chao-hsien chu, ph.d. abdullah konak, ph.d. college of information sciences and technology the...
TRANSCRIPT
Chao-Hsien Chu, Ph.D.Abdullah Konak, Ph.D.
College of Information Sciences and TechnologyThe Pennsylvania State University
University Park, PA 16802
Virtual Security LabsVirtual Security Labs
May 11, 2009
Presentation OutlinePresentation Outline
Overview:- The Special Needs for IA Education- Common Approaches- The Challenges- Motivations for VSL
VSL Implementation at UP / Demon
VSL Implementation at Berks /Demon
Lessons Learned
Questions and Discussion
The Special Needs for IA EducationThe Special Needs for IA Education
Hands-on exercise is a critical and integrated component of any effective information security education and training program.
Students are expected to experiment with security software without worry that their experiment may impact other computer systems / students.
Students should be able to evaluate the security of different operating systems, attempt to compromise the security of computer systems, and install additional security mechanisms without concern that their actions may affect other computers systems / students.
Security hardware (Firewall, IDS); Human factors; Defense-in-depth; Multidisciplinary.
• IST 515: Information Security & Assurance• IST 564: Crisis, Disaster & Risk Management• IST 596: Individual Studies• SRA 472: Integration of Privacy & Security• SRA 468: Visual Analytics for Intelligence &
Security
Prediction Detection Forensics Response
Defense In Depth of SecurityDefense In Depth of Security
Feedback
IST 451
IST 515 SRA 468
• IST 451: Network Security
• IST 452: Legal & Regulatory Issues
• IST 453: Computer Forensics Law
• IST 454: Computer & Cyber Forensics
• IST 456: Security & Risk Management
IST 453
IST 454 IST 564
IST 456IST 452
SRA 472 Liu Zhu
Xu
Bagby
Chu McGill
Xu
Chu
Cai
Chu Liu Squicciarini
• Policy/Regulation
• Firewall/DMZ
• Access Control/VPN
• Qualitative models
• Quantitative models
Prevention
Bagby
• Plans• Risk analysis
• Scanner• IDS• Data mining
Common ApproachesCommon Approaches
Some instructors require students to complete the exercises using their own computers.
Lab experiences are typically conducted in an isolated computer lab where security problems that may occur are unable to affect other computers on campus.
A common alternative is to develop a virtual network environment using simulators:- Virtual Network System (VNS).- Use virtual machines (VM) to emulate the hardware of different computers in a network.
Virtual Gaming /Simulation (2nd Life)
The ChallengesThe Challenges
The number of security related courses are increasing.
The number of students interested in SRA are increasing.
The physical space for security lab remains the same or reduced.
Difficulty in maintaining an isolated security lab to meet classes and students’ schedules.
Need to accommodate commuter students. Need to provide distance-learning education. Lack of emulators for security hardware
Security Related CoursesSecurity Related Courses
IST 220: Networking & Telecommunications IST 402: Emerging Issues and Technologies IST 451: Network Security IST 454: Computer and Cyber Forensics IST 456: Security and Risk Management SRA 111: Security and Risk Analysis (Introduction) SRA 211: Information Security (Overview) SRA 311: Risk Management IST 515: Information Security and Assurance IST 554: Network Management and Security IST 564: Crisis, Disaster and Risk Management IN SC 561: Web Security and Privacy
Distance Learning ProgramsDistance Learning Programs
Associate in Science in Information Sciences and Technology. http://www.worldcampus.psu.edu/AssociateInInformationSciencesandTechnology.shtml. (IST 220)
Bachelor of Science in Information Sciences and Technology. http://www.worldcampus.psu.edu/BachelorinIST.shtml. (IST 220)
Master of Professional Studies in Information Sciences. Information Assurance and Decision Support Option. (Fall 2009). (IST 451, IST 454, IST 515, IST 554, IN SC 561)
Master of Professional Studies in Homeland Security. Information Security and Forensics Option (Fall 2010).
Motivations for VSLMotivations for VSL
Increasing advanced hands-on learning in networking and security courses (without sacrificing from content).
Making campus computing resources available to commuter students for 7/24.
Providing hands-on learning experiences in a distance learning model.
Reducing lab hardware, software, and maintenance costs, and the need for specialized computer labs.
Providing an agile and secured computing environment.
Virtual Machine / EnvironmentVirtual Machine / Environment
• Virtual machines are software emulations of fully functional operating systems such as Windows XP, Windows Sever 2008, and Linux.
vslvc.ist.psu.edu
ESX Server
VICUP Architecture
IST 515: Penetration Test LabsIST 515: Penetration Test Labs
Lab 1: Security Policy Lab 2: Footprinting. Whois, Nslookup, Dig, Ping, Traceroute. Lab 3: Network Scanning. SuperScan, Netbrute, NMap. Lab 4: Enumeration. LANguard Network Security Scanner,
ENUM, SNScan. Lab 5: Applied Cryptography. Hash, Vigenere Cipher, AE
Block Cipher, IDEA Cipher. Lab 6: Network Sniffing. Ethereal, WinCap. Lab 7: Network Security Audit. NMap, Nessus. Lab 8: Web Security. Social Engineering & Phishing Lab #: Password Cracking Lab #: Denial of Service
NMware Infrastructure ClientNMware Infrastructure Client
student1; z7heMu=astudent2; K9dehe-+student3; p?u+haMastudent4; wu7Et+=qstudent5; Su8*2Frustudent6; 8RA+aGusstudent7; gA7enu@Astudent8; 2E!$A7ucstudent9; nup#speDstudent10; s4he&uWRstudent11; 54gUN-sestudent12; t2e!afRestudent13; -Um5Mahustudent14; &akUse8$student15; 8rusTu#r
Lessons LearnedLessons Learned
It allows students to gain hands-on experiences without the need of physically attending labs on campus.
