For this section of my portfolio I highlighted two interesting exercises I performed. The first was using the network sniffing tool Wireshark to capture email packets on the network. The second was a scanning a web site for vulnerabilities. Without explicit permission to do so, both of these activities could be considered unethical, and in some cases even illegal. However, for NetOps/SecOps professionals, having the knowledge and proficiency with these (and similar) tools is a necessity for the job function.
Let’s consider each of these exercises and the lessons learned from them.
Packet Capturing with Wireshark:
Wireshark is an open source tool that captures network packets. As I found in my exercise, capturing network traffic can reveal sensitive data. In my case, I was able to capture email messages including the message content. As you could imagine, this tool could be extremely helpful for an individual looking to analyze network traffic in hopes of extracting sensitive data. As such, the use of network sniffers like Wireshark, is often considered nefarious. My company, for example, has an employee policy in place that bans the use of network sniffers.
Wireshark, however is a very useful tool for professionals that are authorized capture network traffic. It can be used examine and troubleshoot network/connectivity problems. It can be used as a debugging tool for network applications. It can also be used for security purposes – for example to identify unprotected data on the network. For my exercise, I purposely removed the email encryption options. The result was the ability to read, in plain text, entire email messages. This exercise pointed up just how insecure many applications can be.
This was a valuable exercise as it enabled me to learn about the tools available to perform vulnerability analysis of a target system. This should never be performed without the explicit permission of the target owner. This was one of my favorite exercises. Doing some very basic scans with widely available tools revealed a tremendous amount of details from the target system. The tools I used are the same tools used by both security professionals and hackers alike. From the security perspective, these tools are extremely value in helping to assess the security posture of corporate systems. These are the some of the exact tools that hackers automate and utilize to perform reconnaissance and exploits on target systems.
Both of these exercises have equipped me with enough skill and practice to potentially get into trouble. While these tools can be used for nefarious purposes, they have tremendous value to the security professional and are an essential part of the White Hat’s toolkit.