Ethical Hacking Labs
advertisement
Capstone Presentation Ethical Hacking Labs MSISA Program – Dan Garfield Overview • About Dan Garfield The Earlier Days The Latter Days Training Clients Certifications Consulting Clients • About the Project Background of the Project Tools of the Trade Hacking Lab Exercises The Need for New Exercises Near Term Expansion Plans Lab Development Process Source of Lab Tools Lab Environment Course Delivery Package About Dan Garfield The Earlier Days • Invented ground breaking synchronization technology for music applications Patented technology Designed and marketed 22 related products between 1982 and 1988 Touring musician, synthesist, and technologist between 1987 and 1997 The Latter Days • Entered information technology field in 1997 Director of Networks 1999 – 2000 at The Renaissance Center outside of Nashville, TN IT infrastructure and security training and consulting 2000 to present Current course deliveries include CISSP, CEH, SCNP, Cisco firewalls, and all courses in the Cisco CCNA and CCNP programs National and international course deliveries include US, Canada, Mexico, Germany, England, Italy, and Turkey Training Clients University College – London, UK University of Leeds – Leeds, UK University of Miami – Miami, FL University of Idaho – Moscow, ID University of Texas – Houston, TX St Edwards University – Austin, TX University of Texas Pan America – Edinburg, TX Lakehead University – Thunder Bay, ON, Canada University of Alberta – Edmonton, AB, Canada Lethbridge College – Lethbridge, AB, Canada University of Toronto – Toronto, ON, Canada Texas A&M University – Bryan, TX University of British Columbia – Vancouver, BC, Canada University of Ohio Corporate Education Center – Columbus, OH Vigilar – Atlanta, GA The Training Camp – Poconos, WV Intense School – Ft Lauderdale, FL New Horizons – various locations Ascolta – Glendale, CA Global Knowledge – various locations Element K – various locations Geek Cruises – Caribbean cruise ship course delivery JP Morgan/Chase headquarters – NYC Wells Fargo – San Francisco, CA Charles Schwab – San Francisco, CA Metavante – Milwaukee, WI Wachovia – Greenville, SC Chrysler – Detroit, MI Bilginc – Istanbul, Turkey WalMart headquarters – Bentonville, AR Neil Corporation – Hammond, LA Cache Creek Casino – Brooks, CA Fort Pendleton – Calabasas, CA Quantico Marine Corp Base – Quantico, VA Marine Corp Base – Kaneohe, HI Beale Air Force Base – CA US Rangers – Fort Benning, GA US Naval Station – Norfolk, VA US Army, Fort Dix – New Hanover, NJ US Air Force Academy – Colorado Springs, CO NASA – Stennis Space Center, MS Lockheed Martin – Herndon, Va General Dynamics – Scottsdale, AZ Allen-Bradley – San Diego, CA Jacobs Corp – Huntsville, AL Dade County IT – Miami, FL New Orleans IT – New Orleans, LA County power company – Spokane, WA Michigan state government – Lansing, MI Rochester School District – Rochester, NY United Nations – Brindisi, Italy CACI – Washington, DC Department of Justice, US Marshals Service – Greensboro, NC Certifications Certified Ethical Hacker (CEH) EC Council Security Analyst (ECSA) Computer Hacking Forensic Investigator (CHFI) Certified Wireless Security Professional (CWSP) EC Council Disaster Recovery Professional (EDRP) GIAC Certified ISO-17799 Specialist (G7799) Certified Information Systems Security Professional (CISSP) Cisco Certified Network Professional (CCNP) Certified Penetration Testing Engineer (CPTE) Certified Digital Forensics Examiner (CDFE) Security Certified Network Professional (SCNP) Certified HIPAA Professional (CHP) Certified HIPAA Security Specialist (CHSS) Microsoft Certified Systems Engineer (MCSE) Certified Technical Trainer (CTT+) CompTIA: Hardware (A+) CompTIA: Networking (Network+) CompTIA: Project Management (Project+) Sun Certified Java Associate (SCJA) CIW Site Designer (CIWSD) CIW Database Specialist (CIWDS) INFOSEC Professional Consulting Clients Presidio Financial (portfolio management) - San Francisco, CA Parental Stress Services (social services) - Oakland, CA Cache Creek Casino (gaming) - Brooks, CA Murphy Pearson Brown & Feeney (law firm) - San Francisco, CA Applied Biosystems (biotechnology) - Foster City, CA KLA-Tencor (semiconductor yield specialists) - Milpitas, CA Alameda Community College District (education) - Oakland, CA Northwest Open Access Network, NOANET (regional ISP) - Portland, OR Berkeley Public Library (community services) - Berkeley, CA King County (government) - Seattle, WA Modesto Irrigation District, Modesto CA (public utilities) ArthroCare, (health care industry) - Sunnyvale, CA Fibrogen (biotechnology) - South San Francisco, CA Funtigo (media sharing service) - San Francisco, CA Embarcadero Systems Corp (transportation supply chain management) Alameda, CA About the Project Background of the Project • The need for information systems security Pervasive reliance upon critical systems demands protection of these systems Vulnerability assessment, penetration testing, and remediation of weaknesses comprise an important aspect of information