OpenLabs Security Laboratory

Slides:

Advertisements

Similar presentations

An Isolated Network in Support of an Advanced Networks and Security Course LTC Curtis A. Carver Jr. LTC John M.D. Hill Dr. Udo W. Pooch.

Advertisements

WSUS Presented by: Nada Abdullah Ahmed.

Microsoft Windows Server 2008 Software Deployment Chris Rutherford EKU Technology: CEN/CET.

Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.

Deliver your Technology-Based Labs with VMware Lab Manager 5/6/2010 Michael Fudge.

Network Redesign and Palette 2.0. The Mission of GCIS* Provide all of our users optimal access to GCC’s technology resources. *(GCC Information Services:

Remote Desktop Security Raghav Chawla, Jon Ussery Group 20.

1 MASTERING (VIRTUAL) NETWORKS A Case Study of Virtualizing Internet Lab Avin Chen Borokhovich Michael Goldfeld Arik.

16.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 16: Examining Software Update.

1. Outline Introduction Virtualization Platform - Hypervisor High-level NAS Functions Applications Supported NAS models 2.

VMWare Workstation Installation. Starting Vmware Workstation Go to the start menu and start the VMware Workstation program. *Note: The following instructions.

Customer Sales Presentation Stoneware webNetwork Powered by ThinkServer.

© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Strategies in Linux Platforms and.

Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.

Chapter 2: Installing and Upgrading to Windows Server 2008 R2 BAI617.

About the Presentations The presentations cover the objectives found in the opening of each chapter. All chapter objectives are listed in the beginning.

Customized cloud platform for computing on your terms !

STAR CBT Tryout Setting Up Your Computer Systems for the STAR CBT Tryout for Technical Coordinators J.

An Introduction to IBM Systems Director

© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice HP CM8060/8050 Color MFP with Edgeline.

Advanced Network Solutions Company Ltd | Scodix 1200.

Honeypot and Intrusion Detection System

VNC Greg Fankhanel Jessica Nunn Jennifer Romero. What is it? Stands for Virtual Network Computing It is remote control software which allows you to view.

1 KFUPM Enterprise Network Sadiq M. Sait

Cloud Computing & Amazon Web Services – EC2 Arpita Patel Software Engineer.

The Open Source Virtual Lab: a Case Study Authors: E. Damiani, F. Frati, D. Rebeccani, M. Anisetti, V. Bellandi and U. Raimondi University of Milan Department.

COMPTUER CLUSTERING WITH LINUX-ON-CD Robert Ibershoff Computer Electronic Networking.

Windows Small Business Server 2003 Setting up and Connecting David Overton Partner Technical Specialist.

608D CloudStack 3.0 Omer Palo Readiness Specialist, WW Tech Support Readiness May 8, 2012.

Module 9: Preparing to Administer a Server. Overview Introduction to Administering a Server Configuring Remote Desktop to Administer a Server Managing.

Lanxin Ma Institute of High Energy physics (IHEP) Chinese Academy of Sciences September 30, 2004 CHEP 2004, Interlaken The Security Protection System at.

Remote Access Using Citrix Presentation Server December 6, 2006 Matthew Granger IT665.

Virtualization for the LHCb Online system CHEP Taipei Dedicato a Zio Renato Enrico Bonaccorsi, (CERN)

1 J. Keller, R. Naues: A Collaborative Virtual Computer Security Lab Amsterdam,Dec 4, 2006 Amsterdam, DEC 4, 2006 Jörg Keller FernUniversität in Hagen,

Secure Wired Local Area Network( LAN ) By Sentuya Francis Derrick ID Module code:CT3P50N BSc Computer Networking London Metropolitan University.

The DCS lab. Computer infrastructure Peter Chochula.

Computer Security Risks for Control Systems at CERN Denise Heagerty, CERN Computer Security Officer, 12 Feb 2003.

© 2002 Global Knowledge Network, Inc. All rights reserved. Windows Server 2003 MCSA and MCSE Upgrade Clustering Servers.

Module 10: Windows Firewall and Caching Fundamentals.

WebCCTV 1 Contents Introduction Getting Started Connecting the WebCCTV NVR to a local network Connecting the WebCCTV NVR to the Internet Restoring the.

Hands-On Virtual Computing

Windows Terminal Services for Remote PVSS Access Peter Chochula ALICE DCS Workshop 21 June 2004 Colmar.

CS 283Computer Networks Spring 2013 Instructor: Yuan Xue.

