A Laboratory Based Course on Internet Security

1
A Laboratory Based Course on Internet Security

• Prabhaker Mateti
• Wright State University
• Dayton, OH 45435
• NSF DUE-9951380

2
Goals

• Awareness of Security Issues
• Teach security improvement techniques
• Explain how exploitable errors have been made in
  the development of software.
• Raise the level of ethics awareness
• Bring attention to legal issues

3
Assumptions in the Course Design

• Beliefs?
• Lab-oriented?
• Whole course or Distributed into
• Required or Elective?
• 10 weeks or 15?

4
The course needs to be lab-oriented.

• I hear and I think. I see and I remember.
  I do and I know.
• -- Confucius

5
Should be a course by itself.

• Integrating security concepts into other courses
  is very difficult.
• Easier to propose and implement an entire course
  that is new.

6
Should be a Required Course.

• Security exploits have become way too-common.
• Can motivate why Software Development should be a
  more rigorous discipline.
• Many security topics synthesize what is learned
  in several disparate and un-integrated courses.

7
Can only be an Elective Course.

• Most BS Degree Requirements are too full of core
  and required courses.
• Required Courses cannot be downgraded to
  Electives.
• Cannot even re-work n required courses into m
  required courses, m lt n.
• Is it a discipline ?

8
Term or Semester Course

• Both must be accommodated Term 10, semester
  15 weeks
• At WSU

9
Course Logistics

• Lectures on topic one per week
• Lectures on experiment one per week
• Lab experiments one per week
• First week, only lectures. (May be second week
  too.)

10
Currently Available Material

• Books
• Websites
• Courses elsewhere

11
Books on Security

• Many books, gt 500
• Academic text books, in the tens.
• Garfinkel and Spafford 1996/2003, Practical UNIX
  Internet Security, O'Reilly.
• Rubin 2001, White-hat Security Arsenal, Addison
  Wesley.
• Stallings 1998, Cryptography and Network
  Security, Prentice Hall.
• Bishop 2003, Computer Security, Addison Wesley.

12
Amazon.com book search results(2003/02/19,
1900 PST)
Network security 714
Internet security 910
Computer security 2673
System security 1328
Homeland security 45
Security 32000
13
Web Sites

• There is an oceanic amount of material on
  network security available over the Internet.
  -- A Web Page.
• How do we define a Security Web Site?
• 1000 web sites

14
A Few Chosen Security Websites

• www.incidents.org
• www.cert.org
• www.cerias.purdue.edu
• www.securityfocus.com
• lwn.net/security
• www.microsoft.com/security
• www.phrack.com

15
Courses Elsewhere

• Many commercial courses.
• Academic courses
• Mostly graduate level
• Focused on cryptography
• Principles and concepts only
• Projects, not Lab Experiments
• E.g., theory.lcs.mit.edu/rivest/
  crypto-security.html
• Thirty-six Centers of Academic Excellence in
  Information Assurance Education sponsored by NSA
  www.nsa.gov/isso/programs/nietp/ newspg1.htm

16
What We Developed

• About 30 lectures, 75 minutes each.
• About 25 lab experiments, 2 hours each
• Security Lab setup details.
• Collected articles on Ethics and Legal Issues.
• Past exams, and links to code.
• A support website, with the above.
• At WSU, introduced a new course, CEG 429
  Internet Security.

17
Overview of Course Contents

• Depth v Breadth
• Choice of Topics
• Design of Experiments
• CEG429 week-by-week

18
Depth v Breadth

• Discuss current security breaches and protection
  measures ? breadth.
• Conduct experiments knowledgeably ? depth.

19
Internet Security

• Trojan Horses, Viruses and Worms
• Privacy and Authentication
• TCP/IP exploits
• Firewalls
• Cryptography
• Secure Config of Personal Machines
• Buffer Overflow and Other Bug Exploitation
• Writing Bug-free and Secure Software
• Secure e-Commerce Transactions
• Ethics and Legal Issues

20
(No Transcript)
21
Typical Article on our Website

• Title
• Summary
• Educational Objectives
• Background Information
• Pre-Lab and Suggested Preparation
• Procedures
• Appendix A Acronyms
• Appendix B Further Reading Links
• Appendix C Notes to TAs

• Procedures
• Step 1, 2,
• Achievement Test
• Concluding Activities
• Demo
• Witness Report
• Lab cleanup
• Report on the Experiment

22
Lab Experiments Developed

1. Experience serious nuisance.
2. Viruses, Worms, and Trojans.
3. Boot from power up to login
4. System Administration.
5. Password Cracking Tools.

23
Lab Experiments Developed

1. One-time passwords, and secure shell.
2. Privacy Enhancing Tools.
3. Securely configure a Linux PC.
4. Fortification of a System.
5. Build a hardened kernel.
6. Setup a router.
7. Install and Run a network sniffer.

24
Lab Experiments Developed

1. Hijack an on-going telnet session.
2. User authentication and spoofing.
3. DNS spoof.
4. Download a rootkit and install.
5. Install and discover back doors
6. White-Hat Security Tools.

25
Lab Experiments Developed

1. Buffer Overflow Exploits.
2. Packet Filter Firewall.
3. Probing For Weaknesses.
4. Denial-of-Service Attacks.
5. Design Weaknesses of TCP.
6. Security Audit.
7. IPv6-enabled kernel, and tools.

26
(No Transcript)
27
Ethics

• Sign on to our Ethics Statement
• The Ethics of Hacking. A discourse by "Dissident"
  www.attrition.org/modify/texts/hacking_texts/hace
  thic.txt
• The Hackers Ethic. The six tenets from Steven
  Levy, "Heroes of the Computer Revolution".
  project.cyberpunk.ru/idb/hacker_ethics.html
• OSU Ethics Website. www.cgrg.ohio-state.edu/Astro
  labe
• Codes of Ethics from ACMIEEE.
• www.onlineethics.org
• www.ethics.org

28
Ethics Statement

• In this course I am learning network and computer
  security principles.  It is a 10-week long
  course, with a prerequisite of general
  understanding of operating systems and computer
  networks.  I realize that this learning is just a
  beginning. 
• I  assure the instructor, the University, and the
  world that I am a caring, responsible, and
  principled person.  I will  help create a better
  world.  Never will I engage in activity that
  deprives others in order to benefit from it.
• The techniques and links that I am exposed to are
  for educational purposes only.  As a power user
  of computers and future network or systems
  administrator, I must be familiar with the tools
  that may be used to bring a network down.   A may
  engage in a legitimate form of hacking, or more
  precisely, ethical hacking, as a consultant who
  performs security audits.  This is the driving
  force in learning the past attack techniques.
• I will not directly provide anyone with the tools
  to create mischief.   Nor shall I pass my
  knowledge to others without verifying that they
  also subscribe to the principles apparent in this
  statement.
• I will not engage in or condone any form of
  illegal activity including unauthorized
  break-ins, cracking, or denial of service
  attacks.
• ___________________________    _____________
  ______________________Name of the student
  Signature and Date

29
Internet Security Lab Setup

• PCs, NICs, Switches, Cables
• Each PC with 2 NICs
• Physically Isolatable
• Private Network
• Linux-based Firewall-cum-Router

30
OSIS Operating Systems and Internet Security Lab

• Room 429, Russ Engineering Center, WSU
• In continuous use since November 1999
• 26 PCs in the lab for students' use, and one web
  server, one router, one file server, and one PC
  for re-configuration experimentation.
• Shared Lab
• Operating Systems Courses, CEG 433,434
• Distributed Computing Courses, CEG 730,830
• Multiple Operating Systems

31
OSIS Operating Systems andInternet Security Lab

• 1999
• Lab
• 26 PC s (PIII 450MHz, 128 MB RAM, 13 GB HDD)
• 8 Fast Ethernet Switches
• Operating Systems
• Caldera Open Linux 2.3
• Kernel 2.2.10
• Windows NT 4
• Windows 98 SR2

• 2003
• Lab
• 26 upgraded PC s (2PIII 450MHz, 512 MB RAM, 13
  GB HDD)
• 8 Fast Ethernet Switches
• Operating Systems
• Mandrake Linux 8.2/9.0
• Linux 2.4.x
• Windows XP
• Windows 98 SR2

32
OSIS Operating Systems andInternet Security Lab

• All the PCs are on a private LAN
• One Fast Ethernet switch for each a group of 4-6
  PCs.
• Each PC is loaded with
• Linux Mandrake 8.2/9.0
• Windows XP
• Windows 98.
• Boot into one of these via ntldr

33
osis111.cs.wright.edu

• All the lab PCs 192.168..
• router.osis.cs.wright.edu 192.168.17.111
• osis111.cs.wright.edu 130.108.17.111
• IP Filtering Router Firewall
• All Internet connections are through the Firewall
• IP masquerading

34
Security Software

• Secure Shell, PGP,
• Firewall Kits
• Tools
• Top 50 Security Tools survey from www.nmap.org
• http//www.packetfactory.net
• nmap, SAINT,
• tcpdump, ethereal, snort,
• Password cracking
• Tcpwrapper

35
Lab Maintenance

• Individual student logins.
• Students need to be superusers.
• Reload OS images periodically.
• Update packages.
• Forgotten passwords, etc.
• Students files are not archived.

36
Cloning the OS Images

• Setup a Golden Client.
• Several cloning tools exist
• Symantec Ghost
• Open source SystemImager
• Open source UDPcast
• None of the above deal (well) with multiple file
  volumes from multiple OS.
• Takes about 45 minutes for 26 PCs
• Individualize Each PC
• Hostname
• IP address
• Ssh host keys

37
Teaching Experience

• Lectures must be updated to keep up with software
  patched with the latest.
• Most students take the course in their (semi-)
  final term.
• Cannot find knowledgeable TAs.

38
Learning Experience

• Considerable amount of wow effect.
• We really learned a lot!
• Prerequisite
• Computer Networking, CEG 402 Wrong?
• Operating Systems, CEG 433 Right?

39
Goals Achieved

• Awareness of Security Issues
• Teach security improvement techniques
• Explain how exploitable errors have been made in
  the development of software.
• Raise the level of ethics awareness
• Bring attention to legal issues
• Taught Yes, Learned Yes, Believe In it may be.

40
By-Products Students are

• More at ease with real hardware and real software
  not a black box any more.
• Amazed at the Open Source movement, but do not
  understand.

41
If I may urge you

• Introduce a course like this into your
  curriculum.
• Peer-Review the articles on our web site.

42
Links

• CEG 429 Home Pagewww.cs.wright.edu/pmateti/Cours
  es/429 local-link
• OSIS Lab Home Pagewww.cs.wright.edu/pmateti/OSIS
  local-link
• Support Web Sitewww.cs.wright.edu/pmateti/Intern
  etSecurity/ local-link