As we approach the end of the semester things are firing on all cylinders. Students have the 3-way handshake down pat and have seen live network attacks – most recently, out of Mumbai, India. They've used a popular cracking tool to perform both dictionary and brute force attacks against a password file. The assignment prompted a few to change the the passwords to their online banking sites.
In a recent series of assignments future practitioners of the information security art configured Cisco ASA firewalls. This is one of the most challenging sections of the course students but by the end students truly understand a firewall isn’t a solution to every security woe. When that aspect of layered security breaks down, another takes over. That’s where our next section on network security monitoring (NSM) enters the picture.
Snort is a popular open-source IDS from SourceFire Corporation and it serves as a great introduction to NSM implementation. Used by businesses both large and small, Snort acts as a detection enging and BASE, a GUI front end, displays a variety of information about the attack. BASE allows for archiving and escalation of events for further investigation. We won't get that far, but this serves as a good introduction.
In our most recent class session I demonstrated port mirroring. In the safety of our quarantined lab environment, I also taught them how to use a popular network security tool to launch a denial of service (DoS) attack against a target. Combine hubs, switches, port mirroring, DoS, and Snort and you’ve got a solid foundation for future NSM implementation.
Another combination of tools, more skills for the resume, and three weeks remaining, with Pen-testing and the Metasploit Framework to go.
No comments:
Post a Comment