@Yuan Xue CS 283Computer Networks Spring 2011 Instructor: Yuan Xue.

Technology Requirements for Online Testing Training Module Copyright © 2014 American Institutes for Research. All rights reserved.

Deterlab Tutorial CS 285 Network Security. What is Deterlab? Deterlab is a security-enhanced experimental infrastructure (based on Emulab) that supports.

This courseware is copyrighted © 2016 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.

SMOOTHWALL FIREWALL By Nitheish Kumarr. INTRODUCTION  Smooth wall Express is a Linux based firewall produced by the Smooth wall Open Source Project Team.

Installation Guacamole Is a web application that provides access to desktop environments using remote desktop protocols (such as VNC or RDP); Installation.

Network and Server Basics. Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server network.

Introduction to Barracuda IM Firewall

RASPBERRY PI WORKSHOP.

Chapter 6: Securing the Cloud

Module 9: Preparing to Administer a Server

Top 5 Open Source Firewall Software for Linux User

OCF servers a very brief overview

Heterogeneous Computation Team HybriLIT

Virtual Network Computing

Enrico Bonaccorsi, (CERN) Loic Brarda, (CERN) Gary Moine, (CERN)

Establishing End-to-End Guaranteed Bandwidth Network Paths Across Multiple Administrative Domains The DOE-funded TeraPaths project at Brookhaven National.

Study course: “Computing clusters, grids and clouds” Andrey Y. Shevel

“Geek Out”: DIY vSphere 5.1 Lab

Outline Overview Development Tools

IS3440 Linux Security Unit 9 Linux System Logging and Monitoring

Using An Isolated Network to Teach Advanced Networks and Security

OPS235: Lab 2 Virtual Machines – Part I

Delivering Distance Learning Experiments in Local Area Networking

SUSE Linux Enterprise Desktop Administration

Module 9: Preparing to Administer a Server

Using and Building Infrastructure Clouds for Science

Presentation transcript:

OpenLabs Security Laboratory The online security experiment platform Johan Zackrisson Charlie Svahnberg

Outline Introduction Requirements Laboratory usage Technical solution Conclusion

History Started in 2006 Continuation of an on-campus security laboratory

Requirements: The Goals Provide a secure environment for remote experiments Must allow advanced security experiments off-campus experiments in advanced security

Advanced security experiments Insecure protocols Insufficient access control Software vulnerabilities See effects of computer viruses ...

Environment Remote controllable Networked Experiment with network services One or more machines Start from a known state Any operating system (x86 at least)

Secure Environment Isolation Student has exclusive access No information can leak to the Internet No information can leak between experiments Can not leave information traces

Hostile Environment Destructive experiments Reboot When a machine hangs Reinstall Need to start over

Laboratory usage From a students point of view Web interface Log in Make reservations

What to install on each machine Reservations When and for how long The number of machines What to install on each machine

Installations Clone images Contains the operating system and the tools needed for the experiment Prepared in advance by the teacher

Before the experiment starts Automatic clone installation Email reminder

The experiment starts Before given access, the student has to choose to start the experiment from the web interface Remote control VNC, Remote Desktop, SSH, X Machine management via the web interface Reboot / Reinstall

The experiment ends The machines are wiped from all information Ready to be used by new experiments

Technical solution

Resources 32 standard rack machines (Xeon, 2.80Ghz, 1Gb RAM) Experiment network (Gigabit) Service machines Power Distribution Units (PDUs)

Core functionality Web interface Cloning / Wiping Firewalling Network switch configuration Power control

Web interface Experiment management Administration

Cloning / Wiping Booted over the network Automatic installation of a prepared clone images Overwrite with zeroes

Firewalling Access are only allowed from the students machine All traffic to/from the experiment must be initiated from the students machine No other traffic can leave the laboratory!

Network switch configuration Managed network switch Dedicated LAN per experiment By using Virtual LAN (IEEE 802.1Q) Isolation between experiments

Power control Done by remote controllable power outlets, Power Distribution Units (PDUs) Force a machine to reboot By the student during experiments By the cloning system

Conclusion Management and reservations Web interface Isolation / Network environment Firewalling Network switch configuration

Automatic installation (and reinstall) Cloning Ability to restart a machine Power control Information leakage Wiping

Other uses Off-campus courses without the possibility to install software Simulations Clustering with LAM/MPI Enable remote access to 3rd party Hardware/Software Antenna Lab

Questions?