Using a Virtual Lab to teach an online Information Assurance Program

1
Using a Virtual Lab to teach an online
Information Assurance Program

• Wayne C. Summers, Bhagyavati, Carlos Martin
• Columbus State University4225 University
  AvenueColumbus, GA 31907 bhagyavati,
  martin_carlos, summers_wayne_at_colstate.edu
• _at_colstate.edu

2
Background

• Programs are being expected to offer online
  courses for our students.
• Many departments of computing are expanding their
  course offerings in computer security and
  information assurance.
• In an online class, students often cannot
  physically attend labs on campus.

3
Background

• In a traditional course in computer security
• lab experiences are typically conducted in an
  isolated computer lab where security problems
  that may occur are unable to affect other
  computers on campus.
• students are able to experiment with security
  software without worry that their experiment may
  impact computer systems outside the isolated lab.
• students can evaluate security of different
  operating systems, attempt to compromise the
  security of computer systems, and install
  additional security mechanisms without concern
  that their actions may affect computers outside
  the lab.

4
Background

• Solution - require that students use their own
  computers.
• Problem - assignments have to be designed so as
  not to be limited by the students computing
  resources. Students typically have access to only
  one computer and one operating system which
  limits the flexibility in the assignments.
• Problem - unwise to allow students to use their
  personal computers to experiment with security
  software.

5
APPROACHES

• Most of the approaches to providing hands-on lab
  experiences utilize a computer lab isolated from
  the Internet.
• Alternative is to develop a virtual network
  environment using simulators
• Virtual Network System (VNS)
• use virtual machines (VM) to emulate the hardware
  of different computers in a network
• VMWare (http//www.vmware.com/),
• Planetlab (http//www.planet-lab.org/),
• Emulab (http//www.emulab.net/)

6
Security and Assurance of Information Lab (SAIL)

• Virtual security lab
• Collection of computers accessible by any student
  who has Internet access
• Authentication into the lab using a Virtual
  Private Network (VPN) concentrator
• Once authenticated into the lab, students are
  able to access any of the computers in the lab
  and complete their assignments without fear that
  there actions will affect computer systems
  outside the lab

7
SAIL Configuration
8
VPN 3000 Concentrator
9
Security and Assurance of Information Lab (SAIL)

• Authentication by the Concentrator through two
  different passwords (group and user).
• Students in the lab have access to all of the
  devices physically located in the lab.
• Access the network remotely without requiring
  physical access to the lab and the devices in the
  lab.
• Able to access the SAIL lab network securely.
• Traffic in the lab is isolated from the
  Internet so if any malware is released in the
  SAIL lab, it is isolated to the lab.
• Only Internet connection in the lab is to the VPN
  Concentrator which is configured to prevent the
  transmission of executables between the Internet
  and the SAIL lab.

10
Security and Assurance of Information Lab (SAIL)

• Students access the Windows computers using
  RealVNC (http//www.realvnc.com/).
• The RealVNC client on the students computer
  allows the student to access the remote Windows
  computer as if the student was sitting at the
  computer.
• Multiple use of the RealVNC client provides the
  student with the capability to access more than
  one remote computer simultaneously.
• Students access the Linux computers using either
  RealVNC for a GUI interface or a SSH client for a
  command-line interface

11
VNC clients
12
Security and Assurance of Information Lab (SAIL)

• SAIL Lab consists of eight computers (Windows XP
  Pro, Windows 2000 Server, Windows 2003 Server,
  Linux) networked with hubs,
• VNC Concentrator (acting as the gateway),
• KVM switch,
• PIX firewall,
• router.

13
SAIL Lab
14
CLASSROOM EXPERIENCES WITH SAIL

• Passwords (http//csc.colstate.edu/summers/NOTES/6
  128/passwords.html). Students are required to
  establish and implement password policies on a
  Windows XP computer as the administrator. After
  they have created a number of accounts with
  different passwords, the students are expected to
  audit the passwords using password cracking
  software.
• Firewalls (http//csc.colstate.edu/summers/NOTES/6
  128/firewalls.html). Students explore the
  features of firewalls by configuring and testing
  two different firewalls in a Windows environment.
• Host Security (http//csc.colstate.edu/summers/NOT
  ES/6128/host.html). Students explore host
  hardening of both Windows and Linux computers by
  exploring services, managing users and groups,
  and inspecting various logs on the computers.

15
CLASSROOM EXPERIENCES WITH SAIL

• Security Auditing (http//csc.colstate.edu/summers
  /NOTES/6128/audit.html). Students audit the
  security of the computers on the network by using
  nmap (http//www.insecure.org/nmap/) to scan for
  open ports. Students also use nessus
  (http//www.nessus.org/) to assess the
  vulnerabilities on the different computers in the
  SAIL network.
• Traffic Analysis (http//csc.colstate.edu/summers/
  NOTES/6128/IDS.html) Students use Ethereal
  (http//www.ethereal.com/) to analyze the traffic
  on the network in the SAIL lab.
• Building Systems with Assurance
  http//csc.colstate.edu/summers/NOTES/6136/assuran
  ce-lab.html. Students implemented policies to
  ensure data confidentiality, data availability,
  and data integrity.

16
PROBLEMS

• One of the early assignments required that
  students create their own administrator account
  in Windows XP. New accounts have the PowerSave
  option turned on by default. This meant that the
  computers shut down a short while after the
  students logged off their account. We have been
  unable to find a way to change this default
  setting and had to provide the students with
  additional instructions to change the PowerSave
  setting.
• There were a few occasions when a student
  accidentally shut-down one of the computers
  instead of logging off. This required that
  someone needed to drive to campus to restart the
  computer. We are exploring solutions that will
  allow us to remotely restart a computer.
• There were times when students were unable to
  access a computer because all were being used by
  classmates. We need to improve the scheduling of
  the computer use.

17
FUTURE PLANS

• Install Virtual PC on each computer with multiple
  OSs
• Create assignments
• to configure and manage a PIX firewall.
• to configure and manage the security of a router.
• Explore the vulnerabilities of different network
  servers including email, DHCP, DNS, and ftp.
• Explore the vulnerabilities of different
  application servers including SQL and web
  servers.
• Install, configure and use an intrusion detection
  system like snort.

18
Questions?