University security projects (Old page from 1999)

Sean Boran (sean AT boran.com ), 15 avril 2003 

The following are a few ideas for "Internet Security" projects. Some of these projects are easier that others. The security field is really taking off, I think these kinds of projects provide excellent experience and help contribute tools to the public domain.

Why should you do any of these? Well:

==> Maximise your browser, since the table below is quite wide.
If someone has already started on these projects, it is noted in the status column.

If you're interested in one of these but don't quite understand my description, then send me an email telling me what you like to do and what you didn't understand. Tell me what language you want to use (Perl, Java, C etc..), how deep you want to go, whether you prefer GUI or OS level programming. etc. I'll do my best...

Have fun....

Nr. Aim involves Further info Project status
1a Satan (a Security scanner) is based on Perl and a WWW browser and allows a large number of hosts to be scanned on a net-work for weaknesses in network services.

Update Satan to check for all the latest holes, including SMB based holes. Satan was designed to be easily extensible and it would be interesting to extend it to cover other know weaknesses and recognise other architectures and list Operating Systems by version.

Actually, Nessus (see below) is way ahead and might be abetter option.

Lots of Perl hacking, maybe HTML, detailed security attacks research. http://ftp.win.tue.nl/pub/security/satan.tar.Z

www.trouble.org/satan/

The book "Protecting Networks with Satan"

Tanya's Extensions: www.compapp.dcu.ie/~treill.ca4/funcspec.html

Saint is an another extension to Satan, see
www.wwdsi.com/saint/index.html

Tanya Reilly of Dublin City University has finished (June '99) a new set of extensions as part of her final year project. the extensions use NMAP for OS identification, added a DoS category and detect Netbus & Back-Orifice and SMB shares/printer  weaknesses.

Visit the Project site

1b Port Satan or Saint to NT Perl, html, UNIX-NT porting. see above
2 - Create Nessus plugins
- Update NT version
www.Nessus.org is the best free scanner available. Interesting. Contribute by developing plugins to check for new weaknesses, or update the NT version, which is pretty old.
3 Automatic and manual intrusion detection (ID) systems need to be in place so that attacks (especially successful ones) are recognised.  NFR (Network Flight Recorder) is a freeware and commercial intrusion detection system.

Extend NFR  with lots more attack profiles.
NFR allows development of "n-code" plugins to detect particular attack signatures. Only a few network management filters are included by default, more can be downloaded, but there is a wide scope for developing new signatures.

NFR consists of 5 components: packet sniffer (based on libpcap), engine (tcpstream reassembly, execution of N-code scripts), output backend processors (record data in files / allow queries / send alerts), a query interface (a Java GUI running in a browser allows remote querying) and a space manager (archives/deletes collected data).

Learn "n-code", some HTML, detailed security attacks research www.nfr.com

www.nswc.navy.mil/ISSEC/Docs/intrusion.html
Intrusion Detection type filters from www.nswc.navy.mil/ISSEC/CID/ (nfr.id.tar.gz)
www.l0pht.com/NFR/







Results of E.Osipov's work:
  • A set of backends was created.
  • dnsTRANS.* : detection of the DNS transactions (recorder type HISTOGRAM);
  • DNSBETA.* : the same purpose, but recorder is LIST
  • admscan.* : detection of the DNS spoofing using ADM
  • universLogin : detection of RLOGIN connection (as well as TELNET), weak passwords detection (less then 5 symbols), LOGIN without password detection (modified file .rhost)
  • SYNstorm : Detection of SYN-storm attack.

If you are considering developing NFR backends,  Evgeniy's work will be a definite help (1.7MB zip).

Project by Evgeniy Osipov, doctoral school student at EPFL Lausanne, Switzerland.

Finished June'99

Results: zip file (1.7MB)
includes backends developed, other free backends, report, presentation, notes)

4 Create a free S/MIME toolkit (SDK) based on the free Crypto libraries such as Crypto++, which provides C++ implementation of most encryption algorithms, but not the PKCS standards.

C++, crypto, S/MIME.

Learn S/MIME PKCS standards, write code to apply them. Learn how to use free crypto libraries. http://www.eskimo.com/~weidai/cryptlib.html
www.rsa.com/smime/ 
www.ietf.org/html.charters/smime-charter.html
support.rsa.com/Standards_/standards_.html  

www.jgvandyke.com/services/infosec/sfl.htm  
www.fokus.gmd.de/ovma/freeware/snacc/
4a If the above point 4. turns out to be too easy..... do the following as a sweetener:

Develop an S/MIME based crypto Plugin for Lotus Notes.
Secure MIME (Multi Purpose Mail Extensions)  is the new (proposed) Internet standard for secure email exchange, developed by RSA.

Notes API, programming in Windows environment.
Learn how to apply crypto.
Results of James' work:
  • A prototype with encryption and signing, but without LDAP or key generation was built.
  • Problems: Baltimore SMT eval. Ver 1.1 didn't work. The VIM API was slow, the Lotus C API was designed for use with database handling facilites, key generaton was not part of the Entrust API.
  • Built using Visual C++ Version 6.0, Lotus C API, Lotus VIM API, Baltimore Secure Messaging Toolkit, Entrust Certificate API, Entrust File API and   Microsoft MFC's for the Win32/NT environment.
James Cooper of Dublin City University created a Notes 4.6 S/MIME client as part of his final year project, but had many problems with crypto libraries.
Finished June'99

Check out his site or home page.

