With an ever increasing number of threats to network environments, it has become important for information technology students to be informed and aware of how hacker attacks, viruses, Trojans, and exploits will affect their systems. A virtual test lab environment would be an effective way to research the effects of security risks, and understand their affect on deployed systems. This paper will detail the steps used in the process of creating our virtual test environment. We will discuss the operating systems and software used. This test lab will allow students to compare and contrast the different aspects of red teaming, penetration testing, and vulnerability testing.
This lab is very important to get right the first time around. The setup of the virtual machines is a crucial step to be done right in order for the rest of the future labs to work properly. The tools that will be researched in this lab will be used in the future labs so it is necessary to make sure that they are put into the correct categories.
Ivan Acre and Gary McGraw wrote an article called Why Attacking Systems is a Good Idea. The article is an opinion on why purposely attacking your own system is a good thing to do. This relates to the laboratory assignment in a couple of different ways. First, we are looking for tools and applying them to the OSI 7 layer model in order to have a clear list of what to use to attack the virtual machines that were setup in the first part of the lab. Second, the entire class is about penetration testing and how it can be useful for someone to learn. There is not a research question but rather a statement that there is a rise in opinion that the only way to properly test a system is to attack it (Acre et al, pg1). In comparison to the other articles read, this article has the same standpoint that attacking a system is the only way to fully understand how it can be attacked and how to protect it. Acre et al looked at previous cases of people attacking a system and getting fired for it. They then proceeded to look at the growing trends and why they have changed so much over a few years. All Acre et al did was look at what others have done and made an opinion about it, without doing much work of their own.
Benzel et al wrote an article called Experience with DETER: A Testbed for Security Research. The article is about creating a test area for the advancement of security practices and techniques. In the first part of the lab, groups had to create their own “testbed” for future work in the class. It will be used to further research in penetration testing, while giving the groups more experience will the tools that are available. The problem statement is that due to the rapid advances in security, they require a more complex testing ground (Benzel et al, 2006, pg1). The other articles talk about how the test ground already exists and that one can begin testing right away. Benzel and the rest of the authors made their DETER testbed and went to work doing some tests against it. The supporting literature comes from others who have done work in the field and using their procedures and results to set up their own test. There are no apparent errors or omissions.
Bill Coffin wrote an article called It Takes a Thief: Ethical Hackers Test your Defenses. The main focus on this article is explaining all the different terms that deal with ethical hacking. The article relates to the lab because this lab is the first step in which the groups learn to become ethical hackers. This article does not have a research question or problem statement. In comparison to the rest of the articles, this is basically a dictionary for ethical hacking terminology. This is no supporting research due to the lack of references. This is also an apparent error.
Wenliang Du and Aditya Mathur wrote Vulnerability Testing of Software System Using Fault Injection. The article is about performing penetrating testing against software systems using fault injections to find flaws. The problem statement is programmers make assumptions about the environment causing faults to be inherent of the system (Du et al, 1998, pg2). The authors of this article realize that the system has faults and other articles state the same thing. Supporting research includes many papers about fault injection tools as well as penetration testing methods. The research method used is an experiment that can be translated in the group’s experiment. There were no apparent errors or omissions.
Mary Micco and Hart Rossman wrote an article called Building a Cyberwar Lab: Lessons Learned. Teaching cybersecurity principles to undergraduates.
This article discusses how a stand alone lab was set up for students to learn penetration testing techniques. The article explained the objectives of the lab, which were to make students more knowledgeable about securing their systems and to test the vulnerabilities of current systems by trying out assessment tools. The article described in detail the setting up of the lab, preparing for the attack, attacks and counter measures, and lessons learned. This correlates to the laboratory assignment in that our course is about penetration testing and how it can be useful for someone to learn. We are also right in the throws of setting up our labs. There is not a research question here that I can decipher but mainly a statement as how to properly set up a lab for penetration testing. The supporting data comes from their actual testing results.
There are no apparent errors or omissions.
Chris Heien, Rick Massengale, and Ninging Wu from the Applied Science Department at the University of Arkansas at Little Rock wrote an article called Building A Network Testbed for Internet Security Research.
