CSI1209-02 How Secure Is your Computer

The main way we had to innovate for this project was to read and learn about common attack techniques that we haven’t used before. In class we mainly practiced social engineering techniques (Malicious activities accomplished through human interactions ex: phishing emails) as well as targeted older systems with known security flaws. In the given scenario for our project we were dealing with a relatively new system that had an active firewall plus it was not an active network meaning we are not able to use social engineering techniques. This really limited what we were able to do against the target and got us to look into things like firewall bypassing/enumeration techniques (Enumeration Techniques means to extract the user names, machine names, network resources, etc). Using these techniques it gives us hints to what is running on the target system, the operating system (Windows, Linux, etc), service versions, as well as what type of authentication it uses.

During this project we have faced many challenges as we are conducting a pentest on the network there is no real way for us to know if there are any vulnerabilities for us to find and exploit so we could go weeks with no progress. This was due to the fact that the firewall had ICMP ping packets set to drop (ICMP is a communication protocol like TCP and UDP — it is how computers and network equipment tell eachother what is happening for specific situations). This is a challenge because in a normal environment most of the time ICMP packets are allowed through, which lets us figure out more information on the system. By using the ping or ICMP protocol you are easily able to tell if a system is up based on the response of the ping packet. You can also use basic ICMP packets to whether or not a certain port is open on the remote host.(A port is used to send and receive data depending on specific services running eg, http the protocol most basic web servers use runs on port 80, computers have approximately 65535 ports available) Determining the ports is a big deal because it allows us to determine which protocols are running on the system as well based on the replies of both open and closed ports you can determine the operating system of the remote host giving us an advantage against the target. Since ICMP was blocked we had to research how to find the operating system.

It is hard to measure our progress/results as pentesting is not really something you can measure until you find an exploit into the system itself, as of now we have focused heavily on research and reconnaissance to get as much information on the system as possible to point us in the direction of an exploit. As for the research aspect we have spent countless hours researching different techniques and/or into learning more about certain aspects of the target such as Firewalls, IIS WebServers, etc. Currently in the project we are still in the reconnaissance phase of our assessment. From the vulnerabilities we have been able to find it has given us a good amount of information about our target but there is still quite a bit more to do. We are currently still looking for new techniques as to how we could exploit the network to gain access.

There have been many lessons that we have learned over the course of this semester, one of the biggest things we feel is to not rush things and take things one step at a time. At the beginning of the course we believed that this would be the easiest project as in our pentesting courses we all found it interesting and easy but we quickly had a reality check as that was not the case for this project. The reason we believed it would be easy is the fact that we had always worked with older systems/firewalls in class, with how quickly the tech world updates with new technology those techniques become outdated and the firewalls become more secure which makes it more difficult for us as we had to learn of new tools and do a ton of research on the most up-to-date techniques.