On Tuesday 4th and Thursday 6th December 2012 there were some practical lessons about network security and a final contest among students. In this page you can find useful information about those activities and what you need to know to pass a possible exercise for the final exam.
GOALS
These practical lessons were mainly addressed to Computer Engineers and Scientists and aimed at providing the basic skills to understand and use some techniques to exploit vulnerable machines and steal confidential information. Clearly, the goal is not to encourage malicious attacks to other people, but simply to observe how a system can easily be broken if effective countermeasures are not applied.
SYLLABUS
Below are the main topics we discussed in class. To facilitate the study (especially for absent students), each subject is linked to the resource where you can refer and study.
– What’s VirtualBox and how it works
– System options of Virtual Machines: several types of network configurations
– Collision domain and difference between hub and switch
– Wireshark and Sniffing
– Local Networks and CIDR Notation (one of my documents [it]: link)
– Scanning and Nmap: host discovery and port scanning
– Telnet, Netcat and vulnerable services to exploit (it)
– Vulnerabilities and OpenVAS
– Pentest and Metasploit Framework: what are exploits, payloads and other options
– Password cracking and John the Ripper
– Vulnerable configurations: xhost and xtv
Furthermore, for each command, I’d advise you to carefully read manual pages:
man <command_name>
SUMMARY OF NETWORK SECURITY PRACTICES
http://www.dis.uniroma1.it/~ficarola/summary-of-network-security-practices/
VIRTUAL MACHINES
– BackTrack5r3
– Alice (Ubuntu)
– Bob (Debian)
– Windows XP SP2
If you need virtual machines used in class, please send me a mail to take an appointment. Bring with you a pendrive of size at least 8 GB.