1 / 30

Teaching Security Concepts Using Hands-on and Open Source Products

Teaching Security Concepts Using Hands-on and Open Source Products. Cristian Balan, CISSP, CHFI Program Director and Assistant Professor Computer and Digital Forensics Champlain College Burlington, VT.

hachi
Download Presentation

Teaching Security Concepts Using Hands-on and Open Source Products

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Teaching Security Concepts Using Hands-on and Open Source Products Cristian Balan, CISSP, CHFI Program Director and Assistant Professor Computer and Digital Forensics Champlain CollegeBurlington, VT Consortium for Computing Sciences in Colleges (CCSNE) Northeastern Region Conference– April 2009 at Plattsburgh State University

  2. Objectives • Discuss motivation behind Free and Open Source and hands-on activities • Applicability and portability of skills • Requirements for IPCop • Training and Teaching Model • Security concepts and open source implementations • Collaboration and possible further development

  3. Motivation – Hands-on • Some history • Came back to academia in 2007 after 5 years of consulting in system administration, security and digital forensics • Found junior students in Computer Networking and Information Security to have a great deal of knowledge but lacking security skills • Student had little experience in configuring security • Most of them had configured workstation and servers but not security devices • Markeatability of their skills at the entry level

  4. Motivation – Free and Open Source Software (FOSS) • Easily implemented • Readily available documentation • Just Google “IPCop installation” • Hardware requirements are minimal • Students might already use Open Source products • Flexibility when it comes to level of intricacy • Match to students skill level • Expand from LAN to WAN (scalability) • Let’s not forget the financial implication of any new project in the classroom

  5. Motivation – Free and Open Source Software (FOSS) • Larger more social motivation • Free Software Free Society • Richard M Stallman • Its an academic imperative to promote • Sharing • Research • Understanding • Collaboration

  6. Applicability and portability of skills • Students can port the skills to their home networks • Provide better security • Free remote access • Introduce network monitoring and analysis • Can be easily implemented to small to medium size business • Transition from tech support and desktop support to providing security • Can start peering and interconnecting their home networks • Create larger pseudo networks – start to experience enterprise environment

  7. Basic Start and Requirements • One Pentium II or III older tower computer ($25 at recycle store or free from IT Department) • Keyboard • Monitor or use existing classroom LCD (once configured – use web interface) • 128 MG or RAM (will run on 64MG) • 3 PCI slots • 3 standard Network Interface Cards (Linksys, Intel, 3COM). • Must have built-in drivers in Linux • $3.50 each at recycle store or free from IT Dept • Can have a firewall with only 2 NICs • Cross-over cable (students make) • Switch or hub

  8. Basic Start and Requirements • CAT5 cables (students make) • Internet access • Either static or DHCP address • DNS server names • Gateway • More sophisticated setup • 2 port KVM switch • Don’t have to unplug monitor or LCD from lab workstations

  9. Basic Start and Requirements • Download IP Cop ISO • Burn CD’s • Ensure CD-Rom on tower computers work • Have students either use lab workstation or personal laptop to connect behind the Firewall • Build IPCOP Firewall • 20 minutes • Test connectivity and troubleshoot – 10 minutes

  10. Installation http://www.ipcop.org/1.4.0/en/install/html/decide-configuration.html

  11. Training and Teaching Model • Introduce the topic • “How many of your are familiar with the concept of Defense in Depth?” • Discuss the topic to gage current knowledge • “What does it mean?” • Always come around to implementation • “How do you implement defense in depth in your home or small enterprise?” • “What are some of the fallacies regarding a firewall?”

  12. Training and Teaching Model • Present terminology and topics • Short 20 minute lecture • Always ask implementation questions of the students • “How do you currently firewall your home network?” • Perimeter defenses • Firewall concepts • http://www.nycomputernetworks.com/sec/firewalls.htm • How many types of firewalls are there • Packet inspection or packet filter • Proxies or Application Level Firewalls • Host based as opposed to border firewalls • Requirements for firewalls • Hardened OS • The concept of a Bastion

  13. Training and Teaching Model • Hands-on and lab portion • Make it meaningful • They can not connect to the internet with their workstation until the firewall is properly configured • They can not download the lecture or assignment until they configure the firewall successfully • One student configures the class firewall • Each student configures his or her own firewall • Collaboration • Once a student finishes he helps others that are struggling • If you have different skill levels in the class create groups of two students

  14. Training and Teaching Model • Don’t hand out step-by-step • Students search for instruction and “how to” on the Internet • They can use peers already established connection to find troubleshooting steps • Open Source has a great deal of documentation and troubleshooting guides on the Internet • After all students have successfully configure their security bring discussion back to main topic • “How is our IPCop firewall going to provide perimeter security?” • “Are we missing anything?” and “Is this all we need?” “Do we have perimeter security?”

