Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Security Technology

Designing a Security Lab? 33

Posted by Cliff from the building-a-hackers-playground dept.
RanmaPlex asks: "I've been asked by a university professor to design a network security lab for use by about 15 students. Designing a course was asked earlier, but little info was discussed on equipment. It needs to be vendor independent if possible. I've got ideas on using virtual machines, patches, IDS, firewalls/vpn and sniffers but would like to know what the Slashdot community can come up with."
This discussion has been archived. No new comments can be posted.

Designing a Security Lab? More

Designing a Security Lab?

Comments Filter:

  • Variety (Score:3, Informative)

    by Synic ( 14430 ) on Wednesday October 08, 2003 @04:02PM (#7165822) Homepage Journal
    Whatever you ultimately decide on, it would be best for a good security education to include a variety of platforms and hardware so that students can experience different things. For example, if you have something along these lines:

    n = # of students

    (n/2) PC's running Windows XP / Linux / Solaris-x86 triple boot set-ups -- for them to hack from and get hacked by... If you play a competitive game of "you get x minutes to secure your box on y OS, then everyone try to hack each other's boxes-- figure out what OS they are running, and what (if any) known vulnerabilities it has."

    Throw in another box that's to run as a "server," run by the teacher-- it's a similar dual or triple boot box to provide variety.

    A few routers & switches of different brands (3Com, Cisco)

    -- Just my $0.02
  • Isn't that what a student would encounter in the real world? Or do you want to make it like every other stupid college course teaching "theory" instead of some valid "experience"?

    • Re:Why vendor independent? (Score:1, Insightful)

      by Anonymous Coward

      Isn't that what a student would encounter in the real world?

      Not in my experience. If you work in security, you are very likely to encounter rather heterogeneous networks, or different vendors on different networks. Additionaly a number of security tools are targeted at specific platforms, and will not always have analogs on your specific platform of choice. Also it is useful to able to test known exploits that only occur with a specific vendors tools to learn if other products may be available, or to

      • This is by far the best AC post I've ever seen. Thank you for the excellent reply!

        From a security standpoint are you refering to physical security or system (software) security? The only way vendors make a difference is if they are running something other than the status quo. For example you'll likely encounter these OSes in the real world significantly more often than not: Windows, Solaris, HP-UX, Linux, MacOS, ... as far as servers go. On desktops it's overwhelmingly Windows. So from a real-world standpo
    • Or do you want to make it like every other stupid college course teaching "theory" instead of some valid "experience"?

      That's what collage is supposed to do. Teach you the basic theory of how things work. You can't learn experience, but if you learn theory, then you should be able to figure out practical application. If not, then you probably chose the wrong major.

  • The equipment you need has the initials "J.D." (Score:4, Interesting)

    by orthogonal ( 588627 ) on Wednesday October 08, 2003 @04:20PM (#7165899) Journal
    I've been asked by a university professor to design a network security lab for use by about 15 students... but little info was discussed on equipment. It needs to be vendor independent if possible.

    Your first and most important piece of equipment: a lawyer.

    No, I'm serious. Especially if you and your students will be investigating aspects of network security.

    Given the current mess involving "business process" patents and "Intellectual Property" and stealth/submarine patents, there's no guarantee that what seems obvious to you or your students may not be something somebody else claims as their sole property for the next 20 years. So far, that only opens you to years of litigation and the possibility of crippling penalties. You're lucky it only goes that far.

    Because...

    Given the current state of the U.S. law -- specifically the DMCA -- it's no longer clear that reverse engineering is legal. Anytime somebody, er, some corporation -- such as printer manufacturer Lexmark -- claims they've built an anti-circumvention device into their product -- you and your students face the possibility of civil and criminal penalties.

    And ...

    Not to mention that in our zeal to "protect" ourselves post 9-11, what may seem to you or your students to be reasonable and even noble acts -- like pointing out software vulnerabilities that hackers or terrorists might use -- may be itself construed as hacking or even terrorism [slashdot.org]. And prosecuted accordingly.

    Perhaps I'm overstating the legal barriers to innovation and research. I hope I am. But you owe it to yourself, your students, and your institution to hope for the best while preparing for the worst.

    And I'm afraid the way you prepare for the worst in America in 2003 is by getting yourself a lawyer.

