what project would you undertake?

[phobophiliac]

Hi,

I`m coming up to my final year of my BSc computer Studies and I have got to start thinking about titles for my Final Year Project (AKA dissertation) I have got several Ideas HCI, or Directory Services.

Just out of interest what would some of the other people here do for a project? bearing in my it must have enough scope to keep you busy for at least 6 months.

[foxyloxley]

Didn't you get any ideas from the course tutors ?

is there a particular section in the IT field that REALLY grabbed you ?
so you can go deeper into that particular sector ......

or, better yet, a sector that really DIDN'T
so you can give it a chance to get under your skin .........

[phobophiliac]

I thought about building a honey pot putting it in the wild then doing a forensics on it to find what happened. or launch an attack on a pc myself.

[foxyloxley]

there are a variety of tuts on site to get you started

Soda_Popinsky is the member to check out

follow link to his profile, then find his tuts ..............

Pax

[Deeboe]

I think your honeypot idea sound very interesting.

I am not too sure about the attack on a PC though. What do you hope to gain on that. It is a good idea, but only if the right approach is taken.

[phobophiliac]

I was thinking of getting a foresic check list off the net and using that to perform an analysis, Id get some experience of performing forensics, and some more experience in using linux

[thread_killer]

If I may add my two cents about the honey pot idea:

I think unless you clearly define what your scope is going to be, how and what you intend to monitor, and what you intend to do about it, it's going to be too ambitious. Especially for a six month project.

I just reviewed my personal firewall logs (smoothwall) and I'm averaging about 50 log-worthy hits per hour on my single public IP address.

So let's create a simple honey pot on a student budget:

You have an active broadband connection not part of the university network, because that is (likely) going to be filtered in some way, shape, or form.

Into this connection you have a router that allows all traffic. Into the router (cable modem, dsl modem...whatever) you would plug in a cheap hub. One port of the hub gets plugged into an unpatched, un-service packed windows box. Another port on the hub is connected to your packet sniffer/ logging machine.

This is by no means the best honey pot in the world --and it creates its own problems, like what if your sniffer gets hit too?-- but it's cheap and dirty and should give you a good idea of the volume of traffic that is hitting your box.

So lets carry on the 50 hits an hour. That's 1200 log entrys per day. 8400 per week. 216,000 over six months.

What will you do with that information? How will you examine it all? The holy trinity of grep, sed, and awk will make it fairly easy to sort if you want to figure out where the attacks are coming from. That's easy.

Dilligent monitoring of task manager will let you know if you have any obvious new programs running. How will you know if you've been rooted? Well, anything that phones home should appear on your log box too (yea for hubs!), but that is even more information for you to parse.
Do you have any experience looking at raw packet data? Personally, I love it. I get a real rush from finding something in all the hex, but I'm the only person that I know personally that does. If you don't have a fair bit of experience with the IP stack you might quickly find yourself overwhelmed, bored to tears, or both.

What will you do when you do find something running on your honey pot? Leave it? Remove it? How?

What exactly are you looking for? Trend analysis? The information is already available on the web as to where the majority of attacks are coming from during any given time period. Are you going to mine the data collected? How? etc. etc.

There is a whole lot to just monitoring the honey pot. That doesn't even include the fact that the set-up above could be compromised invalidating all the data.

Not trying to pee on your parade, just want to give you something to think about before you jump into what is obviously an important project without you being aware of a little bit (seriously--there is a whole lot I'm skipping) of what you might be getting into.

Best of luck to you.

[phobophiliac]

Thanx Thread_Killer, You may be right about how exactly I would extract and use the data. I`m just really looking round for some good ideas that I could really get my teeth into and ultimately enjoy doing.

I would like to do something in the computer security field, i`m just not quite sure as to what as yet, hence why i`m here to bounce around a few ideas, and see what comes up.

Craig Dunn

[mohaughn]

Originally posted here by phobophiliac
Thanx Thread_Killer, You may be right about how exactly I would extract and use the data. I`m just really looking round for some good ideas that I could really get my teeth into and ultimately enjoy doing.

I would like to do something in the computer security field, i`m just not quite sure as to what as yet, hence why i`m here to bounce around a few ideas, and see what comes up.

Craig Dunn

The honeypot is a good idea, but like someone else said, make sure you set your scope of the project properly. Another good idea would be to implement an IDS, and document how you installed it, configured it, and in an ongoing sense how you tweaked it. What problems you saw, how you got certain applications working properly over it. Things of that nature. There are a lot of problems with IDS systems, in terms of requiring a lot of work to get them configured conrrectly. You could take the stance of, "What People Do Wrong With IDS Systems, and How To Overcome Those Problems."

There is certainly enough information out there about the issues, and you could use that research along with your own trial and error experiences to put together a good overview on using an IDS system.