Hi all,
Currently in my second year of a computer networking university degree. For our third year, we need to do a project of our choice, which needs to be related (in some way) to networks.
One idea I had and am quite keen on doing is to run a honeypot/honeynet, made up of a couple of servers (Windows + Linux), and a couple of Windows workstations. I'd analyse portscans that are made against the external interface of the router, see which ranges are most commonly scanned, that sort of thing, and try to find relationships between scans and subsequent attacks (e.g. smaller/targeted scans might be more likely to turn into an attack than full-range scans).
I'd also run it in stages security-wise, running with practically no security, all the way to 'Fort Knox' level - to try and raise the bar of attacks that are made against the honeypot. Full logging on all devices, as well as an invisible packet capturing machine to make sure I get a copy of 'everything'.
The network would be emulating a typical small business network, so a bit of Active Directory, something web-based on the Linux server, maybe a basic intranet site. I'd be looking at when attackers get in, what do they go after first - workstations or servers, where do they look for data to get further into the network, or do they try and launch attacks against other networks? I'd be limiting this last one with a strict firewall, plus I'd be keeping an eye on the attacker where possible so I could cut them off if needs be.
Whilst that project would be good to do, it might not be successful (although I highly doubt I wouldn't get any attacks...). Is there anything else that people think might be worthwhile looking into? It can be literally anything network-based.
Skill-wise, I'm mainly a Windows guy, with some reasonable (Debian) Linux experience. Have experience with VMware, but never had the opportunity to run a dedicated server. Also have some experience with AD and other WinServer roles. Used Spiceworks a bit too (hence why I'm here!). Cisco I'm OK with, good marks on CCNA1 and am doing well so far with CCNA2. I can code PHP/MySQL pretty well (so I think), I could link that in perhaps for some sort of web interface to an application.
It doesn't have to be a research project (like the honeypot), it can be a development one (such as programming an application to do something network-based), so I'm open to anything really. I saw something on another thread about analysing users for suspicious activity (such as suddenly logging in overnight, logging in from overseas, simultaneous logins) - apparently there didn't seem to be much in the way of low-cost/open source software to do this. If someone pointed me in the right direction for where to find relevant data, I'm sure I could work something up in PHP?
I look forward to seeing what people think!
James