This project incorporates many facets of security for computer systems and the network they are on. The client wanted the possible vulnerabilities and threats to their network and systems documented. If any are found, the job is to find solutions to mitigate and or remove those possible problems.
Many security tools such as OpenVAS and GRR Rapid Response were used in the vulnerability finding process. Using these tools among others gives a nice basis to find, document, and find solutions to, any possible problems that may arise.
Along with the implementation of theses programs, setting up and installing servers and the troubleshooting also goes along with the project.
Project Student: Ryan Stav
The project was to solve the issues a WSUS server had with client communication to workstations. The main issue was that the batch cloning of the workstations left them all with the same GUIDs. Following the fix, a single workstation connected to download the updates, and double checked that nothing broke, before sending the updates to the rest of the workstations. The server is now running normally, with no apparent issues.
Project Student: Kinnon Roudebush
An educational entity requested a solution that is capable of auditing their workstations. Their primary goal is to monitor logins to ensure that workstations are not being accessed after open hours. The ideal solution would also generate and send emails as alerts.
Expanding on the original scope of the solution, LibreNMS was chosen for its capability to monitor events at a system level through syslogs as well as provide a centralized, web-accessible platform to analyze overall network traffic, addressing information, and system specifications. Batch scripts were written to automate the configuration of the workstations’ SNMP and syslogs. A combination of batch scripts and task scheduling were used to identify workstation logins at specific times.
Project Student: Keith Cornell
A transparent proxy server was created and implemented. The purpose of the transparent proxy is to reduce bandwidth and increase download speed. A virtual machine utilizing pfSense (a Linux based firewall) with a Squid transparent proxy add-on was created to provide easier manageability. Reports can be generated to show details regarding web traffic as well. pfSense has additional features that can be utilized to consolidate various programs into one server with a web interface. These features include, but are not limited to, Wake-on-LAN, OpenVPN, and ClamAV anti-virus. Currently the proxy server is incomplete, as additional VLANs need to be added.
Project Student: Heather Bullard
This project provides university students access to virtual machines and environments for penetration testing, networking security, and forensics practice, as well as SQL databases. With a current total of five machines running virtualization software, our servers currently support 29 usable VMs. Our an application container server can accommodate an expanding number of SQL databases. It was created using commodity off-the-shelf hardware and open-source software.
Project Student: Ivan Cardenas
The purpose of our project is to configure a secure cloud server to operate using OpenStack Juno on Ubuntu. We have four nodes that will operate together at the end of the project. When everything is complete you will be able to launch multiple instances and expand your network rapidly while managing your resources efficiently. You will also be able to monitor traffic, detect and prevent internet intruders.
Project Students: Nichole McFarland, Justin Salyer, Khalid Alsufayan
The purpose of CITCON project was to create an environment that students can come into and test their security knowledge against our systems. Our challenges include WEP Cracking, Cryptanalysis, Remote Exploitation Attacks, and Web-App Hacking. This allows students to go through process of discovery, information gathering, risk assessment, exploitation, and exfiltration. Students will get a flag for challenges they complete.
CITCON project can be expanded to include more challenges that are more suitable for high school students or graduate level students. Current implementation supports college students with some background in security.
Project Students: Blake Kindred, Craig Mishler, Nicholas Luedeman, Rushabh Vyas
The SNORT project is a continuation of building up a network security monitoring server to monitor the networks of classrooms located in a basement. There will be 2 phases that need to be accomplished. The software that would be using to monitor the network would be “SNORT” , an Intrusion Detection Software.
Phase 1: Snort will need to catch the flow of the in and out traffic on one of the VLANs. Snort has already been built, but may need updates to continue on to the next phase. Security Onion was used initially for the Linux system, but new equipment should allow for SNORT to run on a direct Linux system. Possible start over for the build.
Phase 2: Snort will need to connect to an additional VLAN. Additionally have to make sure there is minimum – 0 redundancy and a way to have separate log files for the VLANs. No further information on this phase until checks on the first phase are complete.
Paused work on the snort project. Will need further research before continuing.
Project Team Members: Raffielle Miller, Shawnie Springfield
During the semester project in CIT 420, it was noted that banking apps for iPhone store some sensitive data in plain text. This semester in Living Lab a similar process is going to be used to see what similar banking applications store on an Android Phone. The apps will be downloaded from the Google Play store, used for a couple of weeks, then the device will be scanned and scoured through. The iPhone apps will also be looked at in much greater depth.
Project Student: Chris Nakfoor
Monitored and studied network to isolate and eliminate performance hindering problems. First, an extra DHCP server had been installed unintentionally and the service was shut down. The actual DHCP server was then found to be issuing old DNS information and causing an extreme lag when DNS always had to be routed to the secondary Google servers. The DNS information was updated to reflect the new DCs on the intranet.
This caused systems to be much more responsive, but brought to light a new problem. The whole intranet had become an island where time was not being properly read from NTP servers. Noticed by a client when her computer and cell phone clocks did not match, the intranet was about 5 minutes slow. The problem ended up residing in the firewall, which maintained an NTP service with incorrectly configured time. Whats more is that the firewall also redirected externally addressed NTP traffic to itself, causing everything inside the network to get its time. Once time was updated on the firewall, the intranet began keeping in time with external sources.
Project Student: Blake Kindred