Good point Impelse!  Completely forgot about virtualization (as I close down like 3 of my VMs right now :p)  Definitely an excellent way to go. 

Make sure your Virtual lab is separate from the production lab or you may make some systems mad

And definitely agree with backups/snapshots.

Also document each of your steps while testing so you know where things broke and when and how. 

Well, what you need to do is get them to request in writing the full test with safeties off.  Schedule the test so users will be aware there may be downtime. 

Also you should develop a scope of work for the test. 

• What do they want to know?
• Can the site be taken down?

Can information be stolen?
Is it linked to any backend databases?
Do those databases contain sensitive information?
[/list]

Also include what attacks you intend to use, whether or not they will bring the site down.  The target of the attack should be stated and the window of time it will be attacked.  Preferably off hours so customers will not be affected. 

Metasploit will be helpful, but you may have to utilize other tools to produce decent results.  If the server itself has never been hardened then it won't matter what ports are open, it is probably vulnerable to a number of attack vectors. 

If it is a Web application server then your toolset and attack surface may go beyond just port 80.  Vulnerabilities may be present in the code.

From what I researched myself, Assembly is a big one to know if you want to reverse engineer.  Also knowledge of Python and C is probably helpful as well. 

For Analysis, there are a number of tools available and a nifty book - Malware Analyst's Cookbook

That will get you started with the analysis portion.  There are also some reverse engineering resources out there too.  I believe we have a forum section for that material as well.  Browse through there. 

As far as Certs, well you can browse the GIAC certs, they have one in particular for reverse engineering - GREM, SANS FOR610 is the related course.  You can browse the reference list of the course to get an idea of what you will need to learn.  Also Lenny Zeltser is a good person to follow on Twitter.  He has a decent site as well.

Aside from Malware Analysis and reverse engineering, exploit writing involves programming.  You can review the SANS curriculum for APPSEC to see if anything there interests you. 

That should get your started.  You can also do job searches based on the certs to see what the market looks like.

There are a few areas where programming comes in handy.  Malware analysis and reverse engineering come to mind.  As for your background with .NET development, have you considered focusing in Application security testing or Web App Security?  You may also be interested in exploit development. 

Also Microsoft currently offers enterprises the option to teach their devs about Web Application Security with .NET and ASP.NET.  I don't know if there are any particular certifications associated with it though.

I'm sure there are templates.  I think what you would have to figure out is where the money lies with the company.  Are there major database apps used?  Are there publically facing web/app servers?  What kind of customer data is stored and where is it stored?  Hell look at performing a risk analysis.  Get a decent idea of the business needs and work off that.  Then once you have this information you can determine how to scare... I mean prove to them they require better controls than are currently in place.

Find the window that the money will fly out of if someone left it open!  So lets say the only server that faces the internet is email.  Lets say its Exchange and OWA is in use.  Well is the server fully patched?  Both Windows and Exchange?  Get authorization to run a vulnerability scan against the outside portion.  Document the findings and ensure they are not false positives.  Now what can happen if those findings are true and there is an exploitable vulnerability present?  Can someone use that to bypass the logon and gain access to a mailbox?  What is in the mailbox?  Will it hurt the company in the coin purse if it is leaked?  If all the doors and windows are locked up tight, turn your attention to the gewy inside.  Do the users like clicking on things?  Are your desktop apps fully patched?  Are you utilizing application whitelisting?  Use a tool such as Metasploit to craft a bogus PDF file and show a demo of what an unpatched Adobe Reader app can be used for.  There are many vectors to choose from but it is most important to prove the risk will hurt the company.  Small Businesses can easily be closed if proprietary data is leaked/stolen or customers information is stolen and they decide to sue the company.

As far as Internships, I am sure there are, but you may have to do some digging.  but you may need to keep a full time job if the internship doesn't pay.

I was sort of in your boat.  For the last 10 years I spent much of my time as a Sys Admin.  Even as a consultant for 5+ years I still mainly focused on Sys Admin duties with the ability to branch out in other areas.  As you have seen Sys Admins can easily move into a Security role by being able to focus on more security related areas - AV, Patching, Perimeter security etc...  As you also know, Info Sec is a very general area, there are many branches from Security Engineers who build and ensure the systems are configured correctly and hardened properly to Pentration testers who try to break those systems.  Then you have branches that involve a bit more knowledge in coding like exploit writing/analysis, malwware analysis and reverse engineering.  And as you know there are soooo many cool areas to focus in but each requires its own skillset.

The question for you, what industry is your current company in?  Does it need to be compliant with any standards?  PCI, HIPAA or SOX?  If so see if you can get them to allow you to focus more in that direction and build a new role for yourself, meanwhile you can try to bring in additional help.  If they won't go for that, then your only other option is to look for a new opportunity.  Depending on your location, this can prove difficult or very easy.  

While I was consulting, the last year or so I focused more on security and was able to do more vulnerability assessments.  Eventually I saw an opportunity for a Network Security Admin.  Most of the requirements were heavily related to what I did as a consultant.  Backups, Symantec AV, IPS, Firewall configurations etc...  So I reworked my resume thanks to a recruiter and made it reflect my 10 years of experience so I didn't have to worry too much about the alphabet game.  What you will need to show is the ability to adapt and learn which sounds like you can.  Then just go for a job.  You also may need to relocate depending on where you live now.  Some markets just don't have the demand but Security is now on the minds of even small businesses.  What SMBs can't do is afford the really experienced guys.  

If you like who you work for, and want to give them a chance, work at showing them they need in-house security.  Do a vulnerability assessment of the current environment.  Show them the findings and the risks.  If anything you get some vulnerability testing experience.  

