Whether you're an IT student or have been in the field for many years, the learning never stops, especially in regards to security. Hackers are discovering vulnerabilities in our software and systems 24/7. They'll always find new ways to steal data, infect computers and wreak havoc in the digital world.
Even if security isn't your IT specialty, security awareness is crucial in any technology position. Hands-on experience is the best way to learn, so here are several projects for you to try. All can be performed at home on your personal devices or at work—if (and only if) you have an appropriate position and full authorization from management.
That bears repeating: Always get full permission before performing these projects on someone else's computer or network, or else stick to using your own equipment. Several of the techniques covered here are used by hackers and could land you in hot water if you try them without authorization. That said, they have good purposes as well, giving you the ability to audit the security of your network and other tech equipment.
Beginner
Project 1: Perform digital forensics by recovering deleted files
Digital forensics is a branch of forensic science dedicated to data recovery and investigation of tech devices. This includes finding the source of intrusions, identifying the damage done by them and mining for information to aid in legal and criminal matters. Retrieving deleted data is one major aspect of a digital forensic professional's job.
Recovering deleted files from a computer or storage device can give you a taste of digital forensics, while also showing you firsthand why data security is so important—a thief could do the same thing to get sensitive info off a stolen device.
There are many free and open-source file recovery tools you can use. Recuva is a GUI-based free commercial product for Windows. is a command-line open-source offering for Windows, Mac OS X and Linux. For GUI-based software in Mac OS X, consider the freeware Disk Drill. The GUI-based tools are naturally more intuitive to use for beginners, but the websites for all three products provide extensive step-by-step instructions.
For a comprehensive set of digital forensics products that let you not only retrieve data but also examine multiple file systems, create registry timelines, perform memory image analysis and more, check out the free SANS Investigative Forensic Toolkit (SIFT).
Intermediate
Project 2: Use PGP encryption for securing email and sharing files
As you likely know, encryption plays a major part in data security. Highly sensitive data, such as Social Security numbers, credit card details and documents containing trade secrets, should be encrypted during the data's transmission as well as in storage and backup.
There are many different encryption types and products available. PGP (Pretty Good Privacy) encryption is widely used for securely exchanging email messages and files with others.
PGP encryption uses a public and private key scheme. When you want to send PGP encrypted emails or files to someone, you must first get their public key in order to encrypt the data. When encrypting, you choose whom you'd like to be able to decrypt the data, and only those you designate can do so. When those specified people receive the data encrypted with their public key, they use their private key to decrypt it.
The opposite applies when you want to receive encrypted emails or files: You give your public key to the sender so they can encrypt it, and then you use your passphrase-protected private key to decrypt it.
OpenPGP is a widely used open-source PGP encryption standard. Two excellent free OpenPGP-compatible programs that you can use to generate public and private keys as well as encrypt and decrypt email are Gpg4win for Windows and GPG Suite for Mac.
Project 3: Use file or full-disk encryption
File and full-disk encryption are most useful for securing data that a single person will store, access, transfer or back up. (Sharing encrypted files between multiple people, using PGP, was covered in the previous project.)
File encryption is useful when you need to keep a select number of files or folders encrypted. Most file encryption products work by creating a single encrypted container file protected by a password; you open the container file with the encryption software to add, remove and access files within. This encrypted container file can be stored on a flash drive, sent via email or transferred by other means, but both the encryption software and the password are needed to open it.
Full-disk encryption, on the other hand, encrypts all files on a computer or storage device, which helps ensure that no data will be recoverable by a thief if the device is lost or stolen. This includes sensitive documents in addition to other types of data that would be vulnerable when using only file encryption, such as browsing history, stored passwords and deleted files. Note, however, that you still need to use another encryption method, such as file encryption, if you want documents encrypted when transferring them.
Consider playing around with both file and full-disk encryption. Try VeraCrypt, freeware that supports both types of encryption on Windows, Mac OS X and Linux.
Read more: How to create a risk register
Another option for full-disk encryption is to use Microsoft's BitLocker feature, included with the Ultimate or Enterprise editions of Windows Vista or 7 and the Pro or Enterprise editions of Windows 8 or 8.1. For more info and help, see "A beginner's guide to BitLocker, Windows' built-in encryption tool."
Mac OS X also has native support for full disk encryption via the FileVault 2 feature included with Mac OS X 10.7 Lion and later. For more info and help, see "Complete guide to FileVault 2 in Lion" for encrypting the system drive or "Encrypt any disk in Mountain Lion" for encrypting non-system drives.
Warning: Be careful not to encrypt yourself out of your own data. Most encryption products offer a backup key feature; be sure to use it and store your backup key safely so you'll be able to decrypt your data if you forget or lose the original credentials. Also, don't forget about backing up your important data securely (and encrypting the backup). Even though encryption protects against data recovery by thieves, without a backup you'll lose the data if the device becomes lost or stolen.
Project 4: Perform vulnerability scans
Vulnerability scanners can be great tools to help you learn about security—and to help secure networks, websites, servers and individual computers. They search for and report on specific security holes that can be taken advantage of by hackers, malware and other threats. There are scanners for just about all of the vulnerable points in IT.
