home network security pen test

[cale_doses]

Hi,

I'm new to this forum, and was wondering if anyone could point me in the right direction.

I am planning to assess the security of my home network and I aim to gain access to resources over a broadband link by using current hacking methodologies. It's in aid of a college project and I have gained ethical approval. I was hoping y'all could steer me in the right direction.

Many Thanks

cale_doses

[lupin]

That's a rather non specific and vague question. But you asked to be steered in the right direction...so I'll tell you not to try and run before you can walk. Try some tutorials first, and once you get to grips with the basics read some of the penetration testing frameworks that are around so you get an understanding of the entire Penetration testing process. Id also recommend you read the latest edition of Hacking Exposed - it has a good overview of the steps required to access a system via "hacking".

I should probably inform you that regardless of the fact that you apparently have "ethical approval" to hack your home network systems, your ISP might not like you sending attack traffic over their network to your systems. In addition, whatever network you launch your attacks from (since you wont be able to launch external attacks from your own network) may not like it either. Be prepared to face the consequences of your actions if you decide to go ahead with this.

Personally Id suggest confining your attack traffic within a test network, and NOT sending it via the Internet.

Anyway, what do you expect to prove by this? That home networks can be hacked? I think that everyone already knows this by now. Did your college actually assign you a project to hack into a network, because that seems like a recipe for disaster?

[Archangel-Amael]

Hi,

I'm new to this forum, and was wondering if anyone could point me in the right direction.

I am planning to assess the security of my home network and I aim to gain access to resources over a broadband link by using current hacking methodologies. It's in aid of a college project and I have gained ethical approval. I was hoping y'all could steer me in the right direction.

Many Thanks

cale_doses

I would ask for my money back and transfer to a different institution if I were you. I mean seriously your teachers says something to the effect of " go hack and gain access to resources over a broadband link by using current methodologies" Wow what a fail bus school that must be.
Here's a scalpel go cut that persons head open and learn about psychology.

[cale_doses]

That's a rather non specific and vague question. But you asked to be steered in the right direction...so I'll tell you not to try and run before you can walk. Try some tutorials first, and once you get to grips with the basics read some of the penetration testing frameworks that are around so you get an understanding of the entire Penetration testing process. Id also recommend you read the latest edition of Hacking Exposed - it has a good overview of the steps required to access a system via "hacking".

I should probably inform you that regardless of the fact that you apparently have "ethical approval" to hack your home network systems, your ISP might not like you sending attack traffic over their network to your systems. In addition, whatever network you launch your attacks from (since you wont be able to launch external attacks from your own network) may not like it either. Be prepared to face the consequences of your actions if you decide to go ahead with this.

Personally Id suggest confining your attack traffic within a test network, and NOT sending it via the Internet.

Anyway, what do you expect to prove by this? That home networks can be hacked? I think that everyone already knows this by now. Did your college actually assign you a project to hack into a network, because that seems like a recipe for disaster?

I am very disheartened to hear a mod reply with such pessimism. Vague may the initial query be, but you should still be able to derive from what my question is.This is a legitimate project that is not repeating the work of others, of course home networks can be hacked!!! My ISP has been informed and I have a secure connection in college that I will be using. There is not enough research into this area, IDENTIFYING AND MITIGATING the threat of attack ideally for the novice home user. What I propose is to launch a series of attacks directed at my low secured home network and then implement the necessary countermeasures, do the tests again and thus the analyse the results and in turn provide a list of best practices for the home user market. It is very presumptuous of you to assume I have no pen testing experience, when I am familiar with most tools out there, albeit open source, I know there are excellent tools in which you use for a fee, however what I am showing is how easy and effortless it would be for someone to do this.

I have never used backtrack before, so I am wondering if it would be beneficial to use this all in one open souirce package or, stick with the individual tools I have already > metasploit, netcat, nessus, wireshark, ophcrack, etc etc Also what in you opinions would be the most simplistic attack one could mount > DoS? Reverse Shell? Install BackDoor? Trojans? Buffer Overflow (any)?

My issue is the HOW and HOW? any help would be appreciated

[lupin]

I am very disheartened to hear a mod reply with such pessimism. Vague may the initial query be, but you should still be able to derive from what my question is.

Not pessimism, realism. I was giving you realistic advice based on the level of knowledge you demonstrated in your first post. This is not meant to be an insult, this is just resulting from my assessment that if you need to ask how you can test the security of your network, and cannot offer any suggestions of your own on how you might go about it, you may not be ready to do it.

And I can determine what your question is, the problem is that its a question that wont result in a good answer because you have not been specific enough about what you want to know. Its not possible to give a comprehensive to answer a question like "How can I assess the security of my home network" in a forum response, and the fact that you asked it like that shows you havent put a lot of thought into this. Asking a specific question about an area in which you were stuck, mentioning some research you had already done and asking for clarification on particular points, or listing an outline of what you planned to do and asking for comments would all have been better ways to get useful information out of us.

This is a legitimate project that is not repeating the work of others, of course home networks can be hacked!!! My ISP has been informed and I have a secure connection in college that I will be using. There is not enough research into this area, IDENTIFYING AND MITIGATING the threat of attack ideally for the novice home user. What I propose is to launch a series of attacks directed at my low secured home network and then implement the necessary countermeasures, do the tests again and thus the analyse the results and in turn provide a list of best practices for the home user market.

Do you really believe that no one else has ever examined the threat to the home user before? There are God knows how many commercial end point security tools aimed at the home market. Wouldnt you think that some research may have gone into that? Have a read of the blogs of any of the major antivirus or security software vendors and you will see a lot of information relating to threats that affect the home user.

My home countries Government even has a web site dedicated to the subject of home and small business Internet security:

Home | Stay Smart Online

It is very presumptuous of you to assume I have no pen testing experience, when I am familiar with most tools out there, albeit open source, I know there are excellent tools in which you use for a fee, however what I am showing is how easy and effortless it would be for someone to do this. I have never used backtrack before, so I am wondering if it would be beneficial to use this all in one open souirce package or, stick with the individual tools I have already > metasploit, netcat, nessus, wireshark, ophcrack, etc etc Also what in you opinions would be the most simplistic attack one could mount > DoS? Reverse Shell? Install BackDoor? Trojans? Buffer Overflow (any)?

Im sorry, but someone who needs to ask how to assess the security of a home network does not have pen testing experience. You might know how to use some of those tools you mentioned, but that is not pen testing.

Quoting myself from the old forums:

Pen Testing is a professional activity that involves systematically testing a set of systems for security weaknesses using defined and repeatable processes, and then reporting on the results providing risk ratings and remediation advice.

Learning to use tools individually, as you have claimed to have done, is an important step along the way to learn to perform penetration testing, but you need to be able to use the tools required in each of the steps of a penetration test as well as being able to link the use of each tool together to obtain the correct overall result.

My issue is the HOW and HOW? any help would be appreciated

Again, if you want to know HOW to use the various tools in BackTrack, Im going to refer you back to the advice that I gave in my first post. Follow some tutorials, read some of the penetration testing frameworks available, check out some books on the subject such as "Hacking Exposed", which is a good introduction to the subject.