I'm currently wrapping up Computer Forensics course here at school. Sadly we got stuck with a first year professor who doesnt know half of what she is talking about. She claims to have worked for a Fortune 50 company doing their network security, but her knowledge level is laughable for the job she used to have held. Students will commonly correct her on the basic facts about subjects, its almost offensive to my education. There are very few intelligent people in this class, its considered an easy minor, no wonder with professors like this, and a lot of Criminal Justice students latch onto it as well.
All of this being said,I've learned next to nothing from these Computer Forensics courses with her after a full year. So to cap off my year she decides to announce a live "computer hacking" competition of sorts. The major problem with this competition is the fact that there has never been any sort of lesson on network penetration or computer hacking in the general sense. The closest we got was a card trick that somehow simulated password cracking. All we know about the competition is the class will be split in 2 groups, one on defense and the other on offense. I have no doubt there are only two people on the opposing team who could be potential threats but I am pretty confident I know more in this area.
This type of work is what I'd like to do for a career so I'm making this assignment into a test of sorts for myself. ONCE AGAIN KEEP IN MIND WE HAVE BEEN TAUGHT ABSOLUTELY NOTHING INVOLVING NETWORK SECURITY OR PENETRATION TESTING. Everything here is stuff that I've either been taught, picked up over the years or have convinced myself to believe is true. Pick it apart, whats good, whats bad, whats flat out wrong.
PC's that barely boot.
Windows XP Service Pack 3
Every machine was built using the same image, they all have very little added aside from some shithead forensic tools we've never used
We're on our own network of about 15 machines
The following are the software I plan on putting to use and my strategy for both defending and attacking.
Firewall - Really have no idea here, havent used anything that was a specific "firewall" since ZoneAlarm back in 2006, would really be interested to hear some recommendations for a firewall.
Anti-Virus - Microsoft Security Essentials, these PC's are pieces of shit and need all the resources they can hold on to and I've always liked this software.
Get all machines patched up to date, uninstall all unnecessary programs, shit like Adobe Reader/Flash, MSOffice, etc. Remove all Administrator accounts, basically try to leave as few things they could attack as possible. Generate a strong Windows password, wont do much for physical security but I assume it'd help network-wise. Lame as it is, BIOS passwords on all our machines, theyre padlocked so the jumpers cant be pulled.
I cannot stress enough how little I formally know about this type of stuff, so please help me better myself. I think of it as a simple 4-part attack attempt
1. Port Scan, identify the targets and recognize their open ports
2. Vulnerability Scan, scan the target IP's and discover known vulnerabilities the machines currently have.
3. Attack, use Metasploit to exploit the vulnerability and gain access to the users system.
4. Keep control, installing a backdoor to keep control of the system
nmap - Read a few books on the tool so I know a decent amount of what I'm doing with it, couldnt think of a better portscanner
Nessus - vulnerability scanner, again the most revered in its category I figured I couldnt go wrong, know little about the software though
Metasploit - I've been looking for a decent introduction to Metasploit for a long time but havent had much luck. I've messed with it a little bit but would definitely like a thorough introduction from the start. I know Metasploit is even considered to be script kiddy-esque but I'm not sure of a better starting point.
I will have unmonitored access to this lab for hours at a time, and I highly doubt the other students would consider physical security of their machines or take advantage of us in the same way. I had considered placing trojans on the PC's and adding them to the "Ignored" section of the Anti-Virus, along with simply adding another Administrator account and giving it remote desktop access. I'd rather have this as a back up plan because of how lame it is, but if times get tough this I will resort to 10th grade tactics.
I'm basically wondering if this is an accurate strategy to be going into this type of thing with? Having you offer constructive criticism are things I'm looking for so please do. Have another place you visit where I could post this story and get some knowledgeable feedback, send that my way too.