Prepare a written proposal for the penetration test plan that describes your firm's approach to performing

Option #1: Attack and Penetration Test Plan Prepare a written proposal for the penetration test plan that describes your firm's approach to performing the penetration test and what specific tasks, deliverables, and reports you will complete as part of your services. Scenario: You are the owner and operator of a small information security consulting firm. You have received a request from one of your clients, Infusion Web Marketing, to provide a written proposal for performing a penetration test on the company's production Web servers and the corporate network. Environment: Scope Production e-commerce Web application server, the e-commerce Web application server is acting as an external point-of-entry into the network: Ubuntu Linux 10.04 LTS Server (TargetUbuntu01) Apache Web Server running the e-commerce Web application server Credit card transaction processing occurs on all web servers. Intrusive or Non-Intrusive Intrusive. The test will include penetrating past specific security checkpoints. Compromise or No Compromise No compromise. The test can compromise with written client authorization only. Scheduling Between 2:00 a.m-6:00 a.m. MST weekend only (Saturday or Sunday) Deliverables: Based on the scenario above, provide a written attack and penetration testing plan. The plan should include these sections: Table of Contents Project Summary Goals and Objectives Tasks Reporting Schedule. Your penetration testing plan should be two to three pages in length and should discuss and cite at least three credible or academic references other than the course materials. The Library is an excellent place to search for credible academic sources. Document and citation formatting should be in conformity with Guide to Writing and APA Requirements. Helpful Resources: The SANS Institute provides several resources that you might find helpful for this assignment: http://www.sans.org/reading-room/whitepapers/testing The National Institute for Standards and Technologies (NIST) also provides guidance on the topic of security and penetration testing: http://csrc.nist.gov/publications/nistpubs/800-115/SP800-115.pdf