Download - Secure lab setup for cyber security
SECURE LAB SETUP
FOR CYBER SECURITY
Prepared By :
Birju Tank
GTU PG School, BISAG
GANDHINAGAR.
Main Messages
Developing a good cyber security laboratory and related
exercise takes:
Planning
Thought
Resources
Helps to think about goals and structure
Goals
Mixed use laboratory
Not enough space to dedicate to security
Need to be able to connect/disconnect from campus network quickly
Support both Windows and Linux
IUP only supported Linux, real-world environment is heterogeneous
Be able to emulate a real-world enterprise computing environment
Laboratory
One Way to Lower the Cost
Purchase one many-port switch to act as physical switch, all hubs
Can isolate groups of ports
Can bridge groups where needed
Advantages
Significant cost savings
Reduced maintenance need
Disadvantage
Initial setup difficult
Cont’d
Use of Virtual Machines within Physical Machines
Products
Microsoft Virtual PC (used 2005)
Support discontinued for Mac environment in 8/2006
VMWare (used 2006)
Another possibility: Xen
Operating systems must be modified
Higher performance gained
Laboratory – Physical Issues
Want to provide some sense of physical security for each station
Lab furniture is currently 8 cubicles with high walls
Problem: not good for general usage, students tend to “hide” in lab and take over stations
Future: a more open physical environment?
INFRASTRUCTURE
Goals
Heterogeneous and Isolated Network
Same system for each student team
Replicating tool (e.g. Norton Ghost) saves much
time
Don’t forget to give each machine its own identity
Cont’d
Structure of Isolated Network
One zone (all systems off one hub)
Student Team Systems running older Windows
Server, Linux systems
Non-current OSs with known security holes
All tools used in lab exercises
Added several realistic-looking accounts (e.g.
backup, logwd, tomcat) with weak passwords
Cont’d
Structure of Isolated Network (continued)
Several Non-Student Systems
Other variants of Windows and Linux
1 Monitoring system
Additional Available Systems
Host systems can be used for internet access