated from the Project One lab environment. They can be accessed by selecting the menu icon above your list of labs, as shown in the screenshot below. Note that you will not need to complete any work in the lab environment for this assignment. There is no Milestone One lab to complete.</p>
<p><img src="course_documents/CYB240_ProjectOneMilestone_image.jpg" alt="To locate your OpenVAS reports, navigate to the menu icon above your list of labs and expand it to find your three reports." title="To locate your OpenVAS reports, navigate to the menu icon above your list of labs and expand it to find your three reports." data-d2l-editor-default-img-style="true" style="width: auto; max-width: 100vw; float: none; display: block; margin-left: auto; margin-right: auto;"></p>
<p>Use the template provided for this milestone. An example has also been provided to give you additional details for this activity. The template and the example are linked in the Project One Milestone task in Module Four of your course.</p>
<p>You must address the <strong>critical elements</strong> listed below.</p>
<ol type="I">
<li><strong>Vulnerability Mitigation Report</strong></li>
<ol type="A">
<li><strong>Firewall OpenVAS Report</strong></li>
<ol type="i">
<li>Select two vulnerabilities from the report for <strong>identification</strong>, including the CVSS number and the name of each vulnerability.</li>
<li>Provide a <strong>description </strong>of each identified vulnerability, including its risks and CVE number(s) if applicable.</li>
<li>Provide <strong>mitigation </strong>techniques for each vulnerability identified.</li>
</ol>
<li><strong>Windows Server OpenVAS Report</strong></li>
<ol type="i">
<li>Select two vulnerabilities from the report for <strong>identification</strong>, including the CVSS number and the name of each vulnerability.</li>
<li>Provide a <strong>description </strong>of each identified vulnerability, including its risks and CVE number(s) if applicable.</li>
<li>Provide <strong>mitigation </strong>techniques for each vulnerability identified.</li>
</ol>
<li><strong>Ubuntu Server OpenVAS Report</strong></li>
<ol type="i">
<li>Select two vulnerabilities from the report for <strong>identification</strong>, including the CVSS number and the name of each vulnerability.</li>
<li>Provide a <strong>description </strong>of each identified vulnerability, including its risks and CVE number(s) if applicable.</li>
<li>Provide <strong>mitigation </strong>techniques for each vulnerability identified.</li>
</ol>
</ol>
</ol>
<!--End copy to add section->
<!--Do NOT change text for "What to Submit" heading-->
<h2>What to Submit</h2>
<p>Submit your completed template. Use a file name that includes the course code, the assignment title, and your name—for example, CYB_123_Assignment_Firstname_Lastname.docx.</p>
<h2 style="text-align: center;">Project One Milestone Rubric</h2>
<div id="rubric-responsive">
<table>
<thead>
<tr><!--Do NOT change text for "Criteria" column heading-->
<th class="table-borderless" scope="col">Criteria</th>
<th scope="col">Proficient (100%)</th>
<th scope="col">Needs Improvement (55%)</th>
<th scope="col">Not Evident (0%)</th>
<!--Do NOT change text for "Value" column heading-->
<th scope="col">Value</th>
</tr>
</thead>
<tbody><!--Begin copy to add ROWS. Update "td data-attr=" to match table headings exactly before copying and pasting.-->
<tr>
<th scope="row">Firewall OpenVAS Report: Identification</th>
<td data-attr="Proficient (100%)">Selects two vulnerabilities from the report for identification, including the CVSS number and the name of each vulnerability</td>
<td data-attr="Needs Improvement (55%)">Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail</td>
<td data-attr="Not Evident (0%)">Does not address critical element, or response is irrelevant</td>
<td data-attr="Value">10</td>
</tr>
<tr>
<th scope="row">Firewall OpenVAS Report: Description</th>
<td data-attr="Proficient (100%)">Provides a description of each identified vulnerability, including its risks and CVE number(s) if applicable</td>
<td data-attr="Needs Improvement (55%)">Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail</td>
<td data-attr="Not Evident (0%)">Does not address critical element, or response is irrelevant</td>
<td data-attr="Value">10</td>
</tr>
<tr>
<th scope="row">Firewall OpenVAS Report: Mitigation</th>
