Virtual Security Labs Chao-Hsien Chu, Ph.D. Abdullah Konak, Ph.D. College of Information Sciences and Technology The Pennsylvania State University University Park, PA 16802 May 11, 2009 Presentation Outline Overview: - The Special Needs for IA Education - Common Approaches - The Challenges - Motivations for VSL VSL Implementation at UP / Demon VSL Implementation at Berks /Demon Lessons Learned Questions and Discussion The Special Needs for IA Education Hands-on exercise is a critical and integrated component of any effective information security education and training program. Students are expected to experiment with security software without worry that their experiment may impact other computer systems / students. Students should be able to evaluate the security of different operating systems, attempt to compromise the security of computer systems, and install additional security mechanisms without concern that their actions may affect other computers systems / students. Security hardware (Firewall, IDS); Human factors; Defense-in-depth; Multidisciplinary. Defense In Depth of Security Feedback Prediction Prevention Detection Forensics Response Cai IST 515 Chu Bagby IST 452 SRA 472 Liu Squicciarini Bagby IST 451 Liu Zhu Xu • • • • • SRA 468 IST 451: Network Security IST 452: Legal & Regulatory Issues IST 453: Computer Forensics Law IST 454: Computer & Cyber Forensics IST 456: Security & Risk Management • Scanner • IDS • Data mining • • • • • Xu IST 453 IST 456 IST 454 IST 564 Chu McGill Chu IST 515: Information Security & Assurance IST 564: Crisis, Disaster & Risk Management IST 596: Individual Studies SRA 472: Integration of Privacy & Security SRA 468: Visual Analytics for Intelligence & Security Common Approaches Some instructors require students to complete the exercises using their own computers. Lab experiences are typically conducted in an isolated computer lab where security problems that may occur are unable to affect other computers on campus. A common alternative is to develop a virtual network environment using simulators: - Virtual Network System (VNS). - Use virtual machines (VM) to emulate the hardware of different computers in a network. Virtual Gaming /Simulation (2nd Life) The Challenges The number of security related courses are increasing. The number of students interested in SRA are increasing. The physical space for security lab remains the same or reduced. Difficulty in maintaining an isolated security lab to meet classes and students’ schedules. Need to accommodate commuter students. Need to provide distance-learning education. Lack of emulators for security hardware Security Related Courses IST 220: Networking & Telecommunications IST 402: Emerging Issues and Technologies IST 451: Network Security IST 454: Computer and Cyber Forensics IST 456: Security and Risk Management SRA 111: Security and Risk Analysis (Introduction) SRA 211: Information Security (Overview) SRA 311: Risk Management IST 515: Information Security and Assurance IST 554: Network Management and Security IST 564: Crisis, Disaster and Risk Management IN SC 561: Web Security and Privacy Distance Learning Programs Associate in Science in Information Sciences and Technology. http://www.worldcampus.psu.edu/AssociateInInformationScie ncesandTechnology.shtml. (IST 220) Bachelor of Science in Information Sciences and Technology. http://www.worldcampus.psu.edu/BachelorinIST.shtml. (IST 220) Master of Professional Studies in Information Sciences. Information Assurance and Decision Support Option. (Fall 2009). (IST 451, IST 454, IST 515, IST 554, IN SC 561) Master of Professional Studies in Homeland Security. Information Security and Forensics Option (Fall 2010). Motivations for VSL Increasing advanced hands-on learning in networking and security courses (without sacrificing from content). Making campus computing resources available to commuter students for 7/24. Providing hands-on learning experiences in a distance learning model. Reducing lab hardware, software, and maintenance costs, and the need for specialized computer labs. Providing an agile and secured computing environment. Virtual Machine / Environment • Virtual machines are software emulations of fully functional operating systems such as Windows XP, Windows Sever 2008, and Linux. ESX Server vslvc.ist.psu.edu VIC UP Architecture IST 515: Penetration Test Labs Lab 1: Security Policy Lab 2: Footprinting. Whois, Nslookup, Dig, Ping, Traceroute. Lab 3: Network Scanning. SuperScan, Netbrute, NMap. Lab 4: Enumeration. LANguard Network Security Scanner, ENUM, SNScan. Lab 5: Applied Cryptography. Hash, Vigenere Cipher, AE Block Cipher, IDEA Cipher. Lab 6: Network Sniffing. Ethereal, WinCap. Lab 7: Network Security Audit. NMap, Nessus. Lab 8: Web Security. Social Engineering & Phishing Lab #: Password Cracking Lab #: Denial of Service NMware Infrastructure Client student1; z7heMu=a student2; K9dehe-+ student3; p?u+haMa student4; wu7Et+=q student5; Su8*2Fru student6; 8RA+aGus student7; gA7enu@A student8; 2E!