Capstone Presentation Ethical Hacking Labs MSISA Program

1
Capstone PresentationEthical Hacking Labs
MSISA Program Dan Garfield
2
Overview

• About Dan Garfield
• The Earlier Days
• The Latter Days
• Training Clients
• Certifications
• Consulting Clients

• About the Project
• Background of the Project
• Tools of the Trade
• Hacking Lab Exercises
• The Need for New Exercises
• Near Term Expansion Plans
• Lab Development Process
• Source of Lab Tools
• Lab Environment
• Course Delivery Package

3
About Dan Garfield
4
The Earlier Days

• Invented ground breaking synchronization
  technology for music applications
• Patented technology
• Designed and marketed 22 related products between
  1982 and 1988
• Touring musician, synthesist, and technologist
  between 1987 and 1997

5
The Latter Days

• Entered information technology field in 1997
• Director of Networks 1999 2000 at The
  Renaissance Center outside of Nashville, TN
• IT infrastructure and security training and
  consulting 2000 to present
• Current course deliveries include CISSP, CEH,
  SCNP, Cisco firewalls, and all courses in the
  Cisco CCNA and CCNP programs
• National and international course deliveries
  include US, Canada, Mexico, Germany, England,
  Italy, and Turkey

6
Training Clients

• University College London, UK
• University of Leeds Leeds, UK
• University of Miami Miami, FL
• University of Idaho Moscow, ID
• University of Texas Houston, TX
• St Edwards University Austin, TX
• University of Texas Pan America Edinburg, TX
• Lakehead University Thunder Bay, ON, Canada
• University of Alberta Edmonton, AB, Canada
• Lethbridge College Lethbridge, AB, Canada
• University of Toronto Toronto, ON, Canada
• Texas AM University Bryan, TX
• University of British Columbia Vancouver, BC,
  Canada
• University of Ohio Corporate Education Center
  Columbus, OH
• Vigilar Atlanta, GA
• The Training Camp Poconos, WV
• Intense School Ft Lauderdale, FL
• New Horizons various locations

Chrysler Detroit, MI Bilginc Istanbul,
Turkey WalMart headquarters Bentonville,
AR Neil Corporation Hammond, LA Cache Creek
Casino Brooks, CA Fort Pendleton Calabasas,
CA Quantico Marine Corp Base Quantico,
VA Marine Corp Base Kaneohe, HI Beale Air Force
Base CA US Rangers Fort Benning, GA US Naval
Station Norfolk, VA US Army, Fort Dix New
Hanover, NJ US Air Force Academy Colorado
Springs, CO NASA Stennis Space Center,
MS Lockheed Martin Herndon, Va General Dynamics
Scottsdale, AZ Allen-Bradley San Diego, CA
Jacobs Corp Huntsville, AL Dade County IT
Miami, FL New Orleans IT New Orleans, LA County
power company Spokane, WA Michigan state
government Lansing, MI Rochester School
District Rochester, NY United Nations
Brindisi, Italy CACI Washington, DC Department
of Justice, US Marshals Service Greensboro, NC
7
Certifications

• Certified Ethical Hacker (CEH)
• EC Council Security Analyst (ECSA)
• Computer Hacking Forensic Investigator (CHFI)
• Certified Wireless Security Professional (CWSP)
• EC Council Disaster Recovery Professional (EDRP)
• GIAC Certified ISO-17799 Specialist (G7799)
• Certified Information Systems Security
  Professional (CISSP)
• Cisco Certified Network Professional (CCNP)
• Certified Penetration Testing Engineer (CPTE)
• Certified Digital Forensics Examiner (CDFE)
• Security Certified Network Professional (SCNP)

Certified HIPAA Professional (CHP) Certified
HIPAA Security Specialist (CHSS) Microsoft
Certified Systems Engineer (MCSE) Certified
Technical Trainer (CTT) CompTIA Hardware
(A) CompTIA Networking (Network) CompTIA
Project Management (Project) Sun Certified Java
Associate (SCJA) CIW Site Designer (CIWSD) CIW
Database Specialist (CIWDS) INFOSEC Professional
8
Consulting Clients

• Presidio Financial (portfolio management) - San
  Francisco, CA
• Parental Stress Services (social services) -
  Oakland, CA
• Cache Creek Casino (gaming) - Brooks, CA
• Murphy Pearson Brown Feeney (law firm) - San
  Francisco, CA
• Applied Biosystems (biotechnology) - Foster City,
  CA
• KLA-Tencor (semiconductor yield specialists) -
  Milpitas, CA
• Alameda Community College District (education) -
  Oakland, CA
• Northwest Open Access Network, NOANET (regional
  ISP) - Portland, OR
• Berkeley Public Library (community services) -
  Berkeley, CA
• King County (government) - Seattle, WA
• Modesto Irrigation District, Modesto CA (public
  utilities)
• ArthroCare, (health care industry) - Sunnyvale,
  CA
• Fibrogen (biotechnology) - South San Francisco,
  CA
• Funtigo (media sharing service) - San Francisco,
  CA
• Embarcadero Systems Corp (transportation supply
  chain management) - Alameda, CA

