Using a Wiki for Security Analysis

I took a class on the NSA INFOSEC Assessment Methodology. In this class it goes over a methodology for testing a company's security posture from a broad perspective. We're talking about top level down from physical security to following standard operating procedures to ensuring a company has all the proper policies in place. There are 18 main classes and categories that are looked over and more can be added if need be. I found it difficult to really coordinate all that information between a team. So to make it easier for everyone to see what everyone else is doing, I choose to setup a Wiki.

For the security professionals out there, posting all your security findings about another company on the Internet makes you cringe. Besides leaking a bunch of material an attacker would have fun with, the legal ramifications would leave me living in a cardboard box. That's why I decided to set this all up on my personal network and use SSH with key based logins to get this all setup.

Using the DD-WRT firmware on my Linksys WRT54GL router I was able to setup an SSH server that only allowed key based logins. Once I got everyone's public keys entered into my router I explained how to connect to my network using a free sub-domain provided by no-ip.org and use ssh port forwarding to let my teammates simply enter http://localhost/iamwiki into their browsers. Very basic stuff when it comes to ssh. So, why does this make it easier?

The advantages of using a central Wiki are tremendous. Each teammate can enter their own findings and create pages for each document, or if you were doing pen testing you could use pages for IPs scanned and ports found open. Once someone has entered their information, the next teammate will review this information and probably come up with other findings based off your own through brainstorming. This leads to a more thorough security analysis and a more satisfied customer.

Another huge benefit is teammates no longer need to meet in person. You could setup a TeamSpeak, Ventrilo, or even Skype calls and all look over your findings together. The best part is this entire thing can be secured by sending it over your SSH tunnel which is a great way to encrypt all your traffic and prevent any attackers from gaining information.

Next semester I'm taking a class on NSA INFOSEC Evaluation Methodology which will give me hands on vulnerability scanning of a real company. I plan on setting up a similar system for that class because of how much this Wiki has helped me coordinate.

If you're looking for more information on how to setup a similar system, leave a comment or contact me. I'll be glad to help you out.

Tags: