Okay guys, I think it's time to give a short description of the project that I am currently working on. It's my final thesis (a.k.a. after this I graduate, woo) and because I want to follow a career in security, I was adamant to find an internship (we do our final thesis as an Individual Project - IP - as an intern in a company) that will further my personal goals.
It took a lot of struggles with my teachers to convince them that it's okay to do a "hacking"-themed project, mostly because real security gets studied at a Master's level, and most Bachelor's degrees focus on networking/programming/other crap.
Most teachers of Bachelor's courses are scared to allow students to follow-up on hacking related topics because they are scared of their students turning "evil" or something like that. Don't ask me, I know it's idiotic.
Anyway, the project is taking place over 20 weeks, and I'm gonna be working alone on it.
At the moment I'm busy with studying because I started 3 weeks ago, but I've already prepared a nice project plan (my teacher's asked for it of course) which contains a bunch of information on the project. Because it's not definitive yet, for the moment I will just write the big ideas of the project, and I'll follow up with more information once I know what's ok and what isn't (in the project plan) and what's confidential and what's public (so that I can post it here).
Now that the intro is taken care of, let's get down to business. The first thing I will post is a part of the project plan, the goals.
I. Aims of the Project
Research questions:
1. What are the minimum security measures a company which uses the Internet as a tool for their business should employ and what are the most common vulnerabilities present in a live working environment?
2. How far do the companies which are the target of the audit deviate from the minimum necessary security measures, and are they affected by the most common vulnerabilities of today?
3. Are modern penetration test methodologies the most effective way of detecting common vulnerabilities in a live working environment and is there any feasible way in which these methodologies could be improved or optimized?
4. What subset of a complete and full scale penetration test is best suited for each of the scanned companies from the point of view of the relevance/price ratio?
II. General description of the Project
The target number of companies is between 5 and 10, depending on how many of them volunteer for the assessment. In order to explain to the Chief Security Officers (or equivalent) exactly what the project will offer as an outcome, the company-specific evaluation will be conducted completely for <employer company snip> as a first Step of the project. This will allow us to then present the report as a sample result of the research.
Step 2 of the project will be to find out what are the minimum security measures that a company which conducts business by using the Internet as an intermediary should employ, and also what are the most likely-to-encounter weaknesses that infect the aforementioned firms.
Following that will be Step 3, in which the base case is established. This means that scans will be run in order to check the current security posture of the various companies. The results will then be compiled and compared with what are known as being the most common vulnerabilities currently.
At this stage there can be two different situations:
1. The scans reveal that security is very well implemented and no (almost no) vulnerabilities can be located in the networks. This would mean that the base case would be compromised. As such, in the unlikely event of this occurring, the base case will be constructed by means of a testing lab which will be configured particularly to contain the same vulnerabilities that were found to be most common in Step 2.
2. The scans reveal the necessary number of vulnerabilities, situation in which it’s just a matter of comparing them with the research to confirm that indeed the most common vulnerabilities are also present in the current situation.
At this point in the project the main research question will be answered. In Step 4 I will take the methodologies and evaluate how easy they are to apply, how effective they are in tracking down weak points, exactly how long time it takes to conduct the full test and how many vulnerabilities is each technique able to track down.
The final stage, Step 5 will be divided into two main tasks:
1. Make recommendations for companies on which specific subset of the full scale test they should conduct in order to keep the relevance/price ratio adequate.
2. Identifying the strengths and weaknesses of the current methodologies, and, if possible, try to improve or optimize them.
That's it for now. I have some more stuff written of course, but it's in regard to scheduling and other stuff that's not related directly to hacking.