The purpose of the article is to discuss a test network system that was built for research projects involving Internet Worm detection. The article discussed the purpose of their lab, the hardware configuration, client configuration, other equipment, and virtualization.
The problem statement in this article is that devastating worms rage through global networks affecting businesses, residences, and impeding the daily activities of all networked technology (Heien et al, 2008 pg1).
The purpose of the lab is to allow monitoring of worm propagation, not just in software simulation but also in an actual physical environment. The supporting literature comes from their USE CASE, in which the case describes the simulation of a worm traffic sniffing session. Their future work is three fold; first they plan to test their large collection of different worm instances and their test network so that they can study their propagating properties. Second, they will research effective techniques for early prediction, detection, and isolation of internet worms. Third, they will keep enhancing their network in order to implement future solutions
There are no apparent errors or omissions.
Helayne T. Ray, Raghunah Vemuri, and Hariprasd R. Kantubhukta wrote an article called Toward an automated Attack Model for Red Teams.
The objective of the paper was to introduce an attack model that guides red teams in documenting security attacks in a reusable format, and lets system developers easily automate the attack (Ray et al, 2005, Pg 8). Future work will consist of taking the attack documentation developed form using their model and writing automated attacks.
The problem statement is that because we rely so heavily n the internet we expose our weaknesses to attack by remote adversaries (Ray et al, 2005, Pg1).
The authors believe that Red teaming is necessary to understand how adversaries can exploit insecurities in our systems. The research methods used were several different Red teaming events sponsored by the US Government. There are no apparent errors or omissions.
The main topic to the article Broadening the Scope of Penetration-Testing Techniques by Ron Gula, is the techniques and problems involved in performing penetration tests. The article’s research question is “What are the benefits and potential pitfalls of performing penetration tests?” The author goes on to explain some of the tools and techniques that are commonly used to perform penetration tests as well as some of the areas that are most often overlooked when performing penetration tests. This information is applicable for the current laboratory because it informs the reader about many of the purposes for penetration testing as well as some areas that should be included during testing. For supporting research and data, the author did not provide much. The article only contained a handful of references. While most of the data provided is common knowledge among security professionals and can easily be verified, more references should have been used. The only errors I noticed in the article are some generalized statements with no sort of evidence for the claim. For instance, “Most ethical hackers do not attempt to test database servers because they are not familiar with them. In general, network security professionals do not ascend from the ranks of database administrators.” (Gula, 2001, p. 9)
The main topic to the article Is Attack Better Than Defense? Teaching Information Security the Right Way by Martin Mink and Felix C. Freiling, is the benefits of teaching offensive security. The article’s research question is “What are the benefits of teaching aspiring security professionals offensive methods as well as defensive methods as opposed to solely teaching defensive methods?” The authors go on to explain scenarios and experiments that were performed that prove their hypothesis, that offensive coursework is more beneficial than defensive coursework. The authors also cover the criticisms of teaching offensive security, such as a higher likeliness for the students to become criminals with the knowledge they have obtained and thus “will not raise but rather decrease the overall level of security in the Internet. We feel that this line of argument is flawed.” (Mink & Freiling, 2006, p. 2) This information is applicable for the current laboratory because it informs the reader about the importance of the material involved in this particular course. For supporting research and data, the authors performed their own research with test subjects covering the material and included several references. I was not unable to detect any errors with the information the authors provided, nor do I believe there were any omissions.
The main topic to the article Cyberattacks: A Lab-Based Introduction to Computer Security by Amanda M. Holland-Minkley, is the techniques and problems involved in performing penetration tests. The article’s research question is “What are the benefits of teaching the fundamentals of cyberattacks and malicious code to information technology students?” The author goes on to explain the coursework and lab activites for the students, to prove her hypothesis, which is teaching the fundamentals of cyberattacks and malicious code to IT students helps them to better understand computer security. This information is applicable for the current laboratory because it indicates to the reader about the importance of cyberattack and malware awareness. For supporting research and data, the authors performed their own research with test results covering malware awareness from students who have and have not taken the course. For instance, based on a question about malware, “students with technological expertise were more likely to disagree with such a statement than students from a general population.” (Holland-Minkley, 2006, p. 6) I was not unable to detect any errors with the information the authors provided, nor do I believe there were any omissions.
