Summer Workshop on Network Security

Summer Workshop 2002 on Network Security

Periods:4 - 6 weeks (30 - 40 hours)
starting from 13th May 2002 (after the final exam period)

You can sign up this workshop now at https://ielab.ie.cuhk.edu.hk/ws2002/reg2/

There will be a briefing session from 15:00 to 17:00 on 13th May 2002 in HSH Lecture Theater 508

Objectives:

Let participants have hand on experiences of

hacking into a network
counter measures of these hacking
Computer Forensics Analysis and Damage Control after break-in.
Security Audit and Vulnerability Analysis of a network

Operation: Each participant will manage a Linux host remotely. There is no need for the participants to come back to school to do the exercises or experiments. They can do the exercises at home or at office at any time convenient to them. Participants will use their hosts to get used to some hacking techniques and security tools first. Then they will try to use these techniques and tools to break into a victim host. They will also work with their partners, who also manage other Linux hosts, to do some experiments of hacking, computer forensics and vulnerability analysis tests. At the end of the fourth week, each participant needs to write two reports:

    Computer Forensics Analysis report
                    and
    Vulnerability Analysis report

Finally, if the participants have finished all exercises and experiments on or before schedule, they may join a hacking and computer forensics competition which they can really test what they have learned from this workshop.

cuhk.ie.workshop.security newsgroup has been created for this workshop. Participants can discuss their problems and solutions in this newsgroup. At the same time, the workshop instructor can use this newsgroup to guide the participants to do their exercises and experiments along through.

Workshop Outlines:

Week #1 Mission: Warm UP

Get used to some system admin, network monitoring and debugging techniques such as nslookup, whois, traceroute, arp, etherprobe, dig, netstat, ifconfig, tcpdump, snort, ettercap, SNMP, MRTG, syslog

Week #2 - 3 Mission: Hacking and Defense

Try to break into a victim host and see how a hacker install backdoor and Trojan horse program afterwards. These hacking techniques includes:

Stealth scans: e.g. SYN FIN scan

Buffer overflow: e.g. buffer overflow in named and popd daemon.

Local program exploits: e.g. root shell in dump program

Backdoor management: e.g. via remote root shell, e-mail, USENT, cron job, TFN

Trojan horse program: e.g. Linux rootkit, sniffer programs

Temporary misconfigure and install vulnerable programs on your host and then apply the above hacking techniques to break into your host via these vulnerabilities from your partner host. Try to understand the hacking signature, pattern and trace of the break-ins.

Deploy IDS, scanner and firewall to protect your host against these break-ins

E.g.

Host based IDS: tripewire

Network based IDS: snort, tcpdump, iplog

Internet Scanner: nessus, Nmap, SATAN

Other tools: ipchains, tcpwrapper, remote logging

Week #4 Mission: Computer Forensics and Vulnerability Analysis

Use computer forensics techniques to exam a hacked system such as scene reconstruction and evidence collection. Write a report of your finding in the hacked system.

E.g. using TCT forensics toolkit, recovering deleted files by inode, examining the system log, tcpdump log files and IDS alert log

Perform a Vulnerability Analysis for your partner host. Write a report for that analysis.

E.g. performing a penetration test and configuration review.

Week # 5 - 6 Mission: Competition

Hacking and Computer Forensics Competition (optional)

If participants have finished all the exercises and experiments on or before schedule, they can join this Hacking and Computer Forensics competition. For those who have not finished the previous exercises and experiments, they can continue their exercises in these weeks. Each participant in this competition will try their best to break into other competitor hosts or set up a honey pot at their hosts to trap a hacker and then perform the computer forensics analysis. The winner will be the ones who

can hack into a system and can control it without being discovered or
can trap the hacker and can trace every activity of the hacker by computer forensics techniques

A small gift will be presented to the winner. In return, the winner will give a brief presentation of how they hack into a system or trap a hacker during computer forensics analysis.