Im doing a graduation project for my senios year, and I decided on auditing the network security of a local ISP. I know little to nothing on where to start and what all I should use and test. Any help would be appricated. Thanks.
Printable View
Im doing a graduation project for my senios year, and I decided on auditing the network security of a local ISP. I know little to nothing on where to start and what all I should use and test. Any help would be appricated. Thanks.
If this IS a graduation project, then why are you picking a subject you know nothing about?
Even if you complete/submit a paper on this, your teacher/professor has more than enough experience with students and will see you don't know anything about this at all, even if you plaugerize someone's elses work.
I recommend staying within the boundaries you know best, because trying to audit the network security of a local ISP will be both hard and could cause you to lose your ISP access.
Did the local ISP give you permission to audit there network? My guess would be NO. Simply because, most ISPs have an outside resource monitoring there network. Like the ISP I work for we have NOC and a few other ones that audit, troubleshoot secure our ISP's network. Do you have any information on the local ISP? If so, we need this information in order to recommend software and other useful information.Quote:
Im doing a graduation project for my senios year, and I decided on auditing the network security of a local ISP. I know little to nothing on where to start and what all I should use and test. Any help would be appricated. Thanks.
Well, first off. We are REQUIRED to pick something we know little to nothing about. They want to us to learn something new and get experience in a field we are interested in.
Second, YES...I have permission from the ISP...considering I WORK THERE. Now...anyone willing to actually help with some ideas? Thanks in advance.
One of the things you want to look into is pen testing:
http://www.google.com/search?sourcei...:en&q=pen+test
I gave you Google link as opposed to individual link so that you can see the vast array of information out there on it. That first site, Security Focus, is a good place to start.
If your ISP is running a MS Solutions environment then check this place out thoroughly:
http://www.microsoft.com/technet/security/default.mspx
Google the following:-
NMap
Read the manual
Perform the scans
Determine the Operating Systems and services available
Determine the version number of the software running the services
(the above can be done by googling something like "Determine version <program> remotely"
Search somewhere like secunia for exploits against the version
DO NOT attempt the exploit.
Write your report, (google for acceptable network audit report formats), and get yourself an A....
:cool:
That should be more than enough to satisfy your prof.... He might learn something too..... ;)
Were all willing to help. In order for US to HELP YOU you have to give us information on the ISP. Every network and ISP is different. Tiger shark gave you useful information.Quote:
anyone willing to actually help with some ideas? Thanks in advance.
http://icat.nist.gov/icat.cfm
http://www.cve.mitre.org/
http://www.cert.org/
http://csrc.nist.gov
http://securityfocus.org/
:cool:
Thank you CuseMMA, TigerShark, and Computernerd22. I was thinking not only of doing pen testing but social engineering as well. Basically an entire overview of the security of the company. Its a small ISP. Only about 20 computers on the network. But also contains many servers, routers, and the like, wireless and otherwise. Thanks for the help though, Ill look into those links. Any ideas for some sites offering good online courses in that area?
Have a look at this
http://www.isecom.org/osstmm/
My piece of advice would be don't assume you're allowed to audit their network just because you work there. Some of the penetration testing tools can break stuff and might cause some problems. If you haven't already I would ask management if doing this project is acceptable. You might have already done this, but I just figure if you don't know much about this area you might have overlooked this.Quote:
Originally posted here by Limpster
Second, YES...I have permission from the ISP...considering I WORK THERE. Now...anyone willing to actually help with some ideas? Thanks in advance.