Acre, I., & McGraw, G. (2004). Why Attacking Systems is a Good Idea.
Benzel, T. (2006). Experience with DETER: A Testbed for Security Research.
Coffin, B. (2003). It Takes a Thief: Ethical Hackers Test your Defenses.
DU, W., & Mathur, A. P. (1998). Vulnerability Testing of Software System Using Fault Injection.
Heien, C., Massengale, R., & Wu, N. (2008). Building A Network Testbed for Internet Security Research.
Micco, M., & Rossman, H. (2002). Building a Cyberwar Lab: Lessons Learned. Teaching cybersecurity principles to undergraduates.
Ray, H. T., Vemuri, R., & Kantubhukta, H. R. (2005). Toward an automated Attack Model for
Gula, R. (2001). Broadening the Scope of Penetration-Testing Techniques. Retrieved 2009, from Enterasys Networks: www.enterasys.com
Holland-Minkley, A. M. (2006). Cyberattacks: A Lab-Based Introduction to Computer
Security. Washington, PA.
Mink, M., & Freiling, F. C. (2006). Is Attack Better Than Defense? Teaching Information
Security the Right Way.
The first part of the lab was to create the virtual machines, following Nick Pendergast’s instructions that were given to everyone in the class. The next part of the lab was just plan research of hacking tools. The tools found had to be then categorized into what fits them best in the OSI 7 layer model as well as the McCumber cube.
One question that needs to be answered is why almost all of the tools are going to be related to technology versus policy and procedure or personnel. This question will be answered after creating the table of the tools found. The other question to be answered is once the tools have been placed into the table, if it suggests a substantial bias or issue for penetration testing and perhaps self selecting attacks may not be the best strategy. This question can also be answered only after the tools have been put into the matrix and seeing where they fit into the McCumber cube.
|OSI 7 Layer Model Layer||Tool Name||McCumber Cube coordinate|
|People /8||Dumpster diving, social engineering, ID fraud||Confidentiality, processing, policy|
|People/8||Following FedEx||Confidentiality, transmission, human|
|People/8||Stealing mail||Availability, storage, human|
|People/8||Disregarding policy, not locking computers,||Integrity, processing, human|
|Application /7||Mbenum, netenum, netmask, psinfo, psfile, smtp-vrfy, whoami, amap, p0f, psk-crack, sinfp, unicornscan, xprobe2, pbnj, zenmap, cisco torch, curl, smb bruteforcer, smb client, stompy, phoss, pasco, rootkirhunter, sleuthkit, vinetto,||Confidentiality, storage, technology|
|Application /7||Confidentiality, storage, policy|
|Application /7||Confidentiality, storage, human|
|Application /7||Getsids, http put, halberd, httprint, httprint gui, metoscan, mescal http/s, mibble mib browser, onesixtyone, openssl-scanner, paros proxy, peach, rpcdump, smb serverscan, smb-nat, tnscmd, taof, vnc_bypauth, wapiti, 3proxy, obexftp, hcidump, redfang, ussp-push, gdb server, gnu ddd,||Confidentiality, processing, technology|
|Application /7||Confidentiality, processing, policy|
|Application /7||Confidentiality, processing, human|
|Application /7||0trace, relay scanner, sqlquery,||Confidentiality, transmission, technology|
|Application /7||Confidentiality, transmission, policy|
|Application /7||Confidentiality, transmission, human|
|Application /7||Privoxy, proxytunnel,||Integrity, storage, technology|
|Application /7||Integrity, storage, policy|
|Application /7||Integrity, storage, human|
|Application /7||Gfi languard, sqlupload, msfconsole, openssl to open, pirana, ascend attacker, cdp spoofer, cisco enable bruteforcer, tinyproxy,||Integrity, processing, technology|
|Application /7||Integrity, processing, policy|
|Application /7||Integrity, processing, human|
|Application /7||Goog mail enum, google-search,||Integrity, transmission, technology|
|Application /7||Integrity, transmission, policy|
|Application /7||Integrity, transmission, human|
|Application /7||Pstools,||Availability, storage, technology|