Another +1 to the Bachelors.  Although the SANS courses are enticing   but go get a job that will pay for them and you win   Ok that sounds too easy.  It took me like 10 years to get a job that would finally cough up the 4K for a SANS course, sadly it only lasted about 9 months since they outsourced us all, yeah even the Security engineer :p but got a SANS course, GIAC cert and an iPad out of the deal, not too bad.

unless you come across something like this: 192.168.0.0/27 

Then your broadcast is 192.168.0.31 and network is 192.168.0.1 (I hate you CCNA book but some day I will finish you).

+1 to Don's idea! Some of these types are just script kiddies and may not be too bright. 

Also additional info on utilizing a bootable linux CD.  If you can get online using that OS, then the configuration is with the main OS and not the actual ISP/modem/router equipment.  Meaning, the guy somehow got remote control over the computer and configured the OS with some redirects or proxies.  Another item to document is what happens when they try to go to the internet?  Do they simply get a "Page cannot be displayed..." message or do they get redirected to a website that they can't seem to get past? 

Now that I am currently in a larger more corporate setting, I am finding that I miss the SMB.  The keys to the kingdom are concentrated at the corporate level and the outsourcing vendor.  I now spend more time staring at a useless web portal that shows me pretty graphs and very little raw data.  The site itself is slow and very rarely can you get the information fast enough to respond to an issue.  When you make requests for tools or access to do the job, you are typically refered to an outdated policy.  Some enterprises are so vested in the way they did things back in the day that getting them to change is a much more difficult task than cleaning up the problems.

With SMBs you may not have the budget for the shiny boxes with blinking lights, but you learn to utilize the systems and software you do have.  Not to mention you typically have access to all the log sources and can determine if issues are occuring in a realtime manner.  And if its a quiet week, you can probably go and build a server or evaluate new hardware from your vendor.  Not to mention SMBs are much easier to get a handle on things due to their size.

And, I would agree with Hayabusa, if you try to do consulting on your own, it can be painful.  You best bet is get in with an established company and let them handle scheduling, billing and such and allow you to keep the stuff running.  Establishing a client base is a job in and of itself.

You have to keep in mind that this place is visited by many in the Info Sec profession as well as those we are trying to thwart.  The site is called "EthicalHacker.net."  So when someone who is new to the forum starts off by asking "How do I get my teacher's password..." well we all weren't born yesterday.  That immediately raises a number of flags.  The fact that you have persisted through the usual responses proves you may be actually telling the truth.

Now the excercise itself could be valid, though I don't think any decent teacher would have you hack their own account.  If it was me I would have a lab setup for you all to try your hand.  If someone in the class is there under not-so-ethical terms, they can go beyond the school account and try to gain access to personal accounts. 

Like Hayabusa has said, do the research and if you have questions then ask.  This is an extremely helpful crowd full of excellent resources but they will not do your homework for you.  Also based on the info you have provided about the school and program, it does not seem that it would cover a course on pen testing/hacking.  So you have to understand how fishy that sounds to us.

There is probably at least 5-10 posts a month where someone is brand new and immediately starts in with "How do I hack such and such..."  and usually they do not respond after the initial questioning done by the senior members.

Thanks, I have a nice nmap book at home I just haven't had the time to go through since the reading list continues to grow.  Might be a winter activity.  I just like that it is just so much more than a port scanner and it is always a tool I load on a new build before I bother with any others.

Consulting can vary to your road warrior types that do a few months out or a couple weeks out doing projects.  Or you can work for a consulting company that handles the IT needs of a number of clients and you may only be spending a day at different clients around the state/city.  I worked for 2 such companies and spent my days driving around my state and playing IT Manager at a number of SMBs (Small/Medium Businesses) ranging from Law firms to larger manufacturing companies.  One can put in about 5 years in such a job before getting too fried.  You can do everything from Desktop deployments to Server migrations and Firewall installs.  I did plenty of firewall installs as well as Web/Spam filtering solutions.  So you do get a good amount of exposure and then you can determine the path you may want to follow.  Some companies may even give you an opportunity for professional development. 

Again, the more background experience you have the better security pro you will be.  Me personally, I think half of my career was spent fixing stuff and the rest of my career will be spent preventing it from breaking

Why not both?  I have found with Windows, that you can only do so much before it becomes a repetitive task.  I imagine Linux will be a similar task at some point.  I've never had the pleasure to administer a linux environment, but like most admin jobs, it will become the same old thing.  No matter your platform, networking is the base for all things LAN/WAN.  So it is always helpful to have a good understanding of where your data is heading and how it gets there.  Granted in a larger environment, most network engineers will seldom work on the server level and vice versa.  I think an IT Generalist can certainly move deeper in the Security realm a bit easier than someone who has chosen a set specialization and has not diverted from it much.

Here are my thoughts, as someone in Information Assurance you will be focusing on protecting the data within your network.  The best way to do that will be to know a bit about all aspects of the network.  This really only comes with experience.  I personally have worked roughly 10+ years doing everthing from managing a large public school network, learning alot as I went but ultiamately worked with everything from configuring switches, firewalls, server builds, desktop deployment, AV deployment/management and enterprise applications like Exchange, including migrations.  So I worked the trenches. 

Later I took a postion as a consultant for about 5 years.  Same sort of tasks involved but I then moved into working more with Macs, getting a bit more involved with cross-training on platforms and eventually took an interest in concentrating on security.  I began doing more detailed vulnerability assessments which are fun to do.  Run your automated scans, check to see if they are false positives and determine remediation steps if they are not.  Sadly I had to leave the job due to some conflicts with management but it was time to leave anyway. 

Since then I took a few jobs and I am now in my 2nd position as a Security consultant.  So gain as much knowledge as you can.  The more you know about the networks you need to protect, the better!