Virtual Security Labs

advertisement
Virtual Security Labs
Chao-Hsien Chu, Ph.D.
Abdullah Konak, Ph.D.
College of Information Sciences and Technology
The Pennsylvania State University
University Park, PA 16802
May 11, 2009
Presentation Outline
 Overview:
- The Special Needs for IA Education
- Common Approaches
- The Challenges
- Motivations for VSL
 VSL Implementation at UP / Demon
 VSL Implementation at Berks /Demon
 Lessons Learned
 Questions and Discussion
The Special Needs for IA Education




Hands-on exercise is a critical and integrated
component of any effective information security
education and training program.
Students are expected to experiment with security
software without worry that their experiment may
impact other computer systems / students.
Students should be able to evaluate the security of
different operating systems, attempt to compromise the
security of computer systems, and install additional
security mechanisms without concern that their actions
may affect other computers systems / students.
Security hardware (Firewall, IDS); Human factors;
Defense-in-depth; Multidisciplinary.
Defense In Depth of Security
Feedback
Prediction
Prevention
Detection
Forensics
Response
Cai
IST 515
Chu
Bagby
IST 452
SRA 472
Liu
Squicciarini
Bagby
IST 451
Liu
Zhu
Xu
•
•
•
•
•
SRA 468
IST 451: Network Security
IST 452: Legal & Regulatory Issues
IST 453: Computer Forensics Law
IST 454: Computer & Cyber Forensics
IST 456: Security & Risk Management
• Scanner
• IDS
• Data mining
•
•
•
•
•
Xu
IST 453
IST 456
IST 454
IST 564
Chu
McGill
Chu
IST 515: Information Security & Assurance
IST 564: Crisis, Disaster & Risk Management
IST 596: Individual Studies
SRA 472: Integration of Privacy & Security
SRA 468: Visual Analytics for Intelligence &
Security
Common Approaches

Some instructors require students to complete the
exercises using their own computers.
 Lab experiences are typically conducted in an
isolated computer lab where security problems that
may occur are unable to affect other computers on
campus.
 A common alternative is to develop a virtual
network environment using simulators:

- Virtual Network System (VNS).
- Use virtual machines (VM) to emulate the hardware of
different computers in a network.
Virtual Gaming /Simulation (2nd Life)
The Challenges

The number of security related courses are
increasing.
 The number of students interested in SRA are
increasing.
 The physical space for security lab remains the
same or reduced.
 Difficulty in maintaining an isolated security lab
to meet classes and students’ schedules.
 Need to accommodate commuter students.
 Need to provide distance-learning education.
 Lack of emulators for security hardware
Security Related Courses

IST 220: Networking & Telecommunications
 IST 402: Emerging Issues and Technologies
 IST 451: Network Security
 IST 454: Computer and Cyber Forensics
 IST 456: Security and Risk Management
 SRA 111: Security and Risk Analysis (Introduction)
 SRA 211: Information Security (Overview)
 SRA 311: Risk Management
 IST 515: Information Security and Assurance
 IST 554: Network Management and Security
 IST 564: Crisis, Disaster and Risk Management
 IN SC 561: Web Security and Privacy
Distance Learning Programs
 Associate in Science in Information Sciences and Technology.
http://www.worldcampus.psu.edu/AssociateInInformationScie
ncesandTechnology.shtml. (IST 220)
 Bachelor of Science in Information Sciences and Technology.
http://www.worldcampus.psu.edu/BachelorinIST.shtml. (IST
220)
 Master of Professional Studies in Information Sciences.
Information Assurance and Decision Support Option. (Fall
2009). (IST 451, IST 454, IST 515, IST 554, IN SC 561)
 Master of Professional Studies in Homeland Security.
Information Security and Forensics Option (Fall 2010).
Motivations for VSL





Increasing advanced hands-on learning in networking
and security courses (without sacrificing from
content).
Making campus computing resources available to
commuter students for 7/24.
Providing hands-on learning experiences in a distance
learning model.
Reducing lab hardware, software, and maintenance
costs, and the need for specialized computer labs.
Providing an agile and secured computing
environment.
Virtual Machine / Environment
• Virtual machines are software emulations of fully
functional operating systems such as Windows XP,
Windows Sever 2008, and Linux.
ESX Server
vslvc.ist.psu.edu
VIC
UP Architecture
IST 515: Penetration Test Labs










