1. Look at Top Tools at http://www.insecure.org/tools.html
See if there are some ways to add to one of the tools. If a tool needs some added functionality or
You can write a tool of your own that is a simpler version of one of the tools at this site.
2. You can do measurement of different things with some security tools.
Add rules to an open source IDS or firewall to see how much slower it runs
Could you generalize the rules in some way or optimize the rules so it is better
So, it uses fewer rules and still catches the attacks it is supposed to detect
Come up with an interesting way to analyze network traffic
Characterize the traffic for percentage of FTP, Telnet, SSH, HTTP etc.
How much of the traffic is malicious - scans or other types of traffic Do a statistical analysis of the traffic over time. Lots of ways to statistically analyze the data.
3. Write a VPN. Use an existing firewall product and see if you can implement a VPN within it
Use some existing form of encryption or transform the data in some way.
Write an application proxy for the VPN to verify it is sending correctly encrypted data.
4. Forensics Analysis. Come up with a way to do forensics analysis of your system.
If you are using existing tools, engineer an attack and do a complete evidence gathering.
Could maybe write a script or interface to coordinate several tools and present the data
Could come up with a way to rank the importance of the data and warn the user not to destroy
certain types of data in order to preserve system evidence.
1. Do a security survey of some group. First have a hypothesis about the survey results
Try to pick a group that will be likely to answer your questions.
Naive users, power users, system administrators, women or men
Compare and contrast their ideas of security if doing more than one group
2. Actually perform some type of social engineering exercise. Be careful with this!
Can't get their ID/password but do something else that gets them to reveal information
Compute your results. Can also do this for a group comparison between several of the above groups.