1. Lecture Times

Lectures will be on Wednesday at 11:00, CG01 and Thursday at 13:00, CAG21.

2. Notes

01. Course Introduction

02. Network Basics

03. Network Spoofing

04. Pen. Testing

05. Pen. Testing 2

06. Wireless Networks

07. Anonymous Networks

Malware: 1 2 3

3. References

3.1. Books

Network Security Assessment Hacking Exposed Computer Networks

3.2. Papers

Steven M. Bellovin "A look back at problems in the TCP/IP Protocol Suite" [pdf]

3.3. RFCs

768 User Datagram Protocol

791 Internet Protocol

792 Internet Control Message Protocol

793 Transmission Control Protocol

826 Address Resolution Protocol

1180 A Tutorial on TCP/IP

4. Labs

There are lab times on the timetable, however these are unsupervised labs. Rather than set individual labs each week, I will be listing various applications and techniques that you must be familiar with. Most tools will only be legal to run on ones own LAN or the MSSF lab. Do not experiment on unauthorised machines/networks.

I would suggest picking a machine and installing a primary OS on it, such as Windows XP or Ubuntu. Install a virtual machine application and then download/create images of Operating Systems which you can then run your tools from. Backtrack is a particularly good version of Linux for performing penetration testing. There is even a pre-made virtual image available. http://www.remote-exploit.org/backtrack_download.html

4.1. Basics

You need to be familiar with using tcpdump and wireshark on a network. Examine TCP connection attempts to see the handshake process and the Initial Sequence Number (ISN) values used. This will need to be done in pairs, with one person running a service on their machine, a web server for example and the other person connecting with a web client.

Tip
 You will need to disable the relative ISN values.

Things to look out for are identifying the manufacturer from the MAC address, Wireshark should do this for you automaticly.

4.2. ARP Manipulation

Implement an attack with ARP Poisoning as described in the notes. Analyse the attack implementation with Wireshark. Tools you can use are Ettercap or DSniff

There is a video demonstrating Ettercap available at http://securitytube.net/Packet-Sniffing-With-Ettercap-video.aspx

Install ARPWatch and configure it to monitor for ARP Poisoning

4.3. Firewalls & Port Scanning

Install Windows or Linux on a lab machine. (You can just use the PXE boot option if you want). Disable the firewall.

From another machine, run nmap to scan the target machine. Re-enable the windows firewall, or implement a firewall on the Linux machine, and run the scan again. Does the firewall report any scanning? Examine what Nmap is doing by running Wireshark at the same time. Configure the firewall to only allow access from a certain IP. How will you scan the Windows machine without access to that restricted machine ?