.

Security related projects

<<

yatz

Full Member
Full Member

Posts: 222

Joined: Tue May 25, 2010 2:58 pm

Post Tue Jul 13, 2010 3:49 pm

Security related projects

I need to come up with some projects for the 2010-2011 year.  The projects should be something with a scope of a few months.  I will research/deploy/test/etc. some kind of technology or process that benefits the company.

Anyone got any ideas???  Maybe something fun you have done in the past?

;D ???
"Live as though you would die tomorrow, learn as though you would live forever."

CCNA, MCSA, MCTS, Sec+, Net+, Linux+, CEH
<<

ziggy_567

User avatar

Sr. Member
Sr. Member

Posts: 378

Joined: Tue Dec 30, 2008 1:53 pm

Post Tue Jul 13, 2010 4:40 pm

Re: Security related projects

What type of projects? i.e. what is your role?
--
Ziggy


eCPPT - GSEC - GCIH - GWAPT - GCUX - RHCE - SCSecA - Security+ - Network+
<<

partek

Newbie
Newbie

Posts: 27

Joined: Thu Feb 28, 2008 6:15 pm

Post Tue Jul 13, 2010 11:00 pm

Re: Security related projects

yatz wrote:I need to come up with some projects for the 2010-2011 year.  The projects should be something with a scope of a few months.  I will research/deploy/test/etc. some kind of technology or process that benefits the company.

Anyone got any ideas???  Maybe something fun you have done in the past?

;D ???


Unfortunately as fun as it may be you can't implement security for the sake of security. There needs to be a valid business need to for any sort of security project. You should look for a problem to solve, and find ways to solve it. Look around and ask around, chances are if you're like a normal company there are an embarassingly large number of problems that need to solved. Once you have the problems identified, then you can come up with the projects in order to solve them.
CISSP, CISM, CISA, CCNA Security, OSCP, CEH
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Wed Jul 14, 2010 8:49 am

Re: Security related projects

It sounds like he's just looking for projects for personal study. It'll be difficult to recommend things without knowing your interests.

If you're bored, why don't you start a blog and see what direction that takes you in?
The day you stop learning is the day you start becoming obsolete.
<<

yatz

Full Member
Full Member

Posts: 222

Joined: Tue May 25, 2010 2:58 pm

Post Wed Jul 14, 2010 8:59 am

Re: Enjoyable projects

Thanks for the replies, and yes I know it needs to be decided by business need.  Thankfully I'm allowed some latitude in my choice of projects as long as I can show a business impact.

In this case, let me rephrase the question:

What do you do on a daily/weekly/monthly basis that you enjoy?

(Maybe I can use some of the ideas to see how they fit my environment, something that I hadn't yet know that needed to be done.)
"Live as though you would die tomorrow, learn as though you would live forever."

CCNA, MCSA, MCTS, Sec+, Net+, Linux+, CEH
<<

yatz

Full Member
Full Member

Posts: 222

Joined: Tue May 25, 2010 2:58 pm

Post Wed Jul 14, 2010 9:09 am

Re: Security related projects

ziggy_567 wrote:What type of projects? i.e. what is your role?

My role is officially Network Technician, but I play more of a System Administrator role.

dynamik wrote:It'll be difficult to recommend things without knowing your interests.

My interests are all over the board.  I enjoy programming/scripting, hardware, vulnerability research and exploitation, and so on.  Maybe I sound like every other security enthusiast out there.

dynamik wrote:It sounds like he's just looking for projects for personal study.

The best projects are those you would do on your free time and get paid for.


I really get a great feeling when I'm learning a new tool and can see the practical uses of it.  Just yesterday I was watching a webcast that demo'd a tool called SAPD that extracts passwords for accounts running services.  Well, I ran into a problem not too long ago where I didn't have the password for a service documented and then needed it.  If I'd have had this tool back then I wouldn't have had to reset the password and pray nothing else would be affected.

From what I hear, the CEH courseware deals heavily with tool familiarity, so I'm looking forward to studying for that.

Anyway, if the question is still too vague, I understand.  I will need to think of something and I wanted to do something fun that I have not done before.
Last edited by yatz on Wed Jul 14, 2010 9:10 am, edited 1 time in total.
"Live as though you would die tomorrow, learn as though you would live forever."

CCNA, MCSA, MCTS, Sec+, Net+, Linux+, CEH
<<

ziggy_567

User avatar

Sr. Member
Sr. Member

Posts: 378

Joined: Tue Dec 30, 2008 1:53 pm

Post Wed Jul 14, 2010 9:28 am

Re: Security related projects

From a Systems Administration standpoint two projects that I've worked on recently that were a lot of fun (and fairly inexpensive) were setting up OSSEC on our PCI segment and Splunk/Syslog-ng SIEM implementation.

If you're not doing log aggregation and monitoring, this can be a huge "quick win." Not only is log monitoring incredibly important for security, it will make misconfigurations glaringly obvious most of the time! Not only will the Security folks be happy, but Operations will get on-board with the project if you can show them how useful a tool it is...

