Slashdot Mirror

← Back to Stories (view on slashdot.org)

Designing a Security Lab?

Posted by Cliff on from the building-a-hackers-playground dept.

RanmaPlex asks: "I've been asked by a university professor to design a network security lab for use by about 15 students. Designing a course was asked earlier, but little info was discussed on equipment. It needs to be vendor independent if possible. I've got ideas on using virtual machines, patches, IDS, firewalls/vpn and sniffers but would like to know what the Slashdot community can come up with."

4 of 33 comments (clear)

  1. The equipment you need has the initials "J.D." by orthogonal · · Score: 3, Interesting

    I've been asked by a university professor to design a network security lab for use by about 15 students... but little info was discussed on equipment. It needs to be vendor independent if possible.

    Your first and most important piece of equipment: a lawyer.

    No, I'm serious. Especially if you and your students will be investigating aspects of network security.

    Given the current mess involving "business process" patents and "Intellectual Property" and stealth/submarine patents, there's no guarantee that what seems obvious to you or your students may not be something somebody else claims as their sole property for the next 20 years. So far, that only opens you to years of litigation and the possibility of crippling penalties. You're lucky it only goes that far.

    Because...

    Given the current state of the U.S. law -- specifically the DMCA -- it's no longer clear that reverse engineering is legal. Anytime somebody, er, some corporation -- such as printer manufacturer Lexmark -- claims they've built an anti-circumvention device into their product -- you and your students face the possibility of civil and criminal penalties.

    And ...

    Not to mention that in our zeal to "protect" ourselves post 9-11, what may seem to you or your students to be reasonable and even noble acts -- like pointing out software vulnerabilities that hackers or terrorists might use -- may be itself construed as hacking or even terrorism. And prosecuted accordingly.

    Perhaps I'm overstating the legal barriers to innovation and research. I hope I am. But you owe it to yourself, your students, and your institution to hope for the best while preparing for the worst.

    And I'm afraid the way you prepare for the worst in America in 2003 is by getting yourself a lawyer.

    (PS, is it just me, or is Slashdot intermittently very very slow to respond -- that is, is Slashdot being, uh, Slashdotted?)

    --
    Opinions on the Twiddler2 hand-held keyboard?
  2. Here's something to include: by crazyphilman · · Score: 2, Interesting

    A traditional multi-tier enterprise setup:

    Database
    -
    Middleware server
    -
    Intranet web server (inside firewall)
    -
    Firewall (separate machine)
    -
    Web server (DMZ machine)
    -
    Client boxes

    You might want to set up a few common architectures:

    Oracle and SQL Server databases on backend / Windows 2000 middleware / Firewall (hardware? an enterprise special-purpose firewall?) / Windows 2000 web server (Note that this architecture could be duplicated, one set with traditional ASP and COM+, and one with .Net across the board; you might not want to mix them on the same set of servers, because you're interested in vulnerabilities, right? So you might have older ASP/MTS server setups, and newer .Net ones).

    Oracle, MySQL, and PostGresql databases on backend / Linux or FreeBSD based middleware / Linux or FreeBSD based firewall / Linux or FreeBSD based Apache web server (Note that this architecture probably would be java based, so you could use JBoss as your app server, etc)

    Of course, this is just off the top of my head, but my thinking is, if you duplicate what people are actually using out in the world, then you'll learn more about the vulnerabilities and the countermeasures that are out there...

    --
    Farewell! It's been a fine buncha years!
  3. What a great question! by antimith · · Score: 2, Interesting

    I checked out the STEAL lab setup and it sounds incredible, but alot of that stuff seems a tad unnecessary, especially if your talking about less than 20 students.

    My ideal lab would consist of as few specialized systems/peices of equiptment as possible, and a surplus of all purpose, say P4 or equivalent AMD boxes.

    For example, I wouldn't consider a lab such as you're describing without a few cisco routers or network appliances. You may also want some specialized hardware for a specail sun server or Unix box. All in all though, I say keep the majority where it will likely be in the real world, on PC's (let me know if you disagree).

    Now, I'm a particular fan of apps like drive image pro and using drive images liberally. So you may wish to take this with a grain of salt, but I'm all for the practice of maintaining HDD images of different OS's you can switch out on your workstations as the lessons progress. You can have your (perfectly licenced) winXP images, setup, one for each PC, so that Problem XP has won't be an issue. You can do the same with linux and any other operating systems you like.

    The other advantage to this, specifically having several extra machines is that you can have as few or as many servers as you need, to give the effect, perhaps with the help of VMware, of a target network. On the flip side, you could give the students the extra workstations and give them the chance to use multiple attack vectors for specialized attacks.

    Another not-so related idea would be to have a dedicated network trafic recording computer, just for piece of mind that every bit of activity will be recorded if nothing else.

    In closing, I think the key, IMHO, is that you maintain maxiumum flexibility in such a lab, so you can simulate virtually any modern network and thus any relavant environment for studies in the area. I've seen lot's of success with random amenities like a projector and nice large screen. I'll give the STEAL labs that, but alot can be said for good, standard PC's running what your students will likely be using in thier future proffesions. A lab with say, 20 PC's that can, within an hour or two, with one tech, be changed to either

    20 WinXP machines or
    20 RedHat 9 boxes

    Or even a network of:

    1 FreeBSD webserver
    2 RH Routers 1 'internal' XP workstation
    1 'internal target' FreeBSD MySQL server
    15 RH or XP 'attack' workstations

    Is a great thing in my book.

    --
    "Oh... There it goes... my brain stopped" - Ed from Ed, Edd, and Eddy.
  4. Lab Ideas by servicepack158 · · Score: 2, