260 likes | 387 Views
Virtual Security Labs. Chao-Hsien Chu, Ph.D. Abdullah Konak, Ph.D. College of Information Sciences and Technology The Pennsylvania State University University Park, PA 16802. May 11, 2009. Presentation Outline. Overview: - The Special Needs for IA Education - Common Approaches
E N D
Virtual Security Labs Chao-Hsien Chu, Ph.D. Abdullah Konak, Ph.D. College of Information Sciences and Technology The Pennsylvania State University University Park, PA 16802 May 11, 2009
Presentation Outline • Overview: - The Special Needs for IA Education - Common Approaches - The Challenges - Motivations for VSL • VSL Implementation at UP / Demon • VSL Implementation at Berks /Demon • Lessons Learned • Questions and Discussion
The Special Needs for IA Education • Hands-on exerciseis a critical and integrated component of any effective information security education and training program. • Students are expected to experiment withsecurity softwarewithout worry that their experiment may impact other computer systems / students. • Students should be able to evaluate the security of differentoperating systems, attempt to compromise the security of computer systems, and install additionalsecurity mechanismswithout concern that their actions may affect other computers systems / students. • Security hardware (Firewall, IDS); Human factors; Defense-in-depth; Multidisciplinary.
IST 515: Information Security & Assurance IST 564: Crisis, Disaster & Risk Management IST 596: Individual Studies SRA 472: Integration of Privacy & Security SRA 468: Visual Analytics for Intelligence & Security IST 451: Network Security IST 452: Legal & Regulatory Issues IST 453: Computer Forensics Law IST 454: Computer & Cyber Forensics IST 456: Security & Risk Management Defense In Depth of Security • Plans • Risk analysis • Qualitative models • Quantitative models Feedback Prediction Prevention Detection Forensics Response Cai • Policy/Regulation • Firewall/DMZ • Access Control/VPN IST 515 SRA 468 Squicciarini Chu Liu Xu Bagby Bagby IST 452 IST 451 IST 453 IST 456 Liu Zhu SRA 472 • Scanner • IDS • Data mining IST 454 IST 564 Xu Chu McGill Chu
Common Approaches • Some instructors require students to complete the exercises using their own computers. • Lab experiences are typically conducted in anisolatedcomputer lab where security problems that may occur are unable to affect other computers on campus. • A common alternative is to develop avirtual networkenvironment using simulators: - Virtual Network System (VNS). - Use virtual machines (VM) to emulate the hardware of different computers in a network. • Virtual Gaming /Simulation (2nd Life)
The Challenges • The number of security related courses are increasing. • The number of students interested in SRA are increasing. • The physical space for security lab remains the same or reduced. • Difficulty in maintaining an isolated security lab to meet classes and students’schedules. • Need to accommodate commuter students. • Need to provide distance-learning education. • Lack of emulators for security hardware
Security Related Courses • IST 220: Networking & Telecommunications • IST 402: Emerging Issues and Technologies • IST 451: Network Security • IST 454: Computer and Cyber Forensics • IST 456: Security and Risk Management • SRA 111: Security and Risk Analysis (Introduction) • SRA 211: Information Security (Overview) • SRA 311: Risk Management • IST 515: Information Security and Assurance • IST 554: Network Management and Security • IST 564: Crisis, Disaster and Risk Management • IN SC 561: Web Security and Privacy
Distance Learning Programs • Associate in Science in Information Sciences and Technology. http://www.worldcampus.psu.edu/AssociateInInformationSciencesandTechnology.shtml. (IST 220) • Bachelor of Science in Information Sciences and Technology. http://www.worldcampus.psu.edu/BachelorinIST.shtml. (IST 220) • Master of Professional Studies in Information Sciences. Information Assurance and Decision Support Option. (Fall 2009). (IST 451, IST 454, IST 515, IST 554, IN SC 561) • Master of Professional Studies in Homeland Security. Information Security and Forensics Option (Fall 2010).
Motivations for VSL • Increasing advanced hands-on learningin networking and security courses (without sacrificing from content). • Making campus computing resources available to commuter studentsfor 7/24. • Providing hands-on learning experiences in a distance learning model. • Reducing lab hardware, software, and maintenance costs, and the need for specialized computer labs. • Providing an agile and secured computing environment.
Virtual Machine / Environment • Virtual machines are software emulations of fully functional operating systems such as Windows XP, Windows Sever 2008, and Linux.