Good luck!
--
Ziggy


eCPPT - GSEC - GCIH - GWAPT - GCUX - RHCE - SCSecA - Security+ - Network+
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Wed Jul 14, 2010 10:57 am

Re: Security related projects

If you're a system admin & it's a MS shop, might be a great time to learn powershell.

Don
CISSP, MCSE, CSTA, Security+ SME
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Wed Jul 14, 2010 11:41 am

Re: Security related projects

I have to agree with Ziggy_567

Centralized syslog server or a dedicated syslog server per site based on inter-office interconnectivity (I have small pipes I don't want to flood with udp syslog traffic). I prefer syslog, rsyslog and syslog-ng.

Network monitoring tools, like Nagios (if you're not monitoring already).

I'm building new network monitoring boxes:
OS - Debian
Nagios
Bandwidthd
rsyslogd
ntop
wireshark (for packet monitoring)


Things I've done in the past.
Something else, depending on your firewall / network design a Proxy server would be nice. My ASA can use WCCC (I think that's the protocol) to check with Squid to allow traffic or not.

There is some fun scripting you can do with log files. I have one log file that's just for my firewall logs. I have a couple of nice scripts that check for policy violations.

You could also write a few scripts looking for multimedia (music and movies), on network drives, or peoples desktops if you have the right permissions.
OSWP, Sec+
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Wed Jul 14, 2010 2:01 pm

Re: Security related projects

thought of something else. If those tool are in place already, audit them to make sure they're doing what everyone thinks they should be doing.
OSWP, Sec+
<<

sil

User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Wed Jul 14, 2010 9:04 pm

Re: Security related projects

I had to undergo a SIGv5 audit for AT&T recently so I took up a project on my own accord to keep us compliant well after the fact. The tasks consisted of a semi-automated pentesting platform to do two things... Perform a quarterly pentest from the outside scope, perform one from the inside scope, correlate all the data, then slap that data into OSSIM. The images were created from scratch using VMWare and a slew of tools. CANVAS, Metasploit, RRDTool (for graphing on my own), Acunetix and W3AF with a push/pull custom configuration I update daily. Horribly butchered in a shell script using expect. For applications we develop, Klockwork and beStorm ... Wish I had Codenomicon, but they won't let me purchase it.

The initial configuration and parameters for testing get tweaked, uploaded to a server and both the "outside scope" and "inside scope" server downloads the parameters and fires away the tests. Now be advised, all my parameters are usually set to cover/stealth/decoys so it is as real as an attack as I can perform. My network admins were not told the entire gist of this (management is aware) so we get to test incident response (whose gonna contact the security team of the issues). Initially I thought about vanilla Nessus for auditing, but metasploit using a modified (targeted) autopwn works wonders. CANVAS usually mops up the place for anything unique...

The goal... Give my company a realistic view of the low to mid level hanging fruit and lock it down. Provide reporting on a quarterly basis for the powers that be, backup and log all information across syslog for future parsing. Backup and copy over tcpdump output for Netwitness analysis. Since we're trying to be on point, my goal was super simple... "I will hack my own company on a quarterly basis... I know what we use, I know the strengths and weaknesses... I could create a super focused attack..." As it stands... I could "social engineer" individuals in my company from time to time, but that's severly flawed... Most people are paranoid about the things I do with my testing let alone what someone else sends. OSSIM? Gathers up the aftermath of the testing, stores event data in which I can go back and clean up the false positives and false negatives.

Lastly, every week or two I try to create a new "By the way..." notice on security to send to colleagues in order to make them aware of attacks. Why people attack and what are they after. Many of my colleagues now get it, but that's because I've found so many analogies outside of technology to correlate attack situations to. It's also helped that media now reports anything and its mother so to my colleagues (especially in this economy) the last thing anyone wants to think about it "getting owned"

Anyhow, my project was a large undertaking, but think about it for a minute. If you work in a company that needs to meet certain compliance levels, its a mechanism to implement a "red team" on demand. One would seriously have to keep in tune with what's going on in order to update the scripts, tools used, etc., and vigilance is ALWAYS key. My other project I still tinker with is a VoIP based IPS made from scratch. I can randomly assign it to push people into a honeypot, etc...
<<

yatz

Full Member
Full Member

Posts: 222

Joined: Tue May 25, 2010 2:58 pm

Post Fri Jul 16, 2010 9:51 am

Re: Security related projects

I appreciate the input everyone!

Log file management, automated pentesting and reporting, network monitoring box, really good!!!  I have looked into powershell and used it for a few things, though to make it a project for next year I'd have to find out some purpose to it.

Any more ideas are appreciated, but these definitely are a good start.  Typically I'll have to come up with 4-5 things for a given year, which consist of a combination of my ideas and those of my supervisor.  The more I come up with the better.
"Live as though you would die tomorrow, learn as though you would live forever."

CCNA, MCSA, MCTS, Sec+, Net+, Linux+, CEH

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 2 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software