|Application /7||Availability, storage, policy|
|Application /7||Availability, storage, human|
|Application /7||Fuzzer, sqldict, sqldumplogins, crunch dictgen, dhcpx flooder, medusa,||Availability, processing, technology|
|Application /7||Availability, processing, policy|
|Application /7||Availability, processing, human|
|Application /7||Availability, transmission, technology|
|Application /7||Availability, transmission, policy|
|Application /7||Availability, transmission, human|
|Presentation/6||Finger google, googrape, maltego, metagoofil, checkpwd, cicso auditing tool, cisco enable , bruteforcer, cisco global expoiter, isr-form, jbrofuzz, list-urls, metacoretex, mistress, nikto, OAT, sidguess, smb4k, collision, hydra, hydra gtk, john the ripper, lodowep, wyd, xspy, chntpw, allin1, autopsy,||Confidentiality, storage, technology|
|Presentation/6||Confidentiality, storage, policy|
|Presentation/6||Confidentiality, storage, human|
|Presentation/6||Pslist, psgetsid, psloggedin, psloglist, pstoreview,matahari, aircrack-ng, airdecap-ng, aireplay-ng, airmon-ng, airpwn, airsnarf, airbase-ng, dcfldd, dd rescue,||Confidentiality, processing, technology|
|Presentation/6||Confidentiality, processing, policy|
|Presentation/6||Confidentiality, processing, human|
|Presentation/6||Sql scanner, sqllibf, spoondrv, spoonwep,||Confidentiality, transmission, technology|
|Presentation/6||Confidentiality, transmission, policy|
|Presentation/6||Confidentiality, transmission, human|
|Presentation/6||Absinthe, vncrack, foremost, magicrescue,||Integrity, storage, technology|
|Presentation/6||Integrity, storage, policy|
|Presentation/6||Integrity, storage, human|
|Presentation/6||Sql inject, webcrack,||Integrity, processing, technology|
|Presentation/6||Integrity, processing, policy|
|Presentation/6||Integrity, processing, human|
|Presentation/6||Cowpatty,||Integrity, transmission, technology|
|Presentation/6||Integrity, transmission, policy|
|Presentation/6||Integrity, transmission, human|
|Presentation/6||Bed, cirt fuzzer,||Availability, storage, technology|
|Presentation/6||Availability, storage, policy|
|Presentation/6||Availability, storage, human|
|Presentation/6||Sqlbrute,||Availability, processing, technology|
|Presentation/6||Availability, processing, policy|
|Presentation/6||Availability, processing, human|
|Presentation/6||Availability, transmission, technology|
|Presentation/6||Availability, transmission, policy|
|Presentation/6||Availability, transmission, human|
|Session/5||Airodump-ng, airoscript, airsnort,||Confidentiality, storage, technology|
|Session/5||Confidentiality, storage, policy|
|Session/5||Confidentiality, storage, human|
|Session/5||Packet, rcrack, sipdump,||Confidentiality, processing, technology|
|Session/5||Confidentiality, processing, policy|
|Session/5||Confidentiality, processing, human|
|Session/5||Dnstracer, tcptraceroute, tctrace, ike-scan, ikeprobe, superscan,||Confidentiality, transmission, technology|
|Session/5||Confidentiality, transmission, policy|
|Session/5||Confidentiality, transmission, human|
|Session/5||Thc pptp, tcpick, urlsnarf, hotspotter, karma, kismet, btcrack, pcapsipdump,||Integrity, storage, technology|
|Session/5||Integrity, storage, policy|
|Session/5||Integrity, storage, human|
|Session/5||Afrag, asleap, bluebugger, blueprint, btscanner, carwhisperer, minicom,||Integrity, processing, technology|
|Session/5||Integrity, processing, policy|
|Session/5||Integrity, processing, human|
|Session/5||Hsrp spoofer, wifitap, wicrawl, wifizoo,||Integrity, transmission, technology|
|Session/5||Integrity, transmission, policy|
|Session/5||Integrity, transmission, human|
|Session/5||Availability, storage, technology|
|Session/5||Availability, storage, policy|
|Session/5||Availability, storage, human|
|Session/5||Sipsak, sipcrack, sipdump, sip,||Availability, processing, technology|
|Session/5||Availability, processing, policy|
|Session/5||Availability, processing, human|
