Security Tactics for Servers and Wireless Networks

MWK4 Half-Day Workshop: Using Ethical Hacking to Improve Your Security

August 20th, 2012

2:30pm - 5:30pm

Level: Intermediate

Doug Warden



Southern Alberta Institute of Technology

Ever wonder how difficult it would be for a hacker to steal a password or gain access to a server? What could someone do to your server if they got unauthorized access? Let's try it on our own machine and find out!

The answer depends: sometimes it is jaw droppingly easy for an attacker, and sometimes it's much more difficult than people think. Wouldn't it be useful to know when it's easy and when it's hard for attackers so you could focus your security actions on the low hanging fruit? This type of a session will give you a lot of information about what you need to worry about.

We'll look at a number of methods that you can use to test the security of your systems and evaluate how secure they really are. We'll look at things like; local password cracking, reverse bind shells, man-in-the-middle attacks, dumping cached information, and capturing credentials on the wire.

Taking what we can learn from doing this, we can then take a look at simple and (often) free solutions to improve the security of your network. Let's face it, your security will never be perfect, but there are many simple things you can do to make it better. The most important tools you need are probably already in place, you just need to understand the risks and how to configure those tools to protect yourself.

You will learn:

  • See a demonstration of ethical hacking tools that can be used to check the security of your systems. This will allow attendees to become aware of tools that attackers can use and how available they are.
  • Discuss the theory behind these attacks - why they work, and what you can do about it. In understanding what makes an attack possible, it provides a roadmap for what needs to be done to protect yourself.
  • We'll generate a practical list of security actions which can be done on your network after the conference based on what we learn. Most of these things are simple and cheap to implement and can provide instant improvement on the security of your network.