Jump to content

Recommended Posts

I am a security tester and I have been hired at a public school. What I'm wanting to achieve is to be able to access the school network from my home. I understand on connecting my computer and the turtle to a vpn.

Example:

«My home computer» > VPN > lan turtle > school computer > «school network»

Basically the goal is to plug the turtle (with the right modules)  into a computer and plug the Ethernet cord into the lan turtle. Then go home and access the network and do what I need to do.

Example:

Ethernet > lan turtle > school computer > school network

The questions are:

1. Does the host computer (the one with the turtle plugged in) need to be on?

2. Does the host computer being logged off matter?

3. Would my theory work?

4. How could I get a list of every user on the network (school systems are tricky, any user can be Logged in on any computer)?

5. Will it just be that school network or will I also access the entire county school network?

Share this post


Link to post
Share on other sites

From what i know the computer only needs to be plugged into a power source (turned on) and the network cable plugged in

That answers 1 & 2

4) You should be able to scan for ip address which may give you some names

5) I believe it will only give you access to the router its plugged into(unless you can hack the others)

 

Share this post


Link to post
Share on other sites

If you are hiring out your services as a security tester then 4 and 5 are things that you should know about and how to do already.

  • Upvote 4

Share this post


Link to post
Share on other sites

No we aren't...

Some people read books then go out and sell their services as testers and let people down. That reflects badly on the industry and can get clients into trouble if they trust bad advice or rely on faulty results.

Some people pose as testers to ask questions that they know if they asked offering their real intentions that they would be kicked off.

Some people are just hobbyists.

 

Someone who is a working pen tester would know how to scan a network to find user names and would know that you can't know what reach you have into a network without looking.

  • Upvote 6

Share this post


Link to post
Share on other sites

Good point

But you always have to start somewhere and schools in my opinion are a great start

Share this post


Link to post
Share on other sites

I'd say they are a really bad place to start. If you mess up the security for a school think about all the sensitive information that could get out, personal information for tens or hundreds of kids. Add to that the potential for grade changes and cheating by looking at papers and staff notes. A bad test for a school could be pretty disastrous.

  • Upvote 3

Share this post


Link to post
Share on other sites

Shadowing and having a mentor at the start of a career is vital I think. I mentor a few people and watching them go from no idea to be able to go out on their own is great. Also trusting them enough that they will ask for help rather than BS through things makes a big difference.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...