This assignment has two parts. It is due by 2/22 at 11:59 PM. To submit your homework, please post your responses as either a public note or as a link to your publicly available writeup on Piazza.
There will be a late penalty of 5% off per day late!
Mark has recently discovered that his company's web server has been broken into by the crafty CMSC389R ethical hackers. After reading your published report, Mark has reached out to you to seek guidance in how he can repair some of the vulnerabilities that you have discovered. Choose 3 specific vulnerabilities from homework 2 that you have identified (ie. exposed ports, weak passwords, etc.) and write a brief summary of some suggestions you can provide Mark for the Briong web server. Be as thorough as possible in your answer, use specific examples and citing online research into security techniques that could be applied to the Briong server (ie. firewall, IDS/IPS, password managers, etc.).
Organizations like Have I Been Pwned, Shodan, and Censys provide the public with information that could cause personal or corporate harm -- HIBP allows you to query for a list of hacked accounts registered to an email address, and Shodan and Censys collect information about vulnerable systems, allowing anyone to query it. However, all three place checks on the information they provide: HIBP doesn't directly link to the hacked credentials that they report, and Shodan/Censys do directly not provide exploits for the vulnerabilities revealed by their scans. Consider what (if any) ethical distinctions there are between the policies of HIBP and Shodan/Censys, and present a short ethical argument in favor of one or the other (or an entirely novel position).
You should consider including real world examples of PoCs that utilize vulnerability and internet scanning services (ie. Shodan/Censys) in your argument.
All three parts should be written in the same blog post, clearly separated. Part 1 and 2 can be answered in bullet form or full, grammatical sentences.
Part 1 is worth 50 points, part 2 is worth 50.
Look through the slides from lecture 1, 2, 3 and 4 for guidance. Let us know if you have any questions.
Good luck!