    (PS, is it just me, or is Slashdot intermittently very very slow to respond -- that is, is Slashdot being, uh, Slashdotted?)
    • I was having all kinds of problems this morning. The pages would load, but when I tried to login nothing would happen at all, this happened multiple times under links, mozilla, and firebird. Then when I managed to login and tried to post, I repeatedly got a 500 Internal Server Error, over ten times in a row on one post. So it's not just you, although things have been smooth on my end since a few hours back. PS - I'll be damned, I just got another 500 error when trying to post this. Something is definitely
  • Set up a Honeynet [honeynet.org]. Nothing more insightful than watching real attackers trying to do their thing, without having to worry about getting them off your production systems ASAP.

    It is a much better way to learn about the real security risks than trying to come up with a network secured against threats learned from books only.

    Another good idea to enlighten your students is to have them install one redhat 6.0 box, and a current one. Likely, the 6.0 box will be rooted in a matter of hours, or, if you are lucky

  • Ask someone who has already done it... (Score:3, Informative)

    by ubiquitin ( 28396 ) * on Wednesday October 08, 2003 @04:41PM (#7165947) Homepage Journal
    The STEAL [unomaha.edu] lab at the Nebraska University Consortium of Information Assurance has a pretty nice setup that sounds similar to what the AskSlashdot post described. One thing I noticed when walking by the lab: they have signs up indicating that if you walk in through their door with a USB keydrive or a CDR, you can plan on walking out without it. The basic idea is that no electronic media, whatsoever, is allowed in or out without a CAREFUL audit of what's going on. If you're going to play with live viruses, the setup demands nothing less, I suppose. Remember that if you don't have physical security, network security doesn't make any difference.
  • You should check with www.securityie.com about the hardware required for the CCIE Security certification. You might have to use some cisco hardware, but for the most part, it will be a bunch of Linux, OpenBSD and Solaris machines, some windows machines and some other Linux machines with traffic generation software. You will also need an Internet connection and a domain name, so you can direct real outside spam and other attacks to yourself.

    Here's a better idea. If you are in a university, setup a server an
  • I setup an operating system lab at UBC a few years ago. It consisted of about 10 PCs connected to a serial port hub and a "reset controller". Basically, you interacted with them via the serial ports and telnet and the reset controller allowed the students to reboot them on command. I actually found the software and schematics for the controller at another university (can't remember which). The operating system (in this case Xinu - think simple Unix) was loaded via tftp. All of this was accessible from
  • i suggest locks on the doors and the windows
  • Set up your network using this topology [mit.edu] -note that your computers are in bottom-center, with firewall between you and your attackers. To control it all, get a command center [adpolice.net] inside a facility like this [sbs.com.au]. Of course, you'll need physical security; try using a giant robot [iespana.es]. Make sure your pilot isn't a total wuss, though. Oh, and make sure you have large cooling units filled with these [dcc-jpl.com].
  • Focus on the problem. Get the students to understand the problems; Why security is an issue (insecure programs, design flaws,etc.). Make them be able to advocate secure programs/programming. Make them advocates against design flaws Teach them how to track current security issues. How to prevent the/keep up with latest patches etc. (+ ofcourse the obvious things you already mentioned.)

  • Here's something to include: (Score:3, Interesting)

    by crazyphilman ( 609923 ) on Wednesday October 08, 2003 @06:47PM (#7166994) Journal
    A traditional multi-tier enterprise setup:

    Database
    -
    Middleware server
    -
    Intranet web server (inside firewall)
    -
    Firewall (separate machine)
    -
    Web server (DMZ machine)
    -
    Client boxes

    You might want to set up a few common architectures:

    Oracle and SQL Server databases on backend / Windows 2000 middleware / Firewall (hardware? an enterprise special-purpose firewall?) / Windows 2000 web server (Note that this architecture could be duplicated, one set with traditional ASP and COM+, and one with .Net across the board; you might not want to mix them on the same set of servers, because you're interested in vulnerabilities, right? So you might have older ASP/MTS server setups, and newer .Net ones).

    Oracle, MySQL, and PostGresql databases on backend / Linux or FreeBSD based middleware / Linux or FreeBSD based firewall / Linux or FreeBSD based Apache web server (Note that this architecture probably would be java based, so you could use JBoss as your app server, etc)

    Of course, this is just off the top of my head, but my thinking is, if you duplicate what people are actually using out in the world, then you'll learn more about the vulnerabilities and the countermeasures that are out there...