|Session/5||Availability, transmission, technology|
|Session/5||Availability, transmission, policy|
|Session/5||Availability, transmission, human|
|Transport/4||Dnswalk, mboxgrep, memfetch,||Confidentiality, storage, technology|
|Transport/4||Confidentiality, storage, policy|
|Transport/4||Confidentiality, storage, human|
|Transport/4||Confidentiality, processing, technology|
|Transport/4||Confidentiality, processing, policy|
|Transport/4||Confidentiality, processing, human|
|Transport/4||Snmp walk, snmp scanner, smb get serverinfo, snmpcheck, snmp enum, httpcapture, mailsnarf, smb sniffer||Confidentiality, transmission, technology|
|Transport/4||Confidentiality, transmission, policy|
|Transport/4||Confidentiality, transmission, human|
|Transport/4||Integrity, storage, technology|
|Transport/4||Integrity, storage, policy|
|Transport/4||Integrity, storage, human|
|Transport/4||Icmp redirect, icmpush, igrp spoofer, irdp responder, irdp spoofer, wireshark, wireshark wifi, icmptx, pcaptpsip,||Integrity, processing, technology|
|Transport/4||Integrity, processing, policy|
|Transport/4||Integrity, processing, human|
|Transport/4||Firewalk,||Integrity, transmission, technology|
|Transport/4||Integrity, transmission, policy|
|Transport/4||Integrity, transmission, human|
|Transport/4||Availability, storage, technology|
|Transport/4||Availability, storage, policy|
|Transport/4||Availability, storage, human|
|Transport/4||Smb dumpusers,||Availability, processing, technology|
|Transport/4||Availability, processing, policy|
|Transport/4||Availability, processing, human|
|Transport/4||Availability, transmission, technology|
|Transport/4||Availability, transmission, policy|
|Transport/4||Availability, transmission, human|
|Network/3||DNS-Ptr, dns-bruteforce, dnsenum, dnsmap, dnspredict, subdomainer, angry ip scanner, iodine, nstx,||Confidentiality, storage, technology|
|Network/3||Confidentiality, storage, policy|
|Network/3||Confidentiality, storage, human|
|Network/3||Dig, protos,||Confidentiality, processing, technology|
|Network/3||Confidentiality, processing, policy|
|Network/3||Confidentiality, processing, human|
|Network/3||Ass, Autoscan, fierce, fping, genlist, hping, hping2, hping3 , netcat, cryptcat,netdiscover, nmap, ping, protos, scanline, scanrand, revhosts, dnsspoof, driftnet, dsniff, etherape, nemesis spoofer, netsed, netenum, netmask, ntop, sing, sbd, socat, smap,||Confidentiality, transmission, technology|
|Network/3||Confidentiality, transmission, policy|
|Network/3||Confidentiality, transmission, human|
|Network/3||Btftp, hidattack,||Integrity, storage, technology|
|Network/3||Integrity, storage, policy|
|Network/3||Integrity, storage, human|
|Network/3||Integrity, processing, technology|
|Network/3||Integrity, processing, policy|
|Network/3||Integrity, processing, human|
|Network/3||Fport, intrace, ltrace, yersinia,||Integrity, transmission, technology|
|Network/3||Integrity, transmission, policy|
|Network/3||Integrity, transmission, human|
|Network/3||Availability, storage, technology|
|Network/3||Availability, storage, policy|
|Network/3||Availability, storage, human|
|Network/3||Spike,||Availability, processing, technology|
|Network/3||Availability, processing, policy|
|Network/3||Availability, processing, human|
|Network/3||Availability, transmission, technology|
|Network/3||Availability, transmission, policy|
|Network/3||Availability, transmission, human|
|Data Link/2||Dmitry, host, nmbscan,||Confidentiality, storage, technology|
|Data Link/2||Confidentiality, storage, policy|
|Data Link/2||Confidentiality, storage, human|
|Data Link/2||Confidentiality, processing, technology|
|Data Link/2||Confidentiality, processing, policy|
|Data Link/2||Confidentiality, processing, human|
|Data Link/2||Confidentiality, transmission, technology|
|Data Link/2||Confidentiality, transmission, policy|
|Data Link/2||Confidentiality, transmission, human|
|Data Link/2||Macchanger,||Integrity, storage, technology|