  15. Training and Teaching Model • Leave ample time for questions • Students will quickly go beyond the scope and start researching the IP Cop firewall while still in class • Students ask questions about setting it up at home or their dorm room immediately after the classroom setup • If you have enough computers allow students to take the tower home (sign it out) and bring back to next class • Have additional information prepositioned on the web if they are going to work on their own • http://www.nycomputernetworks.com/sec

  16. Training and Teaching Model • Assessment • Place Midterm or Final behind a firewall and students have to setup successful VPN connection to retrieve it • 30 - 50% of the grade from successful implementation of FOSS • Final Paper or Project – add or implement additional security features and provide data and analysis • Encourage group work – small groups of 2 students work best

  17. Security concepts and open source implementations • Just about every implementation of security has an open source project • Firewall Rule Set - IPTables • VPN – OpenVPN and Zerina • Authentication – OpenRADIUS • DMZ - can use IPCop to setup (“orange” NIC) • Monitoring – NAGIOS and Net-Traffic • Intrusion Detection (IDS) – SNORT • Intrusion Prevention (IPS) - Guardian

  18. Security concepts and open source implementations • Monitoring - NAGIOS • Intrusion Detection (IDS) – SNORT • Proxing – ADVPROXY • URL Filtering – URLFILTER • Cashing of commonly accessed content – UPDATEXLRATOR • Log file analysis – Calamaris

  19. Security concepts and open source implementations • Traffic Control – TrafficControlAndReport • Mail Proxy – POPFile • Wireless Security – OpenWRT and Tomato on Wireless Router with OpenRadius on “Blue” NIC on IPCop • File Integrity – Tripwire • Notification - Logsend

  20. Advantages of FOSS Tools • Software availability and accessibility • Efficiency – easy and quick setup as opposed to learning proprietary OS or GUI • Optimizing and Customizing • Support communities • Ideal for academic/lab setting • No need for specialized equipment Adapted From Bruce Nikkel presentation Sep 26, 2005 Retrieved at http://digitalforensics.ch/

  21. Advantages of FOSS Tools • Can setup lab with existing equipment • Desktops and laptops • Information can be freely downloaded and formatted for the classroom • Easily adapted for current Information Assurance and Security curriculums • Student can continue their learning and experimentation at home

  22. Site-to-Site VPN Setup (Net-to-Net) • Time permitting demonstration • http://www.ipcop.org/1.4.0/en/admin/html/vpnaw.html

  23. Road-warrior VPN (Host to Net) • Time permitting demonstration • http://www.ipcop.org/1.4.0/en/admin/html/vpnaw.html And more detailed Zerina and OpenVPN collated instructions at http://www.nycomputernetworks.com/sec/OpenVPNInstructions.doc

  24. Success Stories • Students run IPCop to protect their home networks • Students have installed IPCop firewalls for local small businesses • Students VPN into their home network to get files securely • Students setup VPN between their IPCop firewalls for secure gamming • Students analyze logfiles and discuss current trends • Students submit logfiles to Dshield and contribute to the open source Internet monitoring and security • We protect our DF Network with IPCop • We can provide services for our students without interfering with the school IT network – our student VPN in • The presenter uses IPCop for remote access with local law enforcement and small to medium size business

  25. Collaboration model for FOSS • Establish FOSS Academic Users Group • Establish online environment to collaborate • Newsletter • Share stories at quarterly meetings • Conduct half-day or full-day training workshop for faculty • Provide expert consulting and POCs for questions • Initiate formal research in student learning using FOSS • Publish successes in Journals and at Conferences • Already existing The Open Source Academic Advisory Consortium (OSAAC) but thinking more of a users group along the lines of Linux Users Groups (LUGs) • If interested, contact the presenter • Cristian Balan at balan@champlain.edu

  26. Conclusion • Open source is both affordable and feasible • Can find a wide range of tools to teach many security concepts • Training in Free and Open Source Software Tools raises the skills and knowledge of the student beyond that of proprietary software • Model for teaching with FOSS is hands-on and student driven • Establishing a community and collaboration is the model for FOSS

  27. Questions

  28. Contact Information Cristian Balan, CISSP, CHFI balan@champlain.edu balanc@nycomputernetworks.com (518)569-1423

  29. References • IPCop Official Site – http://www.ipcop.org • Free Software Free Society: Selected Essays of Richard M. Stallman, GNU Press • Computer Forensic Tool Testing – National Institute of Justice - http://www.ojp.usdoj.gov/nij/topics/ecrime/cftt.htm • The two-edged sword: Legal computer forensics and open source - http://software.newsforge.com/software/05/04/05/2052235.shtml • http://www.forensicfocus.com/ • The Pros and Cons of Free and Open Source (FOSS) Software - http://209.85.165.104/custom?q=cache:KpOW9WiagY8J:www.china-forensic.com/downloads/bj.pdf+digital+forensics+tools+open+source&hl=en&ct=clnk&cd=21&gl=us • Is the Open Way a Better Way? - http://csdl2.computer.org/persagen/DLAbsToc.jsp?resourcePath=/dl/proceedings/&toc=comp/proceedings/hicss/2007/2755/00/2755toc.xml&DOI=10.1109/HICSS.2007.301 • Open Source Digital Forensics Tools: The Legal Argument (2002) – Brian Carrier paper http://citeseer.ist.psu.edu/540970.htm • Forensic Tools - http://www.opensourceforensics.org/tools/index.html • Brian Carrier's Digital Forensics Research - http://www.digital-evidence.org/ • Bruce Nickel's Computer Forensics Home Page - http://digitalforensics.ch/

  30. References (continued) • OpenVPN Serverhttp://thinkhole.org/wp/2006/03/28/ipcop-openvpn-howto/ • OpenVPN Server Configurationhttp://www.zerina.de/?q=documentation/howto-roadwarrior • Presenters Personal Website • http://www.nycomputernetworks.com • http://www.nycomputernetworks.com/sec • http://www.nycomputernetworks.com/df • The Open Source Academic Advisory Consortium http://rhetoricalcommons.org/OSAAC/

More Related