Vulnerabilities and Pen Testing

Project Introduction

Don't let the name fool you! There was far more than testing involved. This project morphed into a beast of a different name. Although, truth be told, it's beginning was no picnic. My colleagues and I went above and beyond to complete this project.

The project started with our professors selling a grand sceme. However, their stratagem was embedded with unforeseen obstacles... but that's another story. After some begrudgery, with the support of the professors, my small group moved forward with our own plan. We should've foreseen some of the bumps we'd encountered, considering we were working in the same location as our previous Capstone, but sometimes wisdom is blinded by ambition.

I'll let the process speak for itself.

Security Requirements Document

Similar to my first Capstone course, we had to create a Security Requirements document. As you would expect, it contained assets, objectives for identification, authentication, access controls, and auditing. I was more meticulous than I needed to be, specifying login attempts, password restrictions, and roles, but we wanted to make sure we had covered all our bases. When finished, the document contained 4 diagrams, 3 tables, and 14 pages. Actually, it wasn't too bad.

Project Proposal

After such a dry start working on the Security Requirements I wanted to do some fun. I know I went overboard with the proposal, but I went for something a little different; something I had never done before. Given the professor's rocky start we needed to convince them that we had a solid plan. We came up with a fun scenario that encompassed the semester's objectives.

I created a video, as part of our proposal, that pretty much laid out our game plan.


Server Implementation

With the success of our proposal behind us we moved towards creating our server. My group had already worked together building an Apache server, and the idea of doing it again was not appealing. We wanted to do something new. We decided to set up a Windows Server.

Now, you'd think this would be a simple process after setting up a server in Linux, but it wasn't. The problem was with our resources. The computer designated to us was simply inadequate to complete the task. We needed to find another option.

This was a bigger problem than you realize. You see, we were running security scans through a network, therefore, we could not just use any network, especially an academic network. That was the reason for testing within a secured lab. It was separate from the rest of the network. We had to find a solution that would serve our needs, but also keep us from being sent to our rooms. Your know, the one with striped windows. So, I had an idea.

Why not just build our own secure network?

I went to work with my old Linksys router setting up a sub network at ny house. After some static IP's and some port-forwarding, the secure network was ready to go. Now all we needed was our server. My colleague volunteered his older game PC, so we were not worried about performance. We made arrangements, he came over, and we started setting up. We figured it wouldn't take very long to have Windows Server 2012 r2 installed and working, so even made dinner plans. And now the IT pople can laugh.

Yes, you guessed it, his computer was 32, not 64, so we had a problem. After some head slapping, it was quickly resolved. since he was planning on upgrading that computer anyway. A little over $300 later he returned with a new 64-bit motherboard and power adaptor. After all that, it only took about half an hour to have Windows Server up and running.

Security Scans

After some time figuring out how to navigate Active Directory and set up Organizational Units we were ready to test our system for vulnerabilities.

We ran our security scans using a couple different software. First, we used Nesus, because it's probably the most well known and user friendly. It also automatically exports beautifully organized PDF reports. It practically did the work for us. The second piece of software, can be found in Backtrack, or Kali, called Armitage. Between these two pieces of software, a little bit of NMAP, we had thoroughly discovered and patched any vulnerabilities.