<td data-attr="Proficient (100%)">Provides mitigation techniques for each vulnerability identified</td>
<td data-attr="Needs Improvement (55%)">Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail</td>
<td data-attr="Not Evident (0%)">Does not address critical element, or response is irrelevant</td>
<td data-attr="Value">10</td>
</tr>
<tr>
<th scope="row">Windows Server OpenVAS Report: Identification</th>
<td data-attr="Proficient (100%)">Selects two vulnerabilities from the report for identification, including the CVSS number and the name of each vulnerability</td>
<td data-attr="Needs Improvement (55%)">Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail</td>
<td data-attr="Not Evident (0%)">Does not address critical element, or response is irrelevant</td>
<td data-attr="Value">10</td>
</tr>
<tr>
<th scope="row">Windows Server OpenVAS Report: Description</th>
<td data-attr="Proficient (100%)">Provides a description of each identified vulnerability, including its risks and CVE number(s) if applicable</td>
<td data-attr="Needs Improvement (55%)">Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail</td>
<td data-attr="Not Evident (0%)">Does not address critical element, or response is irrelevant</td>
<td data-attr="Value">10</td>
</tr>
<tr>
<th scope="row">Windows Server OpenVAS Report: Mitigation</th>
<td data-attr="Proficient (100%)">Provides mitigation techniques for each vulnerability identified</td>
<td data-attr="Needs Improvement (55%)">Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail</td>
<td data-attr="Not Evident (0%)">Does not address critical element, or response is irrelevant</td>
<td data-attr="Value">10</td>
</tr>
<tr>
<th scope="row">Ubuntu Server OpenVAS Report: Identification</th>
<td data-attr="Proficient (100%)">Selects two vulnerabilities from the report for identification, including the CVSS number and the name of each vulnerability</td>
<td data-attr="Needs Improvement (55%)">Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail</td>
<td data-attr="Not Evident (0%)">Does not address critical element, or response is irrelevant</td>
<td data-attr="Value">10</td>
</tr>
<tr>
<th scope="row">Ubuntu Server OpenVAS Report: Description</th>
<td data-attr="Proficient (100%)">Provides a description of each identified vulnerability, including its risks and CVE number(s) if applicable</td>
<td data-attr="Needs Improvement (55%)">Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail</td>
<td data-attr="Not Evident (0%)">Does not address critical element, or response is irrelevant</td>
<td data-attr="Value">10</td>
</tr>
<tr>
<th scope="row">Ubuntu Server OpenVAS Report: Mitigation</th>
<td data-attr="Proficient (100%)">Provides mitigation techniques for each vulnerability identified</td>
<td data-attr="Needs Improvement (55%)">Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail</td>
<td data-attr="Not Evident (0%)">Does not address critical element, or response is irrelevant</td>
<td data-attr="Value">10</td>
</tr>
<tr>
<th scope="row">Articulation of Response</th>
<td data-attr="Proficient (100%)">Submission has no major errors related to citations, grammar, spelling, or organization</td>
<td data-attr="Needs Improvement (55%)">Submission has some errors related to citations, grammar, spelling, or organization that negatively impact readability and articulation of main ideas</td>
<td data-attr="Not Evident (0%)">Submission has critical errors related to citations, grammar, spelling, or organization that prevent understanding of ideas</td>
<td data-attr="Value">10</td>
</tr>
<!--End copy to add ROWS--> <!--Paste additional ROWS here.-->
<tr><!--Update "colspan" if columns are removed. Number should equal 1 less than total number of columns.-->
<td colspan="4" style="text-align: right;">Total:</td>
<td>100%</td>
</tr>
</tbody>
</table>
<p></p>
</div>
</body></html>title>Assignment Information</title>
<!-- HTML RUBRIC TEMPLATE -->
<!-- Bootstrap Grid -->
<link rel="stylesheet" href="/shared/custom_html/shared/bootstrap/4.0.0/css/bootstrap.min.css">
<!--globalCampus.css containing typography standards -->
<link rel="stylesheet" href="/shared/HTML-Template-Library/GC Core Paced/module_templates/../assets/css/main.min.css">
<style>
h2 {
margin-bottom: 0;
}
p {
margin-top: 0;
}
#rubric-responsive table {
margin-left: auto;
margin-right: auto;
border-collapse: collapse;
max-width: 1080px;
width: 100%;
