Presentation is loading. Please wait.

Presentation is loading. Please wait.

Using An Isolated Network to Teach Advanced Networks and Security

Published byAgnes Howard Modified over 6 years ago

Similar presentations

Presentation on theme: "Using An Isolated Network to Teach Advanced Networks and Security"— Presentation transcript:

1 Using An Isolated Network to Teach Advanced Networks and Security
LTC John M.D. Hill LTC Curtis A. Carver Jr. CPT Jeffrey Humphries Dr. Udo W. Pooch

2 Agenda Introduction Active Learning and Cooperative Groups
Lab Architecture Issues in Building a Security Lab Questions and Conclusions 11/20/2018 Presented to the 32nd Technical Symposium on Computer Science Education (SIGCSE) Conference

3 Introduction Texas A&M University has been teaching a graduate class in Computer Security since The class utilizes an isolated network security lab to prove a cooperative, active learning opportunity for the students. The purpose of the class is to teach students about network security in an active learning environment. The purpose the security lab is to isolate the effects of this active learning from the rest of the campus and departmental networks. 11/20/2018 Presented to the 32nd Technical Symposium on Computer Science Education (SIGCSE) Conference

4 Introduction (continued)
The lab is isolated by a combinations of hardware and software safeguards: All components of the lab connect to a single router. The router’s gateway is through a proxy firewall server. Students can access the lab remotely only by logging into the firewall. 11/20/2018 Presented to the 32nd Technical Symposium on Computer Science Education (SIGCSE) Conference

5 Active Learning 70% of the student’s grade is the lab exercise.
Students must learn and actively apply classroom lessons in order to pass the course. The exercise is self-directed. Students must research, code, and implement solutions to the exercise. Students do not attack passive systems. Instead, the systems are actively being defended by fellow students. 11/20/2018 Presented to the 32nd Technical Symposium on Computer Science Education (SIGCSE) Conference

6 Persistent Learning Groups
Students must work together as a team because: The problem presented to students is too complex and time-consuming for one student to solve. The exercise is weighted heavily. Without success in the lab, students will fail. Students learn more from each other than they ever would from a professor. 11/20/2018 Presented to the 32nd Technical Symposium on Computer Science Education (SIGCSE) Conference

7 Lab Architecture Inferno 1 Router Firewall Heaven Inferno 2 Arcadia
Gabriel Server Switch Attack Switch Inferno 4 Utopia Research Switch Inferno 5 Research 5 Limbo Research 4 Boot Server Research 1 Research 2 Research 3

8 Attack Components These are the student attack platforms.
Each student team has access to a SPARC workstation and personal computer that is configured to run both Window NT and LINUX. This allows the students to attack using three different operating systems. Student teams have complete configuration control over their attack platform and may enable or disable whatever services they desire. 11/20/2018 Presented to the 32nd Technical Symposium on Computer Science Education (SIGCSE) Conference

9 Server Components These components are generally the systems the students are attacking. There are some component systems that are off-limits (St Peter, Boot Server). There are some components that can be attacked that the students do not know about (Gabriel). 11/20/2018 Presented to the 32nd Technical Symposium on Computer Science Education (SIGCSE) Conference

10 Sever Components (continued)
The remaining systems present a variety of operating systems with different levels of security: Limbo SunOS 2.4 system with no security patches. Utopia is Solaris 2.5 system with the latest security patches and standard services. Xanadu is a hardened server with the latest security patches and limited access. 11/20/2018 Presented to the 32nd Technical Symposium on Computer Science Education (SIGCSE) Conference

11 Server Components (continued)
Heaven is a Window NT and HTTP server with the latest patches applied. Arcadia is a Linux server. Gabriel is a remote logging station. 11/20/2018 Presented to the 32nd Technical Symposium on Computer Science Education (SIGCSE) Conference

12 Research Components These components are research systems that can be used to develop and analyze security systems in a hostile environment. As an example, they are currently being used to evaluate intrusion detection systems that feature active intrusion response mechanisms. 11/20/2018 Presented to the 32nd Technical Symposium on Computer Science Education (SIGCSE) Conference

13 Additional Security Tools Employed
Tiger – vulnerability scanner Tripwire – Integrity checker TCPWrapper – network protocol tool 11/20/2018 Presented to the 32nd Technical Symposium on Computer Science Education (SIGCSE) Conference

