I do IT for a school that serves highly gifted students. My boss and I have vastly differing philosophies on network security. She believes that our students should be allowed to hack our network and computers because theyre going to do it anyway, and theyre going to make those mistakes in an environment where they can be guided by caring teachers rather than doing it in the real world. She has a valid point, HOWEVER legitimate educational use of our technology is highly compromised (80% downtime before I was hired), legal issues beyond our school have come up, and I waste countless hours fixing things. My philosophy is to lock down the servers, wrap them in rebar, then dump concrete over everything (not literally of course!) Im not going to win a verbal battle on this issue, so Ive come up with a compromise. Id like to break the network into multiple VLAN tiers with diminishing privileges. Staff on the top, WIFI guests on the bottom. Before doing that, Id like to white hat hack the current network, especially the admin computers with grades, etc., and get a feel for what our current student hackers are seeing. Next, Id like to put together a dummy server running multiple vms posing as vulnerable servers and admin computers. This would be on the lower privilege VLAN tiers that students have access to. Essentially it would be a high interaction honey pot. I dont want to make it too easy to hack, but easy enough that the students feel a sense of accomplishment when they finally break in. Most of all, I want this system to keep specific logs of hacking activity so we can monitor who is doing the hacking and collect evidence for when we nail them. I dont ever want the students to know we are using a honey pot. I want them to completely believe that they are actually hacking, but I dont want them to touch our legitimate equipment. Our students are very resourceful and likely know more about hacking than I do. Other than mimicking our current network, are there any open source honey pot applications designed for what Im trying to accomplish? Are there any legal or moral issues I need to know about regarding honey pots? I can already see an irrational parent being upset that we baited their kid into hacking the network. Its possible that one of my students may be reading this. If you are, then know that even with a honey pot, it is possible that you may have hacked into a legitimate server. I cant patch 100% of the holes. Nobody can. Point is, you dont know if youre firing a real bullet or a blank. The intent is the same, and thats how we will deal with you.
Posted on: Sat, 22 Mar 2014 13:14:55 +0000
Trending Topics
Recently Viewed Topics
© 2015