9
About the Project
10
Background of the Project

• The need for information systems security
• Pervasive reliance upon critical systems demands
  protection of these systems
• Vulnerability assessment, penetration testing,
  and remediation of weaknesses comprise an
  important aspect of information security
• It takes one to know one
• The ethical hacker defends information systems by
  understanding and applying the same tools and
  techniques used by system attackers to discover
  exploitable vulnerabilities

11
Tools of the Trade

• Historical exploits
• Found in typical instructional materials and
  courses
• Useful for illustrating concepts in a training
  environment
• Cutting edge exploits
• What the professionals are actually using
• Rarely exposed in traditional training
• Defense and attack perspectives differ
• Detailed attack knowledge requirement is less
• Hardening systems is often more procedural than
  technical

12
Hacking Lab Exercises

• An essential adjunct to training lectures
• Tool categories include
• footprinting
• scanning
• enumeration
• system hacking
• trojans
• sniffers
• password crackers
• vulnerability scanners

13
The Need for New Exercises

• Labs provided with some ethical hacking courses
  can be inadequate
• Insufficient testing prior to publication
• Outdated tools
• Vague instructions
• Attack target variety
• Older unpatched operating system targets are
  useful for demonstrating concepts
• Students are usually interested in seeing
  exploits against more recent operating systems,
  such as Server 2008 and Windows 7

14
Near Term Expansion Plans

• Current lab set will be expanded to include
• Hydra password cracker
• Nessus vulnerability scanner
• More variety of use for netcat and hping
• Deeper exploration of Backtrack tools
• Cutting edge use of the Metasploit project
• Metasploit autopwn
• Automates use of all exploits against a target
• Backtrack fast track
• Automates already automated Metasploit autopwn to
  the level of point and click extremely powerful

15
Lab Development Process

• Ethical hacking lab development based on
• Extensive reading about the subject
• Seven years course delivery experience
• Testing each lab step-by-step to ensure accuracy
• Student knowledge contributions
• classes comprised of students with varying
  backgrounds, skill levels, and areas of expertise
• every course delivery yields new knowledge for
  the instructor

16
Source of Lab Tools

• Most freely available from the internet
• Vendor demo versions good for duration of the
  class
• Built into operating systems
• From operating system resource kits
• Dozens of hacking tools pre-installed on
  Backtrack
• The Backtrack project is a bootable Linux-based
  OS that can be launched from
• CD-ROM
• VMware virtual machine

17
Lab Environment

• Operating systems based in preconfigured VMware
  virtual machines automatically adapt to available
  PC hardware
• VMware allows multiple operating systems to exist
  simultaneously on a single PC
• Some course deliveries require students to bring
  their own laptop PC loaded with VMware
• VMware virtual machines and lab tools loaded
  onsite
• Reduces training space expense and setup time
• Current operating systems include Windows 2000,
  Windows Server 2003, XP Professional, and
  Backtrack

18
Course Delivery Package

• Textbook
• a variety of vendor courseware or commercial
  texts can be used
• Lab tools CD-ROM
• includes all tools used in the lab exercises
• organized to match flow of the course
• can be installed to PCs ahead of class by
  training center or on first day of class
• Outline of PowerPoint presentation
• PDF file providing the presentation in outline
  form

19
Course Delivery Package

• Provision of VMware VMs
• Can be installed ahead of class by the training
  center
• Can also be installed on first day of class when
  students bring their own laptops
• Lab exercise manual
• Presently includes over 100 lab exercises
• Each exercise includes an introductory paragraph
  explaining application of the tool
• Content evolves over time as better tools and
  techniques supplant older material

20
About the MSISA Program

• Bachelors program was mostly a review of topics
  studied ten years ago.
• Masters program has been a perfect fit with
  information security areas already in practice.
• Ethical hacking and computer forensics were
  already known and essentially comprised a review.

21
About the MSISA Program

• ISO 27001/27002 information security management
  system information was new and has been
  integrated into my classes.
• Wireless security coverage greatly expanded my
  depth of knowledge in that arena and is used to
  extend ethical hacking and CISSP course
  deliveries.

22
About the MSISA Program

• Cyberlaw brought much greater depth to my
  knowledge of the subject, which was mostly
  related to previous deliveries of CISSP.
• Leadership and Professionalism studies were new
  to me and have provided great objective insight
  into the dynamics of people management.
• The Critical Thinking component of the bachelors
  program at WGU also provided new information that
  has been an integrated part of my thought
  processes ever since.

23
About the MSISA Program

• My overall perspective on system security has
  been widened as a result of the WGU masters
  program in information security and assurance.
• The information gained from the program has
  ongoing application in the security and
  infrastructure training courses that I deliver as
  well as in thinking the big picture in consulting
  projects.

24
Discussion