Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Network Audit for Grad Project

  1. #1
    Senior Member
    Join Date
    Jan 2003
    Posts
    220

    Network Audit for Grad Project

    Im doing a graduation project for my senios year, and I decided on auditing the network security of a local ISP. I know little to nothing on where to start and what all I should use and test. Any help would be appricated. Thanks.
    [gloworange]And then it happened... a door opened to a world... rushing through the phone line like heroin through an addict\'s veins, an electronic pulse is sent out, a refuge from the day-to-day incompetencies is sought... a board is found. \"This is it... this is where I belong...\" I know everyone here... even if I\'ve never met them, never talked to them, may never hear from them again... I know you all...[/gloworange]

  2. #2
    Senior Member
    Join Date
    Mar 2005
    Posts
    400

    Exclamation

    If this IS a graduation project, then why are you picking a subject you know nothing about?

    Even if you complete/submit a paper on this, your teacher/professor has more than enough experience with students and will see you don't know anything about this at all, even if you plaugerize someone's elses work.

    I recommend staying within the boundaries you know best, because trying to audit the network security of a local ISP will be both hard and could cause you to lose your ISP access.
    ZT3000
    Beta tester of "0"s and "1"s"

  3. #3
    AO's MMA Fanatic! Computernerd22's Avatar
    Join Date
    Mar 2003
    Location
    Miami, FL
    Posts
    795
    Im doing a graduation project for my senios year, and I decided on auditing the network security of a local ISP. I know little to nothing on where to start and what all I should use and test. Any help would be appricated. Thanks.
    Did the local ISP give you permission to audit there network? My guess would be NO. Simply because, most ISPs have an outside resource monitoring there network. Like the ISP I work for we have NOC and a few other ones that audit, troubleshoot secure our ISP's network. Do you have any information on the local ISP? If so, we need this information in order to recommend software and other useful information.

  4. #4
    Senior Member
    Join Date
    Jan 2003
    Posts
    220
    Well, first off. We are REQUIRED to pick something we know little to nothing about. They want to us to learn something new and get experience in a field we are interested in.

    Second, YES...I have permission from the ISP...considering I WORK THERE. Now...anyone willing to actually help with some ideas? Thanks in advance.
    [gloworange]And then it happened... a door opened to a world... rushing through the phone line like heroin through an addict\'s veins, an electronic pulse is sent out, a refuge from the day-to-day incompetencies is sought... a board is found. \"This is it... this is where I belong...\" I know everyone here... even if I\'ve never met them, never talked to them, may never hear from them again... I know you all...[/gloworange]

  5. #5
    One of the things you want to look into is pen testing:

    http://www.google.com/search?sourcei...:en&q=pen+test

    I gave you Google link as opposed to individual link so that you can see the vast array of information out there on it. That first site, Security Focus, is a good place to start.

    If your ISP is running a MS Solutions environment then check this place out thoroughly:

    http://www.microsoft.com/technet/security/default.mspx
    And so at last the beast fell and the unbelievers rejoiced. But all was not lost, for from the ash rose a great bird. The bird gazed down upon the unbelievers and cast fire and thunder upon them. For the beast had been reborn with its strength renewed, and the followers of Mammon cowered in horror. -from The Book of Mozilla, 7:15

  6. #6
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Google the following:-

    NMap

    Read the manual
    Perform the scans
    Determine the Operating Systems and services available
    Determine the version number of the software running the services
    (the above can be done by googling something like "Determine version <program> remotely"
    Search somewhere like secunia for exploits against the version
    DO NOT attempt the exploit.

    Write your report, (google for acceptable network audit report formats), and get yourself an A....


    That should be more than enough to satisfy your prof.... He might learn something too.....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  7. #7
    AO's MMA Fanatic! Computernerd22's Avatar
    Join Date
    Mar 2003
    Location
    Miami, FL
    Posts
    795
    anyone willing to actually help with some ideas? Thanks in advance.
    Were all willing to help. In order for US to HELP YOU you have to give us information on the ISP. Every network and ISP is different. Tiger shark gave you useful information.

    http://icat.nist.gov/icat.cfm

    http://www.cve.mitre.org/

    http://www.cert.org/

    http://csrc.nist.gov

    http://securityfocus.org/


  8. #8
    Senior Member
    Join Date
    Jan 2003
    Posts
    220
    Thank you CuseMMA, TigerShark, and Computernerd22. I was thinking not only of doing pen testing but social engineering as well. Basically an entire overview of the security of the company. Its a small ISP. Only about 20 computers on the network. But also contains many servers, routers, and the like, wireless and otherwise. Thanks for the help though, Ill look into those links. Any ideas for some sites offering good online courses in that area?
    [gloworange]And then it happened... a door opened to a world... rushing through the phone line like heroin through an addict\'s veins, an electronic pulse is sent out, a refuge from the day-to-day incompetencies is sought... a board is found. \"This is it... this is where I belong...\" I know everyone here... even if I\'ve never met them, never talked to them, may never hear from them again... I know you all...[/gloworange]

  9. #9
    Senior Member
    Join Date
    Oct 2002
    Posts
    314
    Have a look at this

    http://www.isecom.org/osstmm/
    Quis custodiet ipsos custodes

  10. #10
    Senior Member
    Join Date
    Jul 2004
    Posts
    469
    Originally posted here by Limpster
    Second, YES...I have permission from the ISP...considering I WORK THERE. Now...anyone willing to actually help with some ideas? Thanks in advance.
    My piece of advice would be don't assume you're allowed to audit their network just because you work there. Some of the penetration testing tools can break stuff and might cause some problems. If you haven't already I would ask management if doing this project is acceptable. You might have already done this, but I just figure if you don't know much about this area you might have overlooked this.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •