$1.$ Setup and Attack Surface Configuration:

At minimum, you must have at least $4$ targets, including at least $1$ Windows and $1$ Linux target.

These targets may be existing targets within your physical environment, or virtual machines that

you provision for this security assessment.

Next, brainstorm a list of tasks, software, and procedures that you must perform on each OS to

reduce the attack surface and mitigate the chance of a security breach. Draw from the topics

covered within this course, but feel free to implement technologies that you have researched on

the internet $$ simply ensure that any security technology or lockdown procedure does not hinder

access to the services intended for each OS$.$

Next, create a simple documentation set that identifies the configuration of the Windows Server,

Linux and Legacy OSes, the update$/$backup cycle, as well as the security technologies and

lockdown procedures implemented. Modify the provided Systems Documentation Word

document template $($IT$3$B$($CybrSec$)-$PEX$-$SystemsDocumentationTemplate$-$v$1\mathrm{.}0)$ to provide this

information.

$2.$ Perform a Vulnerability Assessment:

For each target, perform a detailed Vulnerability Assessment using OpenVAS. Following this, you

must interpret and summarize the results as we demonstrated previously in the course.

$3.$ Generate a Pentesting To$-$Do List:

For each target, brainstorm a list of appropriate pentesting tools that you will execute on the

host. This list should be tailored to the services running on each system and be achievable in the

time provided. You can use many of the tools that you examined within the course, but you must

include at least $3$ new tools that were not discussed. You can modify a copy of the Systems

Documentation from Step $1$ to ease the creation of this list.

$4.$ Perform the Pentest and Prepare the Security Assessment:

Perform the penetration test according to the material you prepared in Step $3,$ saving output and

screenshots that you plan to include in your Security Assessment. Next, prepare your Security

Assessment documentation by modifying the provided Word document template $($IT$3$B$($CybrSec$)-$

PenTest&VulnerabilityAnalysisTemplate$-$v$1\mathrm{.}0).$ Add and remove sections as necessary to match

your pentest.

$5.$ Prepare a Security Assessment Presentation:

Create a PowerPoint presentation that highlights the main points from your Security Assessment

that you can use when presenting your results on the final day of the course.

$6.$ Submit your Systems Documentation and Security Assessment to your Instructor:

Ensure that you submit the following to your instructor through Brightspace, Teams, or email:

$$ Systems Documentation $($Word document$)$

$$ Security Assessment $($Word document and PowerPoint presentation$)$

$$ Any supporting documents $($for example OpenVAS or OWASP Report.