|Data Link/2||Integrity, storage, policy|
|Data Link/2||Integrity, storage, human|
|Data Link/2||File2cable,||Integrity, processing, technology|
|Data Link/2||Integrity, processing, policy|
|Data Link/2||Integrity, processing, human|
|Data Link/2||Bdaddr, bss,||Integrity, transmission, technology|
|Data Link/2||Integrity, transmission, policy|
|Data Link/2||Integrity, transmission, human|
|Data Link/2||Availability, storage, technology|
|Data Link/2||Availability, storage, policy|
|Data Link/2||Availability, storage, human|
|Data Link/2||Tftp brute,||Availability, processing, technology|
|Data Link/2||Availability, processing, policy|
|Data Link/2||Availability, processing, human|
|Data Link/2||Availability, transmission, technology|
|Data Link/2||Availability, transmission, policy|
|Data Link/2||Availability, transmission, human|
|Physical/1||Confidentiality, storage, technology|
|Physical/1||Confidentiality, storage, policy|
|Physical/1||Confidentiality, storage, human|
|Physical/1||Confidentiality, processing, technology|
|Physical/1||Confidentiality, processing, policy|
|Physical/1||Confidentiality, processing, human|
|Physical/1||Ettercap,||Confidentiality, transmission, technology|
|Physical/1||Confidentiality, transmission, policy|
|Physical/1||Confidentiality, transmission, human|
|Physical/1||Integrity, storage, technology|
|Physical/1||Integrity, storage, policy|
|Physical/1||Integrity, storage, human|
|Physical/1||Integrity, processing, technology|
|Physical/1||Integrity, processing, policy|
|Physical/1||Integrity, processing, human|
|Physical/1||Fakeap, wiassistant, hstest,||Integrity, transmission, technology|
|Physical/1||Integrity, transmission, policy|
|Physical/1||Integrity, transmission, human|
|Physical/1||Availability, storage, technology|
|Physical/1||Availability, storage, policy|
|Physical/1||Availability, storage, human|
|Physical/1||Availability, processing, technology|
|Physical/1||Availability, processing, policy|
|Physical/1||Availability, processing, human|
|Physical/1||Availability, transmission, technology|
|Physical/1||Availability, transmission, policy|
|Physical/1||Availability, transmission, human|
|Kinetic/0||Weather, natural disasters, bombs||Availability, processing, policy|
|Kinetic/0||EMP, power outage||Availability, processing, technology|
|Kinetic/0||Biochemicals||Availability, processing, human|
|Kinetic/0||Hammer||Availability, storage, technology|
One main reason why almost all of the tools are related to technology is because these tools are used for attacking a computer, making it hard for them to attack policies and people. The best way to attack people is to do it in person. As far as attacking policy, one must know the procedures in place in order to properly attack them, which is hard to do using an exploit. Since many of the tools can go into multiple categories, there is a bias towards what must tools will attack. Also this makes it more difficult to be able to focus an attack onto just one area, while not affecting other areas.
The group found that one of the only problems was the numerous numbers of tools that were needed to be put into the table. There was initially a problem setting up the virtual machines, which after some testing was fixed allowing all students to start the lab. Another issue was trying to communicate with 3 members of a group as opposed to 2. All was worked out and everything went smoothly after that.
The final results show that most of the tools for hacking are for attacking technology. Hackers can be those that perform social engineering and even dumpster diving. They use the policies and procedures against the company in order to obtain information. Natural disasters and weather fit into the McCumber cube along with the tools found in BackTrack and other hacking tools. This lab was a basis for the rest of the labs so it was very important to get the virtual machines setup and get the tools into the correct categories.