Lab 1: Security Policy
Lab 2: Footprinting. Whois, Nslookup, Dig, Ping, Traceroute.
Lab 3: Network Scanning. SuperScan, Netbrute, NMap.
Lab 4: Enumeration. LANguard Network Security Scanner,
ENUM, SNScan.
Lab 5: Applied Cryptography. Hash, Vigenere Cipher, AE
Block Cipher, IDEA Cipher.
Lab 6: Network Sniffing. Ethereal, WinCap.
Lab 7: Network Security Audit. NMap, Nessus.
Lab 8: Web Security. Social Engineering & Phishing
Lab #: Password Cracking
Lab #: Denial of Service
NMware Infrastructure Client
student1; z7heMu=a
student2; K9dehe-+
student3; p?u+haMa
student4; wu7Et+=q
student5; Su8*2Fru
student6; 8RA+aGus
student7; gA7enu@A
student8; 2E!$A7uc
student9; nup#speD
student10; s4he&uWR
student11; 54gUN-se
student12; t2e!afRe
student13; -Um5Mahu
student14; &akUse8$
student15; 8rusTu#r
Lessons Learned
 It allows students to gain hands-on experiences without the




need of physically attending labs on campus.
Instructors can use the system in class to enhance teaching and
discussion anywhere and anytime.
Assignments can be designed without limited by the available
computing resources.
Students are able to experiment with security software without
worry that their experiment may impact other computer
systems.
Students can evaluate security of different operating systems,
attempt to compromise the security of computer systems, and
install additional security mechanisms without concern that
their actions may affect other computers.
IST 454: Computer & Cyber Forensics

Lab 1: Data Acquisition – Imaging.

Lab 2: Forensic Analysis (EnCase, FTK)

Lab 3: Investigating Windows Systems

Lab 4: Data Hiding and Steganography.

Lab 5: E-mail Tracing

Lab 6: Hostile Code Investigation

Lab 7: Network Forensics

Lab 8: Mobile Forensics
SRA 221: Information Security

Lab 1: Keystroke Monitoring. SpyAgent.

Lab 2: Password Cracking. LC4.

Lab 3: Firewall Security. Cisco SDM

Lab 4: Encryption / Crypto. DES, MD5

Lab 5: Vulnerability Assessment. Metasploit

Lab 6: Vulnerability Assessment. Nessus.

Lab 7: Intrusion Detection. SNORT.
Penn State Berks Architecture
 Based on VMWare ESX Server .
VM
Storage
virtual machines and networks
virtual
switch
Host
(VM Servers)
virtual
router
VM
Admin.
Console
Web
Server
a sandbox
a computer lab
WWW
User
User Access
Web
Browser
Remote Access
 Web Browser
 VMware Client
 Off Campus Access
Network Security Lab Settings
Default Setting
Two Windows XP and
One Ubuntu Linux
• Loaded with security software
•Web, FTP, Telnet.
…….
Optional Setting
Windows 2003
Server
• Active Directory
•DHCP and DNS
•Certificate Server
•Routing and NAT
…….
IST 402 Web & E-commerce Security (Fall 2008)
 Bootcamp (3 hours)
• Review of computer networking, basic skills, ...
 Short Class Activities (10-15 min)
• Encryption, Hashing, Digital Signatures,…..
 Labs (30-60 min)
• Web Server Admin, Certificates, SSL, IPSec / VPN, ….
 Assignments
• Certificates & HTTPS, Proxy Servers, SSH Tunneling,…
 Term Project (Sandboxes)
• Database Security and RADIUS Authentication
Demon: Certificates & HTTPS (Assignment)
 Learning Objective
• Describe how digital certificates and SSL are used for
authentication and data confidentiality.
 Activity Summary
• Change lab settings
• Create a certificate request for the web server
• Request a web server certificate from a Certification Authority
• Download the certificate
• Install the certificate and configure the web server (IIS) for SSL
• Test HTTPS
• Capture and analyze SSL and HTTPS packets
Certificates & HTTPS Review Questions
 What type of information could be encoded in certre.txt? Answer





this question considering the content of a digital certificate.
Open the certificate that you just downloaded. You will have an
unknown publisher warning. What is the reason for this warning?
Find and list the information about the publisher of the certificate.
What is the first three octet of your public key (in hexadecimal
numbers)?
Can you use the certificate that you created in the Internet to
provide data confidentiality and integrity between your web
server and other client computers? Why or Why not?
Can you use the certificate that you created in the Internet to
authenticate your web server to client computers? Why or Why
not? What do you need to do so?
IST 402 Student Responses
 “The virtual computer network gave me the
opportunity to take the theoretical aspects of the
course and make them happen in a hands-on
environment.”
 “It is a great way to have hands on with a linux server
or other operating system virtually from home. This
is a real interaction experience.”
 “Access to software not available on student
computers is awesome...”
 “Very nice for experimenting on things that students
could not otherwise do.”
My Observations IST 402
 Reduced time for each hands-on activity
 Much more comprehensive activities
 Less number of visits to the IT department
 Higher quality term projects
 Easy to maintain and update
 Empowered students
Problems
 Slow at times (12 concurrent users)
 Single point of failure
Multiple Servers
 User administration
 Scheduling and coordination
Third party
software
Thank You?
Any Question?
Download