Instructors can use the system in class to enhance teaching and discussion anywhere and anytime.
Assignments can be designed without limited by the available computing resources.
Students are able to experiment with security software without worry that their experiment may impact other computer systems.
Students can evaluate security of different operating systems, attempt to compromise the security of computer systems, and install additional security mechanisms without concern that their actions may affect other computers.
IST 454: Computer & Cyber ForensicsIST 454: Computer & Cyber Forensics
Lab 1: Data Acquisition – Imaging. Lab 2: Forensic Analysis (EnCase, FTK) Lab 3: Investigating Windows Systems Lab 4: Data Hiding and Steganography. Lab 5: E-mail Tracing Lab 6: Hostile Code Investigation Lab 7: Network Forensics Lab 8: Mobile Forensics
SRA 221: Information SecuritySRA 221: Information Security
Lab 1: Keystroke Monitoring. SpyAgent.
Lab 2: Password Cracking. LC4.
Lab 3: Firewall Security. Cisco SDM
Lab 4: Encryption / Crypto. DES, MD5
Lab 5: Vulnerability Assessment. Metasploit
Lab 6: Vulnerability Assessment. Nessus.
Lab 7: Intrusion Detection. SNORT.
Penn State Berks Architecture Penn State Berks Architecture
Based on VMWare ESX Server .
User Access
a sandbox
a computer lab
virtualswitch
virtualrouter
virtual machines and networks
Host (VM Servers)
User
WWW
VM Storage
Web Server
Web Browser
VMAdmin.
Console
User Access
a sandbox
a computer lab
virtualswitch
virtualrouter
virtual machines and networks
Host (VM Servers)
User
WWW
VM Storage
Web Server
Web Browser
VMAdmin.
Console
Remote AccessRemote Access
Web Browser VMware Client Off Campus Access
Network Security Lab SettingsNetwork Security Lab Settings
Default Setting
Optional Setting
Windows 2003 Server
• Active Directory•DHCP and DNS•Certificate Server•Routing and NAT…….
Windows 2003 Server
• Active Directory•DHCP and DNS•Certificate Server•Routing and NAT…….
Two Windows XP and One Ubuntu Linux
• Loaded with security software •Web, FTP, Telnet.…….
Two Windows XP and One Ubuntu Linux
• Loaded with security software •Web, FTP, Telnet.…….
IST 402 Web & E-commerce Security (Fall 2008)IST 402 Web & E-commerce Security (Fall 2008)
Bootcamp (3 hours) • Review of computer networking, basic skills, ...
Short Class Activities (10-15 min) • Encryption, Hashing, Digital Signatures,…..
Labs (30-60 min) • Web Server Admin, Certificates, SSL, IPSec / VPN, ….
Assignments• Certificates & HTTPS, Proxy Servers, SSH Tunneling,…
Term Project (Sandboxes) • Database Security and RADIUS Authentication
Demon: Certificates & HTTPS (Assignment)Demon: Certificates & HTTPS (Assignment)
Learning Objective• Describe how digital certificates and SSL are used for
authentication and data confidentiality.
Activity Summary• Change lab settings • Create a certificate request for the web server • Request a web server certificate from a Certification Authority• Download the certificate• Install the certificate and configure the web server (IIS) for SSL• Test HTTPS• Capture and analyze SSL and HTTPS packets
Certificates & HTTPS Review QuestionsCertificates & HTTPS Review Questions
What type of information could be encoded in certre.txt? Answer this question considering the content of a digital certificate.
Open the certificate that you just downloaded. You will have an unknown publisher warning. What is the reason for this warning?
Find and list the information about the publisher of the certificate. What is the first three octet of your public key (in hexadecimal
numbers)? Can you use the certificate that you created in the Internet to
provide data confidentiality and integrity between your web server and other client computers? Why or Why not?
Can you use the certificate that you created in the Internet to authenticate your web server to client computers? Why or Why not? What do you need to do so?
IST 402 Student Responses IST 402 Student Responses
“The virtual computer network gave me the opportunity to take the theoretical aspects of the course and make them happen in a hands-on environment.”
“It is a great way to have hands on with a linux server or other operating system virtually from home. This is a real interaction experience.”
“Access to software not available on student computers is awesome...”
“Very nice for experimenting on things that students could not otherwise do.”
My Observations IST 402 My Observations IST 402
Reduced time for each hands-on activity Much more comprehensive activities Less number of visits to the IT department Higher quality term projects Easy to maintain and update Empowered students
Problems Problems
Slow at times (12 concurrent users) Single point of failure User administration Scheduling and coordination
Multiple ServersMultiple Servers
Third party software
Third party software
Thank You?
Any Question?