using a virtual lab to teach an online information assurance program
DESCRIPTION
Using a Virtual Lab to teach an online Information Assurance Program . Wayne C. Summers, Bhagyavati, Carlos Martin Columbus State University 4225 University Avenue Columbus, GA 31907 {bhagyavati, martin_carlos, summers_wayne}@colstate.edu @colstate.edu. Background. - PowerPoint PPT PresentationTRANSCRIPT
Sept. 24, 2005 InfoSecCD 2005
Using a Virtual Lab to teach an online Information Assurance Program
Wayne C. Summers, Bhagyavati, Carlos MartinColumbus State University
4225 University AvenueColumbus, GA 31907
{bhagyavati, martin_carlos, summers_wayne}@[email protected]
Sept. 24, 2005 InfoSecCD 2005 2
Background
• Programs are being expected to offer online courses for our students.
• Many departments of computing are expanding their course offerings in computer security and information assurance.
• In an online class, students often cannot physically attend labs on campus.
Sept. 24, 2005 InfoSecCD 2005 3
Background
• In a traditional course in computer security– lab experiences are typically conducted in an isolated
computer lab where security problems that may occur are unable to affect other computers on campus.
– students are able to experiment with security software without worry that their experiment may impact computer systems outside the isolated lab.
– students can evaluate security of different operating systems, attempt to compromise the security of computer systems, and install additional security mechanisms without concern that their actions may affect computers outside the lab.
Sept. 24, 2005 InfoSecCD 2005 4
Background
• Solution - require that students use their own computers.
• Problem - assignments have to be designed so as not to be limited by the students’ computing resources. Students typically have access to only one computer and one operating system which limits the flexibility in the assignments.
• Problem - unwise to allow students to use their personal computers to experiment with security software.
Sept. 24, 2005 InfoSecCD 2005 5
APPROACHES• Most of the approaches to providing
hands-on lab experiences utilize a computer lab isolated from the Internet.
• Alternative is to develop a virtual network environment using simulators– Virtual Network System (VNS) – use virtual machines (VM) to emulate the
hardware of different computers in a network• VMWare (http://www.vmware.com/), • Planetlab (http://www.planet-lab.org/),• Emulab (http://www.emulab.net/)
Sept. 24, 2005 InfoSecCD 2005 6
Security and Assurance of Information Lab (SAIL)
• Virtual security lab• Collection of computers accessible by any
student who has Internet access • Authentication into the lab using a Virtual
Private Network (VPN) concentrator• Once authenticated into the lab, students
are able to access any of the computers in the lab and complete their assignments without fear that there actions will affect computer systems outside the lab
Sept. 24, 2005 InfoSecCD 2005 7
SAIL Configuration
Sept. 24, 2005 InfoSecCD 2005 8
VPN 3000 Concentrator
Sept. 24, 2005 InfoSecCD 2005 9
Security and Assurance of Information Lab (SAIL)
• Authentication by the Concentrator through two different passwords (group and user).
• Students “in the lab” have access to all of the devices physically located in the lab.
• Access the network remotely without requiring physical access to the lab and the devices in the lab.
• Able to access the SAIL lab network securely. • Traffic “in the lab” is isolated from the Internet so if any
malware is released in the SAIL lab, it is isolated to the lab.
• Only Internet connection in the lab is to the VPN Concentrator which is configured to prevent the transmission of executables between the Internet and the SAIL lab.
Sept. 24, 2005 InfoSecCD 2005 10
Security and Assurance of Information Lab (SAIL)
• Students access the Windows computers using RealVNC (http://www.realvnc.com/).
• The RealVNC client on the student’s computer allows the student to access the remote Windows computer as if the student was sitting at the computer.
• Multiple use of the RealVNC client provides the student with the capability to access more than one remote computer simultaneously.
• Students access the Linux computers using either RealVNC for a GUI interface or a SSH client for a command-line interface
Sept. 24, 2005 InfoSecCD 2005 11
VNC clients
Sept. 24, 2005 InfoSecCD 2005 12
Security and Assurance of Information Lab (SAIL)
• SAIL Lab consists of eight computers (Windows XP Pro, Windows 2000 Server, Windows 2003 Server, & Linux) networked with hubs,
• VNC Concentrator (acting as the gateway),
• KVM switch,• PIX firewall, • router.
Sept. 24, 2005 InfoSecCD 2005 13
SAIL Lab
Sept. 24, 2005 InfoSecCD 2005 14
CLASSROOM EXPERIENCES WITH SAIL
• Passwords (http://csc.colstate.edu/summers/NOTES/6128/passwords.html). Students are required to establish and implement password policies on a Windows XP computer as the administrator. After they have created a number of accounts with different passwords, the students are expected to audit the passwords using password cracking software.
• Firewalls (http://csc.colstate.edu/summers/NOTES/6128/firewalls.html). Students explore the features of firewalls by configuring and testing two different firewalls in a Windows environment.
• Host Security (http://csc.colstate.edu/summers/NOTES/6128/host.html). Students explore host hardening of both Windows and Linux computers by exploring services, managing users and groups, and inspecting various logs on the computers.
Sept. 24, 2005 InfoSecCD 2005 15
CLASSROOM EXPERIENCES WITH SAIL
• Security Auditing (http://csc.colstate.edu/summers/NOTES/6128/audit.html). Students audit the security of the computers on the network by using nmap (http://www.insecure.org/nmap/) to scan for open ports. Students also use nessus (http://www.nessus.org/) to assess the vulnerabilities on the different computers in the SAIL network.
• Traffic Analysis (http://csc.colstate.edu/summers/NOTES/6128/IDS.html) Students use Ethereal (http://www.ethereal.com/) to analyze the traffic on the network in the SAIL lab.
• Building Systems with Assurance http://csc.colstate.edu/summers/NOTES/6136/assurance-lab.html. Students implemented policies to ensure data confidentiality, data availability, and data integrity.
Sept. 24, 2005 InfoSecCD 2005 16
PROBLEMS• One of the early assignments required that students
create their own administrator account in Windows XP. New accounts have the PowerSave option turned on by default. This meant that the computers shut down a short while after the students logged off their account. We have been unable to find a way to change this default setting and had to provide the students with additional instructions to change the PowerSave setting.
• There were a few occasions when a student accidentally shut-down one of the computers instead of logging off. This required that someone needed to drive to campus to restart the computer. We are exploring solutions that will allow us to remotely restart a computer.
• There were times when students were unable to access a computer because all were being used by classmates. We need to improve the scheduling of the computer use.
Sept. 24, 2005 InfoSecCD 2005 17
FUTURE PLANS
• Install Virtual PC on each computer with multiple OSs
• Create assignments – to configure and manage a PIX firewall.– to configure and manage the security of a router.– Explore the vulnerabilities of different network servers
including email, DHCP, DNS, and ftp.– Explore the vulnerabilities of different application
servers including SQL and web servers.– Install, configure and use an intrusion detection
system like snort.
Sept. 24, 2005 InfoSecCD 2005 18
Questions?