Using a Virtual Lab to teach an online Information Assurance Program

advertisement
Using a Virtual Lab to
teach an online
Information Assurance
Program
Wayne C. Summers, Bhagyavati, Carlos Martin
Columbus State University
4225 University Avenue
Columbus, GA 31907
{bhagyavati, martin_carlos, summers_wayne}@colstate.edu
@colstate.edu
Sept. 24, 2005
InfoSecCD 2005
Background
• Programs are being expected to offer
online courses for our students.
• Many departments of computing are
expanding their course offerings in
computer security and information
assurance.
• In an online class, students often cannot
physically attend labs on campus.
Sept. 24, 2005
InfoSecCD 2005
2
Background
• In a traditional course in computer security
– lab experiences are typically conducted in an isolated
computer lab where security problems that may occur
are unable to affect other computers on campus.
– students are able to experiment with security software
without worry that their experiment may impact
computer systems outside the isolated lab.
– students can evaluate security of different operating
systems, attempt to compromise the security of
computer systems, and install additional security
mechanisms without concern that their actions may
affect computers outside the lab.
Sept. 24, 2005
InfoSecCD 2005
3
Background
• Solution - require that students use their own
computers.
• Problem - assignments have to be designed so
as not to be limited by the students’ computing
resources. Students typically have access to
only one computer and one operating system
which limits the flexibility in the assignments.
• Problem - unwise to allow students to use their
personal computers to experiment with security
software.
Sept. 24, 2005
InfoSecCD 2005
4
APPROACHES
• Most of the approaches to providing
hands-on lab experiences utilize a
computer lab isolated from the Internet.
• Alternative is to develop a virtual network
environment using simulators
– Virtual Network System (VNS)
– use virtual machines (VM) to emulate the
hardware of different computers in a network
• VMWare (http://www.vmware.com/),
• Planetlab (http://www.planet-lab.org/),
• Emulab (http://www.emulab.net/)
Sept. 24, 2005
InfoSecCD 2005
5
Security and Assurance of
Information Lab (SAIL)
• Virtual security lab
• Collection of computers accessible by any
student who has Internet access
• Authentication into the lab using a Virtual
Private Network (VPN) concentrator
• Once authenticated into the lab, students
are able to access any of the computers in
the lab and complete their assignments
without fear that there actions will affect
computer systems outside the lab
Sept. 24, 2005
InfoSecCD 2005
6
SAIL Configuration
Sept. 24, 2005
InfoSecCD 2005
7
VPN 3000 Concentrator
Sept. 24, 2005
InfoSecCD 2005
8
Security and Assurance of
Information Lab (SAIL)
• Authentication by the Concentrator through two different
passwords (group and user).
• Students “in the lab” have access to all of the devices
physically located in the lab.
• Access the network remotely without requiring physical
access to the lab and the devices in the lab.
• Able to access the SAIL lab network securely.
• Traffic “in the lab” is isolated from the Internet so if any
malware is released in the SAIL lab, it is isolated to the
lab.
• Only Internet connection in the lab is to the VPN
Concentrator which is configured to prevent the
transmission of executables between the Internet and
the SAIL lab.
Sept. 24, 2005
InfoSecCD 2005
9
Security and Assurance of
Information Lab (SAIL)
• Students access the Windows computers using
RealVNC (http://www.realvnc.com/).
• The RealVNC client on the student’s computer
allows the student to access the remote
Windows computer as if the student was sitting
at the computer.
• Multiple use of the RealVNC client provides the
student with the capability to access more than
one remote computer simultaneously.
• Students access the Linux computers using
either RealVNC for a GUI interface or a SSH
client for a command-line interface
Sept. 24, 2005
InfoSecCD 2005
10
VNC clients
Sept. 24, 2005
InfoSecCD 2005
11
Security and Assurance of
Information Lab (SAIL)
• SAIL Lab consists of eight computers
(Windows XP Pro, Windows 2000 Server,
Windows 2003 Server, & Linux) networked
with hubs,
• VNC Concentrator (acting as the
gateway),
• KVM switch,
• PIX firewall,
• router.
Sept. 24, 2005
InfoSecCD 2005
12
SAIL Lab
Sept. 24, 2005
InfoSecCD 2005
13
CLASSROOM EXPERIENCES
WITH SAIL
• Passwords
(http://csc.colstate.edu/summers/NOTES/6128/passwords.html).
Students are required to establish and implement password policies
on a Windows XP computer as the administrator. After they have
created a number of accounts with different passwords, the students
are expected to audit the passwords using password cracking
software.
• Firewalls
(http://csc.colstate.edu/summers/NOTES/6128/firewalls.html).
Students explore the features of firewalls by configuring and testing
two different firewalls in a Windows environment.
• Host Security
(http://csc.colstate.edu/summers/NOTES/6128/host.html). Students
explore host hardening of both Windows and Linux computers by
exploring services, managing users and groups, and inspecting
various logs on the computers.
Sept. 24, 2005
InfoSecCD 2005
14
CLASSROOM EXPERIENCES
WITH SAIL
• Security Auditing
(http://csc.colstate.edu/summers/NOTES/6128/audit.html). Students
audit the security of the computers on the network by using nmap
(http://www.insecure.org/nmap/) to scan for open ports. Students
also use nessus (http://www.nessus.org/) to assess the
vulnerabilities on the different computers in the SAIL network.
• Traffic Analysis
(http://csc.colstate.edu/summers/NOTES/6128/IDS.html) Students
use Ethereal (http://www.ethereal.com/) to analyze the traffic on the
network in the SAIL lab.
• Building Systems with Assurance
http://csc.colstate.edu/summers/NOTES/6136/assurance-lab.html.
Students implemented policies to ensure data confidentiality, data
availability, and data integrity.
Sept. 24, 2005
InfoSecCD 2005
15
PROBLEMS
• One of the early assignments required that students
create their own administrator account in Windows XP.
New accounts have the PowerSave option turned on by
default. This meant that the computers shut down a short
while after the students logged off their account. We
have been unable to find a way to change this default
setting and had to provide the students with additional
instructions to change the PowerSave setting.
• There were a few occasions when a student accidentally
shut-down one of the computers instead of logging off.
This required that someone needed to drive to campus
to restart the computer. We are exploring solutions that
will allow us to remotely restart a computer.
• There were times when students were unable to access
a computer because all were being used by classmates.
We need to improve the scheduling of the computer use.
Sept. 24, 2005
InfoSecCD 2005
16
FUTURE PLANS
• Install Virtual PC on each computer with multiple
OSs
• Create assignments
– to configure and manage a PIX firewall.
– to configure and manage the security of a router.
– Explore the vulnerabilities of different network servers
including email, DHCP, DNS, and ftp.
– Explore the vulnerabilities of different application
servers including SQL and web servers.
– Install, configure and use an intrusion detection
system like snort.
Sept. 24, 2005
InfoSecCD 2005
17
Questions?
Sept. 24, 2005
InfoSecCD 2005
18
Download