$A7uc student9; nup#speD student10; s4he&uWR student11; 54gUN-se student12; t2e!afRe student13; -Um5Mahu student14; &akUse8$ student15; 8rusTu#r Lessons Learned It allows students to gain hands-on experiences without the need of physically attending labs on campus. Instructors can use the system in class to enhance teaching and discussion anywhere and anytime. Assignments can be designed without limited by the available computing resources. Students are able to experiment with security software without worry that their experiment may impact other computer systems. Students can evaluate security of different operating systems, attempt to compromise the security of computer systems, and install additional security mechanisms without concern that their actions may affect other computers. IST 454: Computer & Cyber Forensics Lab 1: Data Acquisition – Imaging. Lab 2: Forensic Analysis (EnCase, FTK) Lab 3: Investigating Windows Systems Lab 4: Data Hiding and Steganography. Lab 5: E-mail Tracing Lab 6: Hostile Code Investigation Lab 7: Network Forensics Lab 8: Mobile Forensics SRA 221: Information Security Lab 1: Keystroke Monitoring. SpyAgent. Lab 2: Password Cracking. LC4. Lab 3: Firewall Security. Cisco SDM Lab 4: Encryption / Crypto. DES, MD5 Lab 5: Vulnerability Assessment. Metasploit Lab 6: Vulnerability Assessment. Nessus. Lab 7: Intrusion Detection. SNORT. Penn State Berks Architecture Based on VMWare ESX Server . VM Storage virtual machines and networks virtual switch Host (VM Servers) virtual router VM Admin. Console Web Server a sandbox a computer lab WWW User User Access Web Browser Remote Access Web Browser VMware Client Off Campus Access Network Security Lab Settings Default Setting Two Windows XP and One Ubuntu Linux • Loaded with security software •Web, FTP, Telnet. ……. Optional Setting Windows 2003 Server • Active Directory •DHCP and DNS •Certificate Server •Routing and NAT ……. IST 402 Web & E-commerce Security (Fall 2008) Bootcamp (3 hours) • Review of computer networking, basic skills, ... Short Class Activities (10-15 min) • Encryption, Hashing, Digital Signatures,….. Labs (30-60 min) • Web Server Admin, Certificates, SSL, IPSec / VPN, …. Assignments • Certificates & HTTPS, Proxy Servers, SSH Tunneling,… Term Project (Sandboxes) • Database Security and RADIUS Authentication Demon: Certificates & HTTPS (Assignment) Learning Objective • Describe how digital certificates and SSL are used for authentication and data confidentiality. Activity Summary • Change lab settings • Create a certificate request for the web server • Request a web server certificate from a Certification Authority • Download the certificate • Install the certificate and configure the web server (IIS) for SSL • Test HTTPS • Capture and analyze SSL and HTTPS packets Certificates & HTTPS Review Questions What type of information could be encoded in certre.txt? Answer this question considering the content of a digital certificate. Open the certificate that you just downloaded. You will have an unknown publisher warning. What is the reason for this warning? Find and list the information about the publisher of the certificate. What is the first three octet of your public key (in hexadecimal numbers)? Can you use the certificate that you created in the Internet to provide data confidentiality and integrity between your web server and other client computers? Why or Why not? Can you use the certificate that you created in the Internet to authenticate your web server to client computers? Why or Why not? What do you need to do so? IST 402 Student Responses “The virtual computer network gave me the opportunity to take the theoretical aspects of the course and make them happen in a hands-on environment.” “It is a great way to have hands on with a linux server or other operating system virtually from home. This is a real interaction experience.” “Access to software not available on student computers is awesome...” “Very nice for experimenting on things that students could not otherwise do.” My Observations IST 402 Reduced time for each hands-on activity Much more comprehensive activities Less number of visits to the IT department Higher quality term projects Easy to maintain and update Empowered students Problems Slow at times (12 concurrent users) Single point of failure Multiple Servers User administration Scheduling and coordination Third party software Thank You? Any Question?