5 Develop a PGP5/OpenPGP based crypto Plugin for Lotus Notes. Use PGP crypto libraries. Know PGP (another secure email standard) and Notes API, programming in Windows environment.
Learn how to apply crypto.
www.pgi.com
6 Develop a Perl module for S/MIME and/or PGP5 email signing/ decryption. Perl Modules already exist for actual crypto algorithms. Know PGP or S/MIME, program in Perl5.
Learn how to apply crypto.
See point 4. above
also. www.perl.org/CPAN/
7a Port SSH2 or SSH1 server to NT. Port leading edge public domain crypto software to NT.
Learn how to apply crypto.
sean's SSH notes
www.cs.hut.fi/ssh
www.ietf.org/html.charters/secsh-charter.html
www.zip.com.au/~roca/ttssh.html
7a Create a free UNIX SSH2 client/server. (SSH1 is free, but SSH2 only exists commercially so far) as above and www.OpenSSH.org the OpenBSD gang had this idea and have already implemented it.
7c SSH1: Add a secure file copy function to TTSSH would be very useful.. should not be too difficult.. sean's SSH notes
www.zip.com.au/~roca/ttssh.html
8 Build a VPN based on SSH2, IPsec or SKIP. Could be done in Java to maximise portability. for the ambitious www.skip.org           www.ietf.org
www.cs.hut.fi/ssh     www.OpenBSD.org
Linux IPsec VPN:
FreeS/WAN
9 Build a VPN server that provides RADIUS (or maybe only SecurID) authentication and Firewall  like rule access control. for the ambitious www.cs.hut.fi/ssh
ftp://ftp.merit.edu/radius/releases   ftp://ftp.livingston.com/pub/radius


Linux IPsec VPN: FreeS/WAN
Sun have done something similar with the i-Planet Webtop. See also www.iplanet.com/products/hosting_prod/webtop/index.html
 

 

10 Build a HTTP reverse proxy with SSL (Apache module) that also includes RADIUS authentication (or only SecurID) with session management.
Example drawing.
Learn Apache API, mod ssl, proxying, RADIUS, probably programming in Perl. www.apache.org
www.modssl.org
perl.apache.org
www.c2.net
ftp://ftp.merit.edu/radius/releases  ftp://ftp.livingston.com/pub/radius

see ACE.pm on CPAN
Angus Lee of City University of Hong Kong is planning to start a project (Aug.'99)
11 Build a (Java) tool for analysis of various firewalls logs, alerting, statistics etc. Web GUI for analysis of several logs. F1, Sunscreen, fwtk logs..
or maybe via Opsec: www.opsec.net
12 Extend ipfilter to be a real state based filtering engine (free). Low level packet analysis & network programming. cheops.anu.edu.au/~avalon/ip-filter.html ftp://coombs.anu.edu.au/pub/net/ip-filter/
13 Samba: Help with the development of the free UNIX SMB/NetBIOS file server. Contact the development team and see if you can get a module to complete. SMB, C, UNIX. Meaty stuff. Contribute to this great project which has produced Samba the SMB/NetBIOS client/server for UNIX.
SAMBA Web Pages
14 Apache: Help with the development of the leading WWW server (free). Contact the development team and see if you can get a module to complete. HTTP, Apache module API. www.apache.org  www.modperl.org
15 Port tripwire to NT.
It is used to see if any files or directories have changed on the system by checking file signatures using several algorithms.
C or Perl?, Win32, NT ftp://cert.org/pub/tools/tripwire

www.tripwire.org
This has been done in the commercial tripwire version, but it's not free..
16 Contribute to an OpenSource SSL project C/C++, PKI, crypto....
Ambitious
www.openldap.org    www.openca.org   www.openssl.org  www.modssl.org  
17 Contribute to the development of Secure operating systems www.OpenBSD.org
www.bastille-linux.org
18 Improve tcpdump tcpdump is a great packet sniffer for both UNIX and NT.
- A UNIX and PC gui could make it easier to use
- A unified version that understands SMB (file, printer, authentication), Microsoft RPC, SKIP, Ipsec, PPTP, SSH packets would be useful for network administrators.
- Support for dial-up networking on NT would be useful.
References. ftp://ftp.ee.lbl.gov  http://netgroup-serv.polito.it/windump/

Further reading

http://www.cs.hut.fi/crypto/ 
ftp://ftp.funet.fi/pub/crypt [excellent: a "must visit"]
http://www.counterpane.com/ [Schneier: Blowfish, Twofish]
ftp://ftp.psy.uq.oz.au/pub/Crypto/
www.openldap.org www.openca.org www.openssl.org www.modssl.org
[E.Young's DES, SSL & derivates]
http://www.systemics.com/  [cryptix Java, C, Perl]
http://www.eskimo.com/~weidai/cryptlib.html [Wei Dai's C++ lib]
http://www.cs.hut.fi/ssh/ [Tatu Ylonen's SSH]
http://cwis.kub.nl/~frw/people/koops/lawsurvy.htm [Crypto+Law]
www.rsa.com [S/MIME & PKCS]
www.baltimore.ie       www.sse.ie [Strong S/MIME products]
IT Security Cookbook  www.boran.com/security.
University Project pages:

Goto Boran.com