This weekend I will break into a Corporate Network ; )

This weekend I will break into a Corporate Network ; )

Hello,

For this weekends assignment, I and two others will attempt to infiltrate the security barriers of Company Confidential, to test for weaknesses (we are paid to do this). After giving a formal interview with the top management and heads of the IT dept, we will start off with general access to the compound, where we will do a survey of the environment, and look for possible ways to break in. Of course the easiest way in would be through someone else's password; you know, those people that stick it on their monitor or under the keyboard (I just cant be rifling through someones desk though; although an intruder would probably do this first). We will also talk to random people, maybe check out a few printer areas for goodies (maybe some nearby trash cans ; yuck). Then its on to the technical stuff; getting excited yet?
First, we will attempt to crack their wireless security (wireless security? huh!), if no wireless, we will plug right in to the nearest terminal and break out our arsenal of software weapons. We could definitely have one computer running a network sniffer, that will look at all communications on the local network, and will capture passwords (in clear text, and encrypted), network traffic (useful info), and other un-encrypted useful info (like login user names, IM conversations etc). We will also run vulnerability assessment software (that will tell us versions of software being used and their weaknesses). We can then use another program which will "automatically" exploit these vulnerabilities, which will then give us full control of any computer which was successfully exploited. This is a relatively easy attack, that can be carried out by someone with limited technical ability. There are definitely endless possibilities to the methods that an attacker can use to compromise a system.

After, these and other assessments on their infrastructure and existing security layers, we will make a review of what we would recommend should be done to help mitigate the risks. This is a plan that we help the management develop, that is an actual course of action over the next few months to a year. Usually, the most important initiatives involve better user training for everyone about what the companys goals are for a secure system.

hope you enjoyed my pre writing, on tomorrows assessment; If theres anything cool that happens I'll let you all know.

peace in the middle east,
J