table-layout: fixed;
}
#rubric-responsive thead th:first-child {
width: 17%;
}
#rubric-responsive thead th:last-child {
width: 10%;
}
#rubric-responsive th,
#rubric-responsive td,
#rubric-responsive tbody > tr > :nth-child(1) {
border: 1px solid black;
padding: 7px;
}
#rubric-responsive th,
#rubric-responsive tbody > tr > :nth-child(1) {
background-color: #f5f5f5;
}
#rubric-responsive th {text-align: center;
}
#rubric-responsive td,
#rubric-responsive tbody > tr > :nth-child(1) {
vertical-align: text-top;
}
/* Center data in "Value" column */
#rubric-responsive tbody > tr > :last-child {
text-align: center;
}
/* Style first column like header row in case <th> isn't used */
#rubric-responsive tbody > tr > :nth-child(1) {
font-weight: bold;
text-align: center;
}
/* right align total: text */
#rubric-responsive tbody > tr:last-child > :nth-child(1) {
font-weight: bold;
text-align: right;
}
@media only screen and (max-width: 800px) {
/* Display table elements as block */
#rubric-responsive table,
#rubric-responsive thead,
#rubric-responsive tbody,
#rubric-responsive th,
#rubric-responsive td,
#rubric-responsive tr,
#rubric-responsive tfoot {
display: block;
}
#rubric-responsive caption {
display: inline-block;
margin: 0px auto;
}
/* Remove border from table and center it on screen */
#rubric-responsive table {
border: none;
margin-left: auto;
margin-right: auto;
margin-top: 20px;
}
/* Hide table headers (but not display: none; (for accessibility) */
#rubric-responsive thead tr {
position: absolute;
top: -9999px;
left: -9999px;
}
/* Style responsive table rows */
#rubric-responsive tr {
border: 1px solid #ccc;
}
/* Style responsive table cells */
#rubric-responsive td {
border: none;
border-bottom: 1px solid #eee;
}
#rubric-responsive td:before {
/* Bring "data-title" attribute into table cells */
content: attr(data-attr);
/* display it as inline block so it doesn't interfere with <td> */
display: inline-block;
/* make it take up it's entire "row" */
width: 100%;
/* bold font so it looks like a th */
font-weight: bold;
}
/* Remove "data-title" attribute from first child <td> cells */
/* this removes "Criteria" from the Total row, and will remove criteria from any <td> cells that should be <th> */
#rubric-responsive tbody>tr>td:first-child:before {
content: none;
}
/* Center data in "Value" column */
#rubric-responsive tbody > tr > :last-child {
text-align: left;
}
/* Don't display "100%" cell */
#rubric-responsive tr:last-child td:last-of-type {
display: none;
}
/* Add "100%" after Total: */
#rubric-responsive
tr:last-child
td:first-of-type::after {
content: " 100%";
}
/* remove padding from last row */
#rubric-responsive tr:last-child > td {
padding: 7px;
}
}
/* Print Styles*/
@media print {
@page {
size: landscape;
}
span.rsbtn_text {
display: none !important;
}
p,
ul,
ol,
li,
table,
thead,
tbody,
th,
td,
tr,
tfoot {
font-size: 12px;
}
h1,
h2 {
font-size: 90%;
}
h3,
h4,
h5,
h6 {
font-size: 80%;
}
h1,
h2,
h3,
h4,
h5,
h6,
p {
margin-bottom: 5px;
margin-top: 0px;
}
ul,
ol {
margin-bottom: 5px;
margin-top: 0px;
}
.d-print-none {
display: none;
}
.d-print-block {
display: block;
}
}
</style>
<style>
img {
float: right;
margin-left: 20px;
width: 38vw;
}
@media only screen and (max-width: 800px) {
img {
float:none;
align: center;
width:100vw;
display: block;
margin-left: auto;
margin-right: auto;
}
</style>
</head>
<body>
<h1>CYB 240 Project One Milestone Guidelines and Rubric</h1>
<p><strong>Vulnerability Mitigation Report</strong></p>
<!--Begin copy to add more sections. Use appropriate heading tags for subsections-->
<h2>Overview</h2>
<p>Working within a team to identify vulnerabilities is a daily occurrence for a cybersecurity analyst. Being able to analyze vulnerability reports and help the security team mitigate the vulnerabilities is essential. Making system-wide updates and changes can be both good and bad. It is good to fix issues, but you have to make sure you don’t break anything in the process.</p>
<p>The purpose of this assignment is to walk you through how to read and interpret vulnerability analysis scan (OpenVAS) reports and how to identify vulnerabilities from them. The vulnerabilities that you identify for this assignment will be used in <strong>Project One</strong>, which will be submitted in <strong>Module Six</strong>. The scenario below is the same one you will use in your project as well.</p>