    • It looks a LOT like everybody in this thread is pretty well versed in hardening the network from outside attacks, but I would suggest that they have a clueless secretary (or PHB) equiv of a workstation inside the firewall and from time to time have it automagically do stuff like : run email attachments, install spyware, randomly delete files on network shares it has access to, install random packages on top of each other out on the network, try to share some mp3 files using any number of available P2P clien
      • Pretty good points, and people should be educated about the dangers of social engineering, but I'm not sure if I'd add a PHB computer to the mix. At least not across the board; maybe in an isolated test setup on the far side of the room with "PHB" in big letters over the workstation...

  • I checked out the STEAL lab setup and it sounds incredible, but alot of that stuff seems a tad unnecessary, especially if your talking about less than 20 students.

    My ideal lab would consist of as few specialized systems/peices of equiptment as possible, and a surplus of all purpose, say P4 or equivalent AMD boxes.

    For example, I wouldn't consider a lab such as you're describing without a few cisco routers or network appliances. You may also want some specialized hardware for a specail sun server or Unix
    • I've had good results with G4U [feyrer.de], a free NetBSD based boot floppy imaging system. Total requirements are nice-- 1 floppy or CDROM, 1 ftp server, 1 dhcp server. We cloned my kids whole school quite quickly using this system and I've had good results on a laptop as well.
  • Rather than having the students attacking each other, let them concentrate on securing their own box. Simply put all their boxes live on the internet and post their IP addresses here on Slashdot, so as to let all Slashdot readers openly attack them. There sure are enough of us. Now there's some valuable real world experience.

  • Lab Ideas (Score:2, Interesting)

    by servicepack158 ( 678320 )
    You can use knoppix STD and Phlak Bootable linux distros to keep the machines clean and give the students tools and "hacking" experience. I also recommend Target machines (i.e. windows server(web/email etc), solaris server, linux server, couple windows desktops) and make sure you keep symantec ghost images so you can bring them back to state quickly. Additionally, Firewalls, VPNs, IDS (snort is a good one to learn on). links to stuff: www.phlak.org (pro hacker linux assault kit) www.knoppix.org (cdrom z
  • I used to be a sysadmin here [uidaho.edu] when I was an undergrad, and while the lab grew quite a bit during my time there, there's still a lot that I wanted to do (although sometimes, we were funds-challenged).

    You will also need to think about 1) setting up good security policies and enforcing them, and 2) physical security. There are other things, but I can't think of them right now.

    With regard to policy, you have to remember that security and convenience are often conflicting. Security is a habit that needs to be e

  • Security Lab (Score:1, Insightful)

    by Anonymous Coward
    When a college retires a bunch of computers, some crappy printer, or anything else that might've at one time used electricity, claim it for your lab, otherwise it'll be auctioned off. You'll always be hurting for kit no matter how much funding you have. Note that this implies you need a decent amount of space to store lots of crap that might seem useless now, but will come in handy when you want to try something out that could result in damage to hardware, for example. You don't want to break a shiny new
  • We've got a security-lab here at the University of Hamburg, Germany. We deal with viruses mostly but also with other security-related stuff. If you are planing on working with malware, make shure that your are able to separate your lab-network from the world outside completly. This is the only way to enshure that you wont become a virri-multiplier on accident. Our lab has got the possibility to form 3 independent networks within, using redundant switches. Only one of those networks is connected to the int
  • It takes a little setup, and a little cash, but I believe it makes for the best lab setup possible. I've designed several setups for customers like this:

    - As many servers as you need (8, for example) Buy 8 identical servers - explained later.

    - A Fibre Channel HBA for each host.

    - A Fibre Channel disk array. Preferrably an old XIOtech Magnitude, available on eBay now for $14K - $20K, new from around $60K

    - Connect up to 8 hosts directly to the Magnitude, assign a boot volume to the host from the Mag's ma
  • See the comments by Medusa in this board:


    http://www.security-forums.com/forum/viewtopic.p hp?t=186

    Very insightful stuff. It really makes you sit up and realize HOW insecure your system can be. And that there's nothing to protect you from anyone serious enough unless that you don't matter.

Slashdot Top Deals

Byte your tongue.

Close