Re: Educational Security Assessment project for Northern Virginia Community College students.

[pete <lists () isecom org>]

Hi,

For $140US you can have a year of access to the internet-based ISECOM 
Hacker Highschool test network.  Check out 
http://www.hackerhighschool.org/license.shtml.  It's the same network 
concept we use for the OPST (OSSTMM Professional Security Tester) exam. 
 You can hack away without problem then.  Version 2 of the network will 
be released this quarter and that has a few new features that are great 
for classrooms (pedagogic mode shows you what attack you did).  And you 
can be sure of further development of ISECOM projects like the OSSTMM as 
that fee goes to support all ISECOM projects.

Sincerely,
-pete.

Djiali wrote:
> Good morning list,
> I'm a student enrolled in the Information Systems Security Certification 
> program offered at Northern Virginia Community College. This 
> certification is considered a specialization for students who already 
> have a degree in a network related field and have completed the course 
> load required for the InfoSec certification. The final course is an 
> independent study supervised by the most senior InfoSec faculty member. 
> The goal of this course is to offer students real world experience in 
> conducting a security assessment on a real company. The whole course is 
> structured to protect both the company and students from any 
> harm...we've had to sign an ethics contract with the college, and we 
> will have to enter into a contractual agreement with the company we 
> would be working with.
> As the team leader, I've decided to proceed using the OSSTMM methodology 
> for Information Systems (we're not going to try any war dialing, site 
> surveys, or try to enter the company's physical location). From our 
> side, we're going to conduct the port scanning, enumeration, and web 
> application testing on the live systems, but then take the "proof of 
> findings" stage into our test lab where we'll replicate the company's 
> production environment and attempt to exploit any holes we find. No harm 
> will be done to your production systems.
> Now for the dilemma part. As you can imagine, it's been a little hard 
> for us to find someone to work with...companys would rather leave their 
> holes undiscovered then have some students do identify them for free!! I 
> can't say that I blame them entirely...I don't know what I would do if 
> the tables were turned. This is why I'm turning to the list...I'm hoping 
> that if we can discuss the project with security folks who understand 
> what we're trying to do, we'd have better luck.
> In any event, if you think that you might help out a group of students 
> trying to break into the InfoSec world, please email me directly, I have 
> some preliminary project plans, the course syllabus which outlines 
> everything, and of course, the contact information for our professor if 
> you wish to contact him for validation.
> Thanks!!
> Wade