<h2>Scenario</h2>
<p>You are a cybersecurity analyst working for an IT company that is having issues with its computer systems. The company has supplied you with OpenVAS reports that detail several issues with security. You will use the reports to identify the vulnerabilities that you will analyze for your project. The system you will be working with is three tiered with a database back-end server and a web server front end. The system contains both Windows and Linux components.</p>
<h2>Prompt</h2>
<p>Review the three OpenVAS reports generated from the Project One lab environment. They can be accessed by selecting the menu icon above your list of labs, as shown in the screenshot below. Note that you will not need to complete any work in the lab environment for this assignment. There is no Milestone One lab to complete.</p>
<p><img src="course_documents/CYB240_ProjectOneMilestone_image.jpg" alt="To locate your OpenVAS reports, navigate to the menu icon above your list of labs and expand it to find your three reports." title="To locate your OpenVAS reports, navigate to the menu icon above your list of labs and expand it to find your three reports." data-d2l-editor-default-img-style="true" style="width: auto; max-width: 100vw; float: none; display: block; margin-left: auto; margin-right: auto;"></p>
<p>Use the template provided for this milestone. An example has also been provided to give you additional details for this activity. The template and the example are linked in the Project One Milestone task in Module Four of your course.</p>
<p>You must address the <strong>critical elements</strong> listed below.</p>
<ol type="I">
<li><strong>Vulnerability Mitigation Report</strong></li>
<ol type="A">
<li><strong>Firewall OpenVAS Report</strong></li>
<ol type="i">
<li>Select two vulnerabilities from the report for <strong>identification</strong>, including the CVSS number and the name of each vulnerability.</li>
<li>Provide a <strong>description </strong>of each identified vulnerability, including its risks and CVE number(s) if applicable.</li>
<li>Provide <strong>mitigation </strong>techniques for each vulnerability identified.</li>
</ol>
<li><strong>Windows Server OpenVAS Report</strong></li>
<ol type="i">
<li>Select two vulnerabilities from the report for <strong>identification</strong>, including the CVSS number and the name of each vulnerability.</li>
<li>Provide a <strong>description </strong>of each identified vulnerability, including its risks and CVE number(s) if applicable.</li>
<li>Provide <strong>mitigation </strong>techniques for each vulnerability identified.</li>
</ol>
<li><strong>Ubuntu Server OpenVAS Report</strong></li>
<ol type="i">
<li>Select two vulnerabilities from the report for <strong>identification</strong>, including the CVSS number and the name of each vulnerability.</li>
<li>Provide a <strong>description </strong>of each identified vulnerability, including its risks and CVE number(s) if applicable.</li>
<li>Provide <strong>mitigation </strong>techniques for each vulnerability identified.</li>
</ol>
</ol>
</ol>
<!--End copy to add section->
<!--Do NOT change text for "What to Submit" heading-->
<h2>What to Submit</h2>
<p>Submit your completed template. Use a file name that includes the course code, the assignment title, and your name—for example, CYB_123_Assignment_Firstname_Lastname.docx.</p>
<h2 style="text-align: center;">Project One Milestone Rubric</h2>
<div id="rubric-responsive">
<table>
<thead>
<tr><!--Do NOT change text for "Criteria" column heading-->
<th class="table-borderless" scope="col">Criteria</th>
<th scope="col">Proficient (100%)</th>
<th scope="col">Needs Improvement (55%)</th>
<th scope="col">Not Evident (0%)</th>
<!--Do NOT change text for "Value" column heading-->
<th scope="col">Value</th>
</tr>
</thead>
<tbody><!--Begin copy to add ROWS. Update "td data-attr=" to match table headings exactly before copying and pasting.-->
<tr>
<th scope="row">Firewall OpenVAS Report: Identification</th>
<td data-attr="Proficient (100%)">Selects two vulnerabilities from the report for identification, including the CVSS number and the name of each vulnerability</td>
<td data-attr="Needs Improvement (55%)">Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail</td>
<td data-attr="Not Evident (0%)">Does not address critical element, or response is irrelevant</td>
<td data-attr="Value">10</td>
