Hacking Defense and Recovery Report

During the two-week hacking period, class members and others are
invited to try to hack into your team web server.  The restriction is
that attackers cannot physically touch your machine.  That would be
too easy.  It is a simple matter to reboot the machine, bring it up in
single-user mode, and obtain root access.  In the real world machines
are kept in locked rooms because physical access is almost always
sufficient to allow someone to compromise the machine.

They will attack through the network.  There are two types of attacks.

Class A: Change something important, such as their web home page, or
such as creating an account for yourself on the target server.  Your
change must clearly identify you as the intruder.

Class B: Learn something important, such as the contents of their
password file, or one or more of their CGI scripts, or one or more of
their database tables.

You must prevent them from getting in.  If they do get in and mess
something up, you need to fix it.

At the end of the testing period, you must submit a report to me
telling of all hacking attempts and successes.  You must tell what
things you are doing to foil the attackers.  You must also attack
other servers yourself.  During the testing period you must keep good
notes so you can write the report.

You are responsible for attempting at least one attack on each other
server.  You must describe your attack in your report.  The attack
need not be successful, but you should try to make it successful.

You will be graded on the number of attacks against you that are
successful.  The more that succede, the worse your grade on this
assignment.  You can also lose points for failing to make an attack on
each other server.  You must bring your server back up to full
functionality after a successful Class A attack.

In real life, this is not a win-win situation.  Sadly if you never
fall, you don't win anything.  That is status quo.  But if you do
fall, then it looks bad.  Ouch.  Be careful.