Designing a Security Lab? 33
RanmaPlex asks: "I've been asked by a university professor to design a network security lab for use by about 15 students. Designing a course was asked earlier, but little info was discussed on equipment. It needs to be vendor independent if possible. I've got ideas on using virtual machines, patches, IDS, firewalls/vpn and sniffers but would like to know what the Slashdot community can come up with."
Variety (Score:3, Informative)
n = # of students
(n/2) PC's running Windows XP / Linux / Solaris-x86 triple boot set-ups -- for them to hack from and get hacked by... If you play a competitive game of "you get x minutes to secure your box on y OS, then everyone try to hack each other's boxes-- figure out what OS they are running, and what (if any) known vulnerabilities it has."
Throw in another box that's to run as a "server," run by the teacher-- it's a similar dual or triple boot box to provide variety.
A few routers & switches of different brands (3Com, Cisco)
-- Just my $0.02
Why vendor independent? (Score:2)
Re:Why vendor independent? (Score:1, Insightful)
Not in my experience. If you work in security, you are very likely to encounter rather heterogeneous networks, or different vendors on different networks. Additionaly a number of security tools are targeted at specific platforms, and will not always have analogs on your specific platform of choice. Also it is useful to able to test known exploits that only occur with a specific vendors tools to learn if other products may be available, or to
Re:Why vendor independent? (Score:2)
From a security standpoint are you refering to physical security or system (software) security? The only way vendors make a difference is if they are running something other than the status quo. For example you'll likely encounter these OSes in the real world significantly more often than not: Windows, Solaris, HP-UX, Linux, MacOS,
Re:Why vendor independent? (Score:1)
That's what collage is supposed to do. Teach you the basic theory of how things work. You can't learn experience, but if you learn theory, then you should be able to figure out practical application. If not, then you probably chose the wrong major.
The equipment you need has the initials "J.D." (Score:4, Interesting)
Your first and most important piece of equipment: a lawyer.
No, I'm serious. Especially if you and your students will be investigating aspects of network security.
Given the current mess involving "business process" patents and "Intellectual Property" and stealth/submarine patents, there's no guarantee that what seems obvious to you or your students may not be something somebody else claims as their sole property for the next 20 years. So far, that only opens you to years of litigation and the possibility of crippling penalties. You're lucky it only goes that far.
Because...
Given the current state of the U.S. law -- specifically the DMCA -- it's no longer clear that reverse engineering is legal. Anytime somebody, er, some corporation -- such as printer manufacturer Lexmark -- claims they've built an anti-circumvention device into their product -- you and your students face the possibility of civil and criminal penalties.
And
Not to mention that in our zeal to "protect" ourselves post 9-11, what may seem to you or your students to be reasonable and even noble acts -- like pointing out software vulnerabilities that hackers or terrorists might use -- may be itself construed as hacking or even terrorism [slashdot.org]. And prosecuted accordingly.
Perhaps I'm overstating the legal barriers to innovation and research. I hope I am. But you owe it to yourself, your students, and your institution to hope for the best while preparing for the worst.
And I'm afraid the way you prepare for the worst in America in 2003 is by getting yourself a lawyer.
(PS, is it just me, or is Slashdot intermittently very very slow to respond -- that is, is Slashdot being, uh, Slashdotted?)
Re: PS (Score:2)
Honeynet (Score:2)
It is a much better way to learn about the real security risks than trying to come up with a network secured against threats learned from books only.
Another good idea to enlighten your students is to have them install one redhat 6.0 box, and a current one. Likely, the 6.0 box will be rooted in a matter of hours, or, if you are lucky
Ask someone who has already done it... (Score:3, Informative)
Simple lab (Score:2)
Here's a better idea. If you are in a university, setup a server an
UBC OS Lab (Score:1)
security first (Score:2)
Easy... (Score:2)
Problem (Score:2)
Here's something to include: (Score:3, Interesting)
Database
-
Middleware server
-
Intranet web server (inside firewall)
-
Firewall (separate machine)
-
Web server (DMZ machine)
-
Client boxes
You might want to set up a few common architectures:
Oracle and SQL Server databases on backend / Windows 2000 middleware / Firewall (hardware? an enterprise special-purpose firewall?) / Windows 2000 web server (Note that this architecture could be duplicated, one set with traditional ASP and COM+, and one with
Oracle, MySQL, and PostGresql databases on backend / Linux or FreeBSD based middleware / Linux or FreeBSD based firewall / Linux or FreeBSD based Apache web server (Note that this architecture probably would be java based, so you could use JBoss as your app server, etc)
Of course, this is just off the top of my head, but my thinking is, if you duplicate what people are actually using out in the world, then you'll learn more about the vulnerabilities and the countermeasures that are out there...
Re:Here's something to include: (Score:2)
Re:Here's something to include: (Score:2)
Re:Here's something to include: (Score:2)
Re:Here's something to include: (Score:2)
What a great question! (Score:2, Interesting)
My ideal lab would consist of as few specialized systems/peices of equiptment as possible, and a surplus of all purpose, say P4 or equivalent AMD boxes.
For example, I wouldn't consider a lab such as you're describing without a few cisco routers or network appliances. You may also want some specialized hardware for a specail sun server or Unix
Re:What a great question! (Score:2)
here's an idea (Score:1)
Lab Ideas (Score:2, Interesting)
It's more than just computers (Score:1)
You will also need to think about 1) setting up good security policies and enforcing them, and 2) physical security. There are other things, but I can't think of them right now.
With regard to policy, you have to remember that security and convenience are often conflicting. Security is a habit that needs to be e
Security Lab (Score:1, Insightful)
Isolation (Score:1)
The ultimate in host flexibility (Score:1)
- As many servers as you need (8, for example) Buy 8 identical servers - explained later.
- A Fibre Channel HBA for each host.
- A Fibre Channel disk array. Preferrably an old XIOtech Magnitude, available on eBay now for $14K - $20K, new from around $60K
- Connect up to 8 hosts directly to the Magnitude, assign a boot volume to the host from the Mag's ma
A word of caution (Score:2)
http://www.security-forums.com/forum/viewtopic.
Very insightful stuff. It really makes you sit up and realize HOW insecure your system can be. And that there's nothing to protect you from anyone serious enough unless that you don't matter.