Using a Virtual Lab to teach an online Information Assurance Program Wayne C. Summers, Bhagyavati, Carlos Martin Columbus State University 4225 University Avenue Columbus, GA 31907 {bhagyavati, martin_carlos, summers_wayne}@colstate.edu @colstate.edu Sept. 24, 2005 InfoSecCD 2005 Background • Programs are being expected to offer online courses for our students. • Many departments of computing are expanding their course offerings in computer security and information assurance. • In an online class, students often cannot physically attend labs on campus. Sept. 24, 2005 InfoSecCD 2005 2 Background • In a traditional course in computer security – lab experiences are typically conducted in an isolated computer lab where security problems that may occur are unable to affect other computers on campus. – students are able to experiment with security software without worry that their experiment may impact computer systems outside the isolated lab. – students can evaluate security of different operating systems, attempt to compromise the security of computer systems, and install additional security mechanisms without concern that their actions may affect computers outside the lab. Sept. 24, 2005 InfoSecCD 2005 3 Background • Solution - require that students use their own computers. • Problem - assignments have to be designed so as not to be limited by the students’ computing resources. Students typically have access to only one computer and one operating system which limits the flexibility in the assignments. • Problem - unwise to allow students to use their personal computers to experiment with security software. Sept. 24, 2005 InfoSecCD 2005 4 APPROACHES • Most of the approaches to providing hands-on lab experiences utilize a computer lab isolated from the Internet. • Alternative is to develop a virtual network environment using simulators – Virtual Network System (VNS) – use virtual machines (VM) to emulate the hardware of different computers in a network • VMWare (http://www.vmware.com/), • Planetlab (http://www.planet-lab.org/), • Emulab (http://www.emulab.net/) Sept. 24, 2005 InfoSecCD 2005 5 Security and Assurance of Information Lab (SAIL) • Virtual security lab • Collection of computers accessible by any student who has Internet access • Authentication into the lab using a Virtual Private Network (VPN) concentrator • Once authenticated into the lab, students are able to access any of the computers in the lab and complete their assignments without fear that there actions will affect computer systems outside the lab Sept. 24, 2005 InfoSecCD 2005 6 SAIL Configuration Sept. 24, 2005 InfoSecCD 2005 7 VPN 3000 Concentrator Sept. 24, 2005 InfoSecCD 2005 8 Security and Assurance of Information Lab (SAIL) • Authentication by the Concentrator through two different passwords (group and user). • Students “in the lab” have access to all of the devices physically located in the lab. • Access the network remotely without requiring physical access to the lab and the devices in the lab. • Able to access the SAIL lab network securely. • Traffic “in the lab” is isolated from the Internet so if any malware is released in the SAIL lab, it is isolated to the lab. • Only Internet connection in the lab is to the VPN Concentrator which is configured to prevent the transmission of executables between the Internet and the SAIL lab. Sept. 24, 2005 InfoSecCD 2005 9 Security and Assurance of Information Lab (SAIL) • Students access the Windows computers using RealVNC (http://www.realvnc.com/). • The RealVNC client on the student’s computer allows the student to access the remote Windows computer as if the student was sitting at the computer. • Multiple use of the RealVNC client provides the student with the capability to access more than one remote computer simultaneously. • Students access the Linux computers using either RealVNC for a GUI interface or a SSH client for a command-line interface Sept. 24, 2005 InfoSecCD 2005 10 VNC clients Sept. 24, 2005 InfoSecCD 2005 11 Security and Assurance of Information Lab (SAIL) • SAIL Lab consists of eight computers (Windows XP Pro, Windows 2000 Server, Windows 2003 Server, & Linux) networked with hubs, • VNC Concentrator (acting as the gateway), • KVM switch, • PIX firewall, • router. Sept. 24, 2005 InfoSecCD 2005 12 SAIL Lab Sept. 24, 2005 InfoSecCD 2005 13 CLASSROOM EXPERIENCES WITH SAIL • Passwords (http://csc.colstate.edu/summers/NOTES/6128/passwords.html). Students are required to establish and implement password policies on a Windows XP computer as the administrator. After they have created a number of accounts with different passwords, the students are expected to audit the passwords using password cracking software. • Firewalls (http://csc.colstate.edu/summers/NOTES/6128/firewalls.html). Students explore the features of firewalls by configuring and testing two different firewalls in a Windows environment. • Host Security (http://csc.colstate.edu/summers/NOTES/6128/host.html). Students explore host hardening of both Windows and Linux computers by exploring services, managing users and groups, and inspecting various logs on the computers. Sept. 24, 2005 InfoSecCD 2005 14 CLASSROOM EXPERIENCES WITH SAIL • Security Auditing (http://csc.colstate.edu/summers/NOTES/6128/audit.html). Students audit the security of the computers on the network by using nmap (http://www.insecure.org/nmap/) to scan for open ports. Students also use nessus (http://www.nessus.org/) to assess the vulnerabilities on the different computers in the SAIL network. • Traffic Analysis (http://csc.colstate.edu/summers/NOTES/6128/IDS.html) Students use Ethereal (http://www.ethereal.com/) to analyze the traffic on the network in the SAIL lab. • Building Systems with Assurance http://csc.colstate.edu/summers/NOTES/6136/assurance-lab.html. Students implemented policies to ensure data confidentiality, data availability, and data integrity. Sept. 24, 2005 InfoSecCD 2005 15 PROBLEMS • One of the early assignments required that students create their own administrator account in Windows XP. New accounts have the PowerSave option turned on by default. This meant that the computers shut down a short while after the students logged off their account. We have been unable to find a way to change this default setting and had to provide the students with additional instructions to change the PowerSave setting. • There were a few occasions when a student accidentally shut-down one of the computers instead of logging off. This required that someone needed to drive to campus to restart the computer. We are exploring solutions that will allow us to remotely restart a computer. • There were times when students were unable to access a computer because all were being used by classmates. We need to improve the scheduling of the computer use. Sept. 24, 2005 InfoSecCD 2005 16 FUTURE PLANS • Install Virtual PC on each computer with multiple OSs • Create assignments – to configure and manage a PIX firewall. – to configure and manage the security of a router. – Explore the vulnerabilities of different network servers including email, DHCP, DNS, and ftp. – Explore the vulnerabilities of different application servers including SQL and web servers. – Install, configure and use an intrusion detection system like snort. Sept. 24, 2005 InfoSecCD 2005 17 Questions? Sept. 24, 2005 InfoSecCD 2005 18