security • It takes one to know one The ethical hacker defends information systems by understanding and applying the same tools and techniques used by system attackers to discover exploitable vulnerabilities Tools of the Trade • Historical exploits Found in typical instructional materials and courses Useful for illustrating concepts in a training environment • Cutting edge exploits What the professionals are actually using Rarely exposed in traditional training • Defense and attack perspectives differ Detailed attack knowledge requirement is less Hardening systems is often more procedural than technical Hacking Lab Exercises • An essential adjunct to training lectures • Tool categories include footprinting scanning enumeration system hacking trojans sniffers password crackers vulnerability scanners The Need for New Exercises • Labs provided with some ethical hacking courses can be inadequate Insufficient testing prior to publication Outdated tools Vague instructions • Attack target variety Older unpatched operating system targets are useful for demonstrating concepts Students are usually interested in seeing exploits against more recent operating systems, such as Server 2008 and Windows 7 Near Term Expansion Plans • Current lab set will be expanded to include Hydra password cracker Nessus vulnerability scanner More variety of use for netcat and hping Deeper exploration of Backtrack tools Cutting edge use of the Metasploit project • Metasploit autopwn Automates use of all exploits against a target • Backtrack fast track Automates already automated Metasploit autopwn to the level of point and click – extremely powerful Lab Development Process • Ethical hacking lab development based on Extensive reading about the subject Seven years course delivery experience Testing each lab step-by-step to ensure accuracy Student knowledge contributions • classes comprised of students with varying backgrounds, skill levels, and areas of expertise • every course delivery yields new knowledge for the instructor Source of Lab Tools • Most freely available from the internet • Vendor demo versions good for duration of the class • Built into operating systems • From operating system resource kits • Dozens of hacking tools pre-installed on Backtrack The Backtrack project is a bootable Linux-based OS that can be launched from • CD-ROM • VMware virtual machine Lab Environment • Operating systems based in preconfigured VMware virtual machines automatically adapt to available PC hardware VMware allows multiple operating systems to exist simultaneously on a single PC Some course deliveries require students to bring their own laptop PC loaded with VMware • VMware virtual machines and lab tools loaded onsite • Reduces training space expense and setup time Current operating systems include Windows 2000, Windows Server 2003, XP Professional, and Backtrack Course Delivery Package • Textbook a variety of vendor courseware or commercial texts can be used • Lab tools CD-ROM includes all tools used in the lab exercises organized to match flow of the course can be installed to PCs ahead of class by training center or on first day of class • Outline of PowerPoint presentation PDF file providing the presentation in outline form Course Delivery Package • Provision of VMware VMs Can be installed ahead of class by the training center Can also be installed on first day of class when students bring their own laptops • Lab exercise manual Presently includes over 100 lab exercises Each exercise includes an introductory paragraph explaining application of the tool Content evolves over time as better tools and techniques supplant older material About the MSISA Program • Bachelors program was mostly a review of topics studied ten years ago. • Masters program has been a perfect fit with information security areas already in practice. • Ethical hacking and computer forensics were already known and essentially comprised a review. About the MSISA Program • ISO 27001/27002 information security management system information was new and has been integrated into my classes. • Wireless security coverage greatly expanded my depth of knowledge in that arena and is used to extend ethical hacking and CISSP course deliveries. About the MSISA Program • Cyberlaw brought much greater depth to my knowledge of the subject, which was mostly related to previous deliveries of CISSP. • Leadership and Professionalism studies were new to me and have provided great objective insight into the dynamics of people management. • The Critical Thinking component of the bachelors program at WGU also provided new information that has been an integrated part of my thought processes ever since. About the MSISA Program • My overall perspective on system security has been widened as a result of the WGU masters program in information security and assurance. • The information gained from the program has ongoing application in the security and infrastructure training courses that I deliver as well as in thinking the big picture in consulting projects. Discussion