14 Issues Delineation of lab and real world activities.
Protection of the network lab so that it cannot be used to launch attacks outside of the lab. The high maintenance cost of providing a mix of operating systems at different levels of security. 11/20/2018 Presented to the 32nd Technical Symposium on Computer Science Education (SIGCSE) Conference

15 Questions and Conclusions
11/20/2018 Presented to the 32nd Technical Symposium on Computer Science Education (SIGCSE) Conference

Download ppt "Using An Isolated Network to Teach Advanced Networks and Security"

Similar presentations

An Isolated Network in Support of an Advanced Networks and Security Course LTC Curtis A. Carver Jr. LTC John M.D. Hill Dr. Udo W. Pooch.

An Isolated Network in Support of an Advanced Networks and Security Course LTC Curtis A. Carver Jr. LTC John M.D. Hill Dr. Udo W. Pooch.
Network Management Basics Network management requirements OSI Management Functional Areas –Network monitoring: performance, fault, accounting –Network.

Network Management Basics Network management requirements OSI Management Functional Areas –Network monitoring: performance, fault, accounting –Network.
Computer Security II Lecturer – Lynn Ackler – Office – CSC 222 – Office Hours 9:00 – 10:00 M,W Course – CS 457 – CS 557.

Computer Security II Lecturer – Lynn Ackler – Office – CSC 222 – Office Hours 9:00 – 10:00 M,W Course – CS 457 – CS 557.
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
5-Network Defenses Dr. John P. Abraham Professor UTPA.

5-Network Defenses Dr. John P. Abraham Professor UTPA.
1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.

1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.
Supervision of Production Computers in ALICE Peter Chochula for the ALICE DCS team.

Supervision of Production Computers in ALICE Peter Chochula for the ALICE DCS team.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Rendezvous – a DIY VPN (profiting from mobile access to the enterprise) Rendezvous Server ET bjecvalu O.

Rendezvous – a DIY VPN (profiting from mobile access to the enterprise) Rendezvous Server ET bjecvalu O.
An Integrated Framework for Dependable Revivable Architectures Using Multi-core Processors Weiding Shi, Hsien-Hsin S. Lee, Laura Falk, and Mrinmoy Ghosh.

An Integrated Framework for Dependable Revivable Architectures Using Multi-core Processors Weiding Shi, Hsien-Hsin S. Lee, Laura Falk, and Mrinmoy Ghosh.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Module 11: Supporting Remote Users. Overview Establishing Remote Access Connections Connecting to Virtual Private Networks Configuring Authentication.

Module 11: Supporting Remote Users. Overview Establishing Remote Access Connections Connecting to Virtual Private Networks Configuring Authentication.
Introduction to Computer Administration System Administration

Introduction to Computer Administration System Administration
Avanade: 10 tips for å sikring av dine SQL Server databaser Bernt Lervik Infrastructure Architect Avanade.

Avanade: 10 tips for å sikring av dine SQL Server databaser Bernt Lervik Infrastructure Architect Avanade.
LINUX Security, Firewalls & Proxies. Course Title Introduction to LINUX Security Models Objectives To understand the concept of system security To understand.

LINUX Security, Firewalls & Proxies. Course Title Introduction to LINUX Security Models Objectives To understand the concept of system security To understand.
1 Creating a Virtual Laboratory to Teach Information Assurance Courses Online Dr. Wayne Summers & Dr. Bhagyavati Columbus State University Columbus, Georgia.

1 Creating a Virtual Laboratory to Teach Information Assurance Courses Online Dr. Wayne Summers & Dr. Bhagyavati Columbus State University Columbus, Georgia.
 Prototype for Course on Web Security ETEC 550.  Huge topic covering both system/network architecture and programming techniques.  Identified lack.

 Prototype for Course on Web Security ETEC 550.  Huge topic covering both system/network architecture and programming techniques.  Identified lack.
CPMT 1451 IT Essentials: PC Hardware and Software ITCC 1301 Cisco Exploration 1: Network Fundamentals ITCC 1304 Cisco Exploration 2: Routing Protocols.

CPMT 1451 IT Essentials: PC Hardware and Software ITCC 1301 Cisco Exploration 1: Network Fundamentals ITCC 1304 Cisco Exploration 2: Routing Protocols.
Honeypot and Intrusion Detection System

Honeypot and Intrusion Detection System
OV 12 - 1 Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

Similar presentations

Ads by Google