This is a short write up on some interesting things I found while completing a midterm project for a Network Forensics class I took last year. My network forensics group decided to map the traffic for contemporary Windows-based denial of service vulnerabilities. Our project utilized a live network of volunteer hosts connected to the university network. We used NetFlow data collected by Flow Tools. While searching for possible exploits I found a hidden network bridge. The bridge used a non-human host registered to a roaming port in a networking closet. The host was eventually found to use a rouge process which proxied connections from an external residence on to campus. A malicious user could have used this bridge to proxy requests from their home through the university.
Entries in college (3)
Last month I wrote about my aspirations to create virtual security lab for students on campus to use. Well, as of now the lab is up and running! It is comprised of four machines all running dual Xeon, dual-core processors with 12 GBs of ram per. One machine, acting as a file server, has 1 TB of storage on a Raid 10. The others have 500 GB for internal storage. Two machines run ESXi and act as hypervisors, one machine runs Windows 2008 as a management device, and the file server is running openfiler.
I'm a CyberSecurity undergraduate part of a great program called the U. S. CyberCorps Scholarship for Service. The program helps students studying in information assurance related fields with tuition aid and professional benefits, provided the student promises their expertise to aid the U. S. Federal Government. Recently (this week) the program held a job fair in Washington D. C. for the students. Over 40 agencies occupied booths at the fair/symposium. The main objective was to identify potential students and expose them to information security related positions. Even before I was selected for the program, I held a vested interest in information security. Likewise, I had some previous application/interviewing experience for information security related internships. I wanted to take some time and outline my experience, and perhaps create a quick bulleted list for those seeking assistance with finding similar internships.