Only capturing a few seconds of packet data can yield thousands of packets to analyze, and most of them are unrelated to what you’re looking for. The amount of data, even on a slow network, is completely overwhelming. There are few secrets at the network level, but there are millions of truths. BARRIER #1: Finding that one thing in a sea of noise I wanted to use packet analysis techniques to catch attackers, troubleshoot network performance issues, and understand the things malware and legitimate software were trying to hide from me. Figuring out how students were stealing passwords was simple, but to go much further I would have to learn new skills. By learning how to analyze network traces, I could flip the script. Many of the biggest problems I had experienced in my career were caused by software not doing what it said it would do or by attackers who were really good at hiding from me. Analyzing communication at the network level opened up a whole new world. Through that experience, I had an epiphany. The software vendor eventually fixed the problem, but that was just the beginning for me. I eventually found out that the first student we suspected of changing his grades had been the culprit again, this time changing one of his buddies grades. Within that network traffic, they could extract a teacher’s password and log right in. I used these tools to demonstrate how anybody on the network could redirect the flow of network traffic through an intermediary host and capture network traffic. I did some research and learned about a technique called packet analysis and tools like tcpdump and Ethereal (now called Wireshark). I thought that the password was being transmitted across the network without being encrypted, meaning it was easily readable by someone with the right knowledge.Īfter all…the software is secure. The teacher’s logged into the grading system from their workstations, which talked back to a central server. I told my boss that I suspected the student was somehow stealing the password from the software. A different student’s grade had been changed. The next semester, the same teacher called again.
The student denied it, but we reset the password anyway - something that wouldn’t be guessable. After all, the software claimed it was secure. I came to the conclusion that the student had guessed the teacher’s password.
“I think one of my students changed his grade in the computer somehow.” Not long into the job I got an odd request from a teacher… If I could sum it up in one picture, it’d be something like this: The equipment was dusty and dying, the server closets were a tangled mess of wires, and nobody had given much of a thought to security.
I was responsible for four thousand computers across ten locations, and the network was an absolute disaster. One of my earliest computer jobs was as a network administrator for a school district.
0 kommentar(er)
