120 likes | 219 Views
A Collaborative Virtual Computer Security Lab. Jörg Keller FernUniversität in Hagen, Germany. joint work with Ralf Naues. Amsterdam, DEC 4, 2006. Outline. Motivation and Challenges Prototype Design Task Design Conclusion and Future Work. Introduction and Motivation.
E N D
A Collaborative Virtual Computer Security Lab Jörg KellerFernUniversität in Hagen, Germany joint work with Ralf Naues Amsterdam, DEC 4, 2006
Outline • Motivation and Challenges • Prototype Design • Task Design • Conclusion and Future Work
Introduction and Motivation • Computer and network security important, hence present in curricula • Course work to be complemented by lab work • Good training necessary: single flaw can render useless all efforts • Distance teaching not really an issue, as security administration remotely performed
Challenges • Large student numbers- admin tasks prevent sharing of machines- providing many machines prohibitive due to restricted resources- sequence of tasks requires ability to reset to stable configuration • Checking completion of tasks- task nature requires tests to support supervisors- simplifies handling of large numbers as a side-eff.
Lab Network Design I • Basic Design Decision:Use Virtual Machines on the campus siteUse student computer at home to access campus site • Requires students to run browser, VPN and ssh client • Virtualization: VmWare
Task Design I • Start with simple tasks:acquire certificateVPN client and SSH clientconnect to lab server • Next: install and configure firewall and IDS systemsiptables, tripwire, snort, honeypot • Finally: student groups perform complex tasks
Task Design II • Tasks designed to be testable by script • Example: install firewall so that telnet service is not available to the outside • Checking that telnet cannot be used is easy, but not enough • Script also checks that other services (like ssh) are still available from the outside • Realization: port scan and firewall log file check
Task Design III • Tasks available via web-based student interface • Includes help pages with links to tool manuals etc • Possible to access test script result and supervisor comments • Supports self study and self assessment
CURE system is used for collaboration Virtual rooms for communication and exchanging Secured through personalized keys Reservation scheme for the virtual server Collaboration
Conclusion and Future Work • Lab starts operation in Spring 2007 • Use CSCW system for group tasks • Integrate lab server with CSCW for single sign-on • THANK YOU VERY MUCHFOR YOUR ATTENTION