1 j. keller, r. naues: a collaborative virtual computer security lab amsterdam,dec 4, 2006...
TRANSCRIPT
1
J. Keller, R. Naues: A Collaborative Virtual Computer Security Lab Amsterdam,Dec 4, 2006Amsterdam, DEC 4, 2006
Jörg KellerFernUniversität in Hagen, Germany
joint work with Ralf Naues
A Collaborative Virtual Computer
Security Lab
2
J. Keller, R. Naues: A Collaborative Virtual Computer Security Lab Amsterdam,Dec 4, 2006
• Motivation and Challenges
• Prototype Design
• Task Design
• Conclusion and Future Work
Outline
3
J. Keller, R. Naues: A Collaborative Virtual Computer Security Lab Amsterdam,Dec 4, 2006
• Computer and network security important, hence present in curricula
• Course work to be complemented by lab work
• Good training necessary: single flaw can render useless all efforts
• Distance teaching not really an issue, as security administration remotely performed
Introduction and Motivation
4
J. Keller, R. Naues: A Collaborative Virtual Computer Security Lab Amsterdam,Dec 4, 2006
• Large student numbers- admin tasks prevent sharing of machines- providing many machines prohibitive due to restricted resources- sequence of tasks requires ability to reset to stable configuration
• Checking completion of tasks- task nature requires tests to support supervisors- simplifies handling of large numbers as a side-eff.
Challenges
5
J. Keller, R. Naues: A Collaborative Virtual Computer Security Lab Amsterdam,Dec 4, 2006
• Basic Design Decision:Use Virtual Machines on the campus siteUse student computer at home to access campus site
• Requires students to run browser, VPN and ssh client
• Virtualization: VmWare
Lab Network Design I
6
J. Keller, R. Naues: A Collaborative Virtual Computer Security Lab Amsterdam,Dec 4, 2006
Lab Network Design II
7
J. Keller, R. Naues: A Collaborative Virtual Computer Security Lab Amsterdam,Dec 4, 2006
• Start with simple tasks:acquire certificateVPN client and SSH clientconnect to lab server
• Next: install and configure firewall and IDS systemsiptables, tripwire, snort, honeypot
• Finally: student groups perform complex tasks
Task Design I
8
J. Keller, R. Naues: A Collaborative Virtual Computer Security Lab Amsterdam,Dec 4, 2006
• Tasks designed to be testable by script
• Example: install firewall so that telnet service is not available to the outside
• Checking that telnet cannot be used is easy, but not enough
• Script also checks that other services (like ssh) are still available from the outside
• Realization: port scan and firewall log file check
Task Design II
9
J. Keller, R. Naues: A Collaborative Virtual Computer Security Lab Amsterdam,Dec 4, 2006
• Tasks available via web-based student interface
• Includes help pages with links to tool manuals etc
• Possible to access test script result and supervisor comments
• Supports self study and self assessment
Task Design III
10
J. Keller, R. Naues: A Collaborative Virtual Computer Security Lab Amsterdam,Dec 4, 2006
Task Design IV
11
J. Keller, R. Naues: A Collaborative Virtual Computer Security Lab Amsterdam,Dec 4, 2006
Collaboration
• CURE system is used for collaboration
• Virtual rooms for communication and exchanging
• Secured through personalized keys
• Reservation scheme for the virtual server
12
J. Keller, R. Naues: A Collaborative Virtual Computer Security Lab Amsterdam,Dec 4, 2006
• Lab starts operation in Spring 2007
• Use CSCW system for group tasks
• Integrate lab server with CSCW for single sign-on
THANK YOU VERY MUCHFOR YOUR ATTENTION
Conclusion and Future Work