Online port scanners can look for ports in your firewall that are left open to the Internet, giving hackers a way in. Scanners designed for auditing websites and databases can look for vulnerable web-based applications and holes that leave the site open to hacking, code injection and other attacks. Network-based and downloadable PC scanners can look for security holes on servers and computers, such as missing software updates and insecure settings that can make them susceptible to attacks.
These scanners can help check the security of your computers and network, likely coming up with some vulnerabilities you might have overlooked or never knew existed. Most of the tools below are free, although some offer limited functionality or limited trials for free. The online port scanners and website/database scanners support all major platforms; some PC scanners have limited OS support, as noted below.
Online port scanners:
Website and database scanners:
- Websecurify
- Qualys FreeScan (also offers network/computer scanning)
- Scan My Server
-
Vega
PC scanners:
- Secunia PSI (Windows)
- SecureCheq (Windows)
- Microsoft Baseline Security Analyzer (Windows)
- Nessus (Windows, Mac OS X and Linux)
Run some scans and review each checked item, investigate those you don't understand, and try to fix any issues. For further info on network scanners, see "6 free network vulnerability scanners."
Advanced
Project 5: Practice penetration testing or ethical hacking on your own network
Penetration testing (known as "pen testing" in security shorthand) or ethical hacking can help you gauge the security of your website, firewall, network or whatever you're trying to penetrate. Thinking like a hacker can help you identify security holes that need to be fixed. It can also be a great learning experience to see different vulnerabilities and just how someone could take advantage of them.
Read more: How to protect your smartphone from hackers.
In Project 7 from "Free and cheap ways to learn about network administration" I discussed a few specific hacks and tools, but here are a few more you might want to try:
-
Use a bootable rescue disc or USB drive, like Hiren's BootCD, to bypass Windows and access the hard drive and files on the computer via the bootable operating system. For bypassing Mac OS X, consider using DasBoot to create a bootable disc.
-
With a Windows PC, use the offline password recovery tool from Hiren's BootCD to remove or reset the Windows password; then you can start up Windows to access the full computer. With a Mac, reset the password by booting from the Mac OS X install disc and opening the Reset Password tool. (In fact, you can reset a Mac user's password in single user mode even without an install disc.)
- Perform password sniffing, login hijacking and other attacks with Zimperium's zANTI 2.0 and a rooted Android device. The company's Resources page has videos and other materials.
Project 6: Play with firewalls and UTM software
As you may know, a firewall is one of the most crucial security points in a network, protecting the network from unauthorized access to and from the Internet. Firewalls typically include routing and other basic network server functions as well. Additionally, many also include what is referred to as Unified Threat Management (UTM) functionality, which provides further network protection, such as antivirus, anti-spam, captive portal options (which require users to interact with an intermediate Web page, often a login page, before they can access the Web) and content filtering.
Consider installing, configuring and playing around with a firewall or two. Learn what each function does and how it protects. Perhaps use vulnerability scans and penetration testing as discussed in other projects here to test and tweak your firewall configuration.
You could download a Linux distribution and play with IPtables, a command-line firewall used in most Linux server and workstation distros. A basic open-source standalone firewall option is IPCop, designed for home and small office use. pfSense is a more feature-packed open-source firewall designed for homes or businesses.
Additionally, there are many vendors, including Untangle, Endian, ClearOS and Sophos, that provide both commercial and free editions of UTM firewalls.
Network emulators or simulators are a way to gain firewall and general network experience using other popular commercial products, such as those from Cisco or Juniper. See Project 6 from "Free and cheap ways to learn about network administration" for more information.
Project 7: Set up an intrusion detection system
An intrusion detection system (IDS) is complementary to a firewall. A firewall offers protection similar to, well, a wall around your network; you can designate certain TCP or UDP ports where only specific Internet and network traffic can go through. Other ports and traffic are blocked, but a basic firewall will not alert you to break-in attempts or stop unauthorized traffic from getting into the network through other means. An IDS, on the other hand, is like having security guards placed around the wall and inside the restricted area to detect and stop numerous other threats.
Though there are IDS-specific software and appliances, some firewalls have built-in IDS functionality as well. IDS functionality can be as simple as a router's firewall sending email alerts when a high number of packets are blocked or as advanced as automatically blacklisting an IP that's sending suspicious traffic.
Also, many business- and enterprise-class wireless access points include some type of IDS functionality for the wireless portion of the network. Most detect and alert for rogue access points, while some may monitor the airwaves for evidence of other penetration and hacking attempts.
Take a look at your firewall and wireless gear and experiment with any IDS functionality. Perhaps configure the IDS settings and then attempt to trigger alerts by performing penetration testing, ethical hacking or vulnerability scans to test out the IDS. (See Project 3 in "Free and cheap ways to learn about network administration" for tips on getting your hands on a business-class wireless AP.) You might also want to experiment with third-party IDS software such as Snort, Suricata or OSSEC.
Next steps
For additional reading and resources on IT security, check out the SANS Institute website. For a great listing of security-related tools, stop by SecTools.org.
This story, "Your guide to compliance in the cloud" was originally published by Computer World.