ESX Server vslvc.ist.psu.edu VIC UP Architecture
IST 515: Penetration Test Labs • Lab 1: Security Policy • Lab 2: Footprinting. Whois, Nslookup, Dig, Ping, Traceroute. • Lab 3: Network Scanning. SuperScan, Netbrute, NMap. • Lab 4: Enumeration. LANguard Network Security Scanner, ENUM, SNScan. • Lab 5: Applied Cryptography. Hash, Vigenere Cipher, AE Block Cipher, IDEA Cipher. • Lab 6: Network Sniffing. Ethereal, WinCap. • Lab 7: Network Security Audit. NMap, Nessus. • Lab 8: Web Security. Social Engineering & Phishing • Lab #: Password Cracking • Lab #: Denial of Service
NMware Infrastructure Client student1; z7heMu=a student2; K9dehe-+ student3; p?u+haMa student4; wu7Et+=q student5; Su8*2Fru student6; 8RA+aGus student7; gA7enu@A student8; 2E!$A7uc student9; nup#speD student10; s4he&uWR student11; 54gUN-se student12; t2e!afRe student13; -Um5Mahu student14; &akUse8$ student15; 8rusTu#r
Lessons Learned • It allows students to gain hands-on experiences without the need of physically attending labs on campus. • Instructors can use the system in class to enhance teaching and discussion anywhere and anytime. • Assignments can be designed without limited by the available computing resources. • Students are able to experiment with security software without worry that their experiment may impact other computer systems. • Students can evaluate security of different operating systems, attempt to compromise the security of computer systems, and install additional security mechanisms without concern that their actions may affect other computers.
IST 454: Computer & Cyber Forensics • Lab 1: Data Acquisition – Imaging. • Lab 2: Forensic Analysis (EnCase, FTK) • Lab 3: Investigating Windows Systems • Lab 4: Data Hiding and Steganography. • Lab 5: E-mail Tracing • Lab 6: Hostile Code Investigation • Lab 7: Network Forensics • Lab 8: Mobile Forensics
SRA 221: Information Security • Lab 1: Keystroke Monitoring. SpyAgent. • Lab 2: Password Cracking. LC4. • Lab 3: Firewall Security. Cisco SDM • Lab 4: Encryption / Crypto. DES, MD5 • Lab 5: Vulnerability Assessment. Metasploit • Lab 6: Vulnerability Assessment. Nessus. • Lab 7: Intrusion Detection. SNORT.
Penn State Berks Architecture • Based on VMWare ESX Server .
Remote Access • Web Browser • VMware Client • Off Campus Access
Network Security Lab Settings Default Setting • Two Windows XP and One Ubuntu Linux • Loaded with security software • Web, FTP, Telnet. • ……. Optional Setting • Windows 2003 Server • Active Directory • DHCP and DNS • Certificate Server • Routing and NAT • …….
IST 402 Web & E-commerce Security (Fall 2008) • Bootcamp (3 hours) • Review of computer networking, basic skills, ... • Short Class Activities (10-15 min) • Encryption, Hashing, Digital Signatures,….. • Labs (30-60 min) • Web Server Admin, Certificates, SSL, IPSec / VPN, …. • Assignments • Certificates & HTTPS, Proxy Servers, SSH Tunneling,… • Term Project (Sandboxes) • Database Security and RADIUS Authentication
Demon: Certificates & HTTPS (Assignment) • Learning Objective • Describe how digital certificates and SSL are used for authentication and data confidentiality. • Activity Summary • Change lab settings • Create a certificate request for the web server • Request a web server certificate from a Certification Authority • Download the certificate • Install the certificate and configure the web server (IIS) for SSL • Test HTTPS • Capture and analyze SSL and HTTPS packets
Certificates & HTTPS Review Questions • What type of information could be encoded in certre.txt? Answer this question considering the content of a digital certificate. • Open the certificate that you just downloaded. You will have an unknown publisher warning. What is the reason for this warning? • Find and list the information about the publisher of the certificate. • What is the first three octet of your public key (in hexadecimal numbers)? • Can you use the certificate that you created in the Internet to provide data confidentiality and integrity between your web server and other client computers? Why or Why not? • Can you use the certificate that you created in the Internet to authenticate your web server to client computers? Why or Why not? What do you need to do so?
IST 402 Student Responses • “The virtual computer network gave me the opportunity to take the theoretical aspects of the course and make them happen in a hands-on environment.” • “It is a great way to have hands on with a linux server or other operating system virtually from home. This is a real interaction experience.” • “Access to software not available on student computers is awesome...” • “Very nice for experimenting on things that students could not otherwise do.”
My Observations IST 402 • Reduced time for each hands-on activity • Much more comprehensive activities • Less number of visits to the IT department • Higher quality term projects • Easy to maintain and update • Empowered students
Problems Multiple Servers Third party software • Slow at times (12 concurrent users) • Single point of failure • User administration • Scheduling and coordination
Thank You? Any Question?