1 / 24

Laboratory Based Courses on Internet Security

Laboratory Based Courses on Internet Security. Prabhaker Mateti Wright State University Dayton, OH 45435 NSF DUE-9951380. Goals. Teach security improvement techniques Explain how exploitable errors have been made in the development of software. Raise the level of ethics awareness

johnavon-gavin
Download Presentation

Laboratory Based Courses on Internet Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Laboratory Based Courses on Internet Security Prabhaker Mateti Wright State University Dayton, OH 45435 NSF DUE-9951380

  2. Goals • Teach security improvement techniques • Explain how exploitable errors have been made in the development of software. • Raise the level of ethics awareness • Bring attention to legal issues

  3. Term or Semester Course • Ten or 15 weeks • Lectures on topic one per week • Lectures on experiment one per week • Lab experiments one per week

  4. Short Course • 3-days, 18 hrs, 6 lectures • Five experiments

  5. Currently Available Material • “There is an oceanic amount of material on network security available over the Internet.” -- A Web Page. • COAST http://www.cerias.purdue.edu/coast/ • Ronald Rivest, theory.lcs.mit.edu/~rivest/crypto-security.html • Avi Rubin, www.cs.nyu.edu/~rubin/courses.html • …

  6. Text Books on Security • Many text books, > 100 • Chapman and Zwicky 1995 • Cheswick and Bellovin 1994 • Cobb 1996 • Garfinkel and Spafford 1996 • Kaufman et al. 1995 • Stein 1997 • Stallings 2000

  7. What We Are Developing • About 30 lectures, 75 minutes each • About 15 lab experiments, 2 hours each • A Support web site Lab Courses on Internet Security/ pMateti@cs.wright.edu

  8. Title Summary Educational Objectives Background Information Pre-Lab and Suggested Preparation Procedures Appendix A: Acronyms Procedures Step 1, 2, … Report on the Experiment Demo Achievement Test Concluding Activities Notes to TAs Appendix B: Further Reading Links Contents of a Lab Handout Lab Courses on Internet Security/ pMateti@cs.wright.edu

  9. Lab Experiments being Developed • Experience Serious Nuisance • Trojan Horses, Viruses and Worms • Experience Selected PC Viruses • Password Cracking • Privacy and Authentication of a User • Proper Conf of Security for Personal Machines • Security Fortification for Personal Machines Lab Courses on Internet Security/ pMateti@cs.wright.edu

  10. Lab Experiments being Developed • Virtual Private Networks • Buffer Overflow and Other Bug Exploitation • Probing a Host for Weakness • Security Software Tools • Setting Up a Linux PC as a Packet Filtering Router • Hostile Applets in Java and ActiveX • Commercial Products Lab Courses on Internet Security/ pMateti@cs.wright.edu

  11. Setting the Lab up • Lab • Operating Systems and Internet Security • 26 PC s (PIII 450MHz, 128 MB RAM, 13 GB HDD) • 8 Fast Ethernet Switches • Operating Systems • Linux 2.2.10 • Windows NT 4 sp 6 • Windows 98 SR2

  12. IP Filtering Router Firewall • All the lab PCs are on 192.168.*.* • Internet connections are through the Firewall • IP masquerading

  13. CEG 499: Internet Security • Computer System Security • TCP/IP exploits • Firewalls • Secure e-Commerce Transactions • Ethics and Legal Issues

  14. CEG 499: Internet Security/ System Security • Booting sequence • Passwords • User privileges • File Permissions

  15. Setting the Lab up/Security Software • Secure Shell • Sniffing Programs • Firewall Kits

  16. Current Status March 2000 • Internet Security Lab • CEG 499 Internet Security(Winter 2000) • Short Course • Labs Developed • Support Web Site Lab Courses on Internet Security/ pMateti@cs.wright.edu

  17. Internet Security Lab • 429 Russ Engineering Center, WSU • November 1999; In continuous use since • 26 PCs in the lab for students' use, and one web server, one router + file server, and one PC for re-configuration experimentation. Lab Courses on Internet Security/ pMateti@cs.wright.edu

  18. Internet Security Lab contd • All the PCs are on a private LAN • One Fast Ethernet switch for connecting a group of 4 PCs. • Each PC is loaded with • Linux 2.2 kernel (Caldera OpenLinux 2.3) • Windows NT with service pack 6, • Windows 98. • The NT loader boot menu into one these OS. Lab Courses on Internet Security/ pMateti@cs.wright.edu

  19. CEG 499 Internet Security (Winter 2000) • Computer System Security (2 weeks) • TCP/IP exploits (2) • Firewalls (2) • Secure e-Commerce Trans. (2) • Ethics and Legal Issues (1) • Guest Lecture from Mead, Inc. Lab Courses on Internet Security/ pMateti@cs.wright.edu

  20. Short Courses Scheduled • NAECON www.NAECON.org • AFCEA INFOTEC 2000 http://www.txdirect.net/afcea/ backgrnd/ backgrnd.htm Lab Courses on Internet Security/ pMateti@cs.wright.edu

  21. Labs Developed • Will develop 15 lab experiments • Finished 5, need refinements • To Do: 10 Lab Courses on Internet Security/ pMateti@cs.wright.edu

  22. Support Web Site • Notes to Instructors • Lab Maintenance • Collection of Tools (src) • Lecture Notes, and Slides • Lab Handouts Lab Courses on Internet Security/ pMateti@cs.wright.edu

  23. Lab Maintenance • Reload OS images periodically • Forgotten passwords, etc. Lab Courses on Internet Security/ pMateti@cs.wright.edu

  24. Links • CEG 499 Home Pagewww.cs.wright.edu/~pmateti/Courses/499 • OSIS Lab Home Pagewww.cs.wright.edu/~pmateti/OSIS • Support Web Sitewww.cs.wright.edu/~pmateti/InternetSecurity/ Lab Courses on Internet Security/ pMateti@cs.wright.edu

More Related