</tr>
<tr>
<th scope="row">Firewall OpenVAS Report: Description</th>
<td data-attr="Proficient (100%)">Provides a description of each identified vulnerability, including its risks and CVE number(s) if applicable</td>
<td data-attr="Needs Improvement (55%)">Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail</td>
<td data-attr="Not Evident (0%)">Does not address critical element, or response is irrelevant</td>
<td data-attr="Value">10</td>
</tr>
<tr>
<th scope="row">Firewall OpenVAS Report: Mitigation</th>
<td data-attr="Proficient (100%)">Provides mitigation techniques for each vulnerability identified</td>
<td data-attr="Needs Improvement (55%)">Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail</td>
<td data-attr="Not Evident (0%)">Does not address critical element, or response is irrelevant</td>
<td data-attr="Value">10</td>
</tr>
<tr>
<th scope="row">Windows Server OpenVAS Report: Identification</th>
<td data-attr="Proficient (100%)">Selects two vulnerabilities from the report for identification, including the CVSS number and the name of each vulnerability</td>
<td data-attr="Needs Improvement (55%)">Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail</td>
<td data-attr="Not Evident (0%)">Does not address critical element, or response is irrelevant</td>
<td data-attr="Value">10</td>
</tr>
<tr>
<th scope="row">Windows Server OpenVAS Report: Description</th>
<td data-attr="Proficient (100%)">Provides a description of each identified vulnerability, including its risks and CVE number(s) if applicable</td>
<td data-attr="Needs Improvement (55%)">Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail</td>
<td data-attr="Not Evident (0%)">Does not address critical element, or response is irrelevant</td>
<td data-attr="Value">10</td>
</tr>
<tr>
<th scope="row">Windows Server OpenVAS Report: Mitigation</th>
<td data-attr="Proficient (100%)">Provides mitigation techniques for each vulnerability identified</td>
<td data-attr="Needs Improvement (55%)">Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail</td>
<td data-attr="Not Evident (0%)">Does not address critical element, or response is irrelevant</td>
<td data-attr="Value">10</td>
</tr>
<tr>
<th scope="row">Ubuntu Server OpenVAS Report: Identification</th>
<td data-attr="Proficient (100%)">Selects two vulnerabilities from the report for identification, including the CVSS number and the name of each vulnerability</td>
<td data-attr="Needs Improvement (55%)">Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail</td>
<td data-attr="Not Evident (0%)">Does not address critical element, or response is irrelevant</td>
<td data-attr="Value">10</td>
</tr>
<tr>
<th scope="row">Ubuntu Server OpenVAS Report: Description</th>
<td data-attr="Proficient (100%)">Provides a description of each identified vulnerability, including its risks and CVE number(s) if applicable</td>
<td data-attr="Needs Improvement (55%)">Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail</td>
<td data-attr="Not Evident (0%)">Does not address critical element, or response is irrelevant</td>
<td data-attr="Value">10</td>
</tr>
<tr>
<th scope="row">Ubuntu Server OpenVAS Report: Mitigation</th>
<td data-attr="Proficient (100%)">Provides mitigation techniques for each vulnerability identified</td>
<td data-attr="Needs Improvement (55%)">Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail</td>
<td data-attr="Not Evident (0%)">Does not address critical element, or response is irrelevant</td>
<td data-attr="Value">10</td>
</tr>
<tr>
<th scope="row">Articulation of Response</th>
<td data-attr="Proficient (100%)">Submission has no major errors related to citations, grammar, spelling, or organization</td>
<td data-attr="Needs Improvement (55%)">Submission has some errors related to citations, grammar, spelling, or organization that negatively impact readability and articulation of main ideas</td>
<td data-attr="Not Evident (0%)">Submission has critical errors related to citations, grammar, spelling, or organization that prevent understanding of ideas</td>
<td data-attr="Value">10</td>
</tr>
<!--End copy to add ROWS--> <!--Paste additional ROWS here.-->
<tr><!--Update "colspan" if columns are removed. Number should equal 1 less than total number of columns.-->
<td colspan="4" style="text-align: right;">Total:</td>
<td>100%</td>
</tr>
</tbody>
</table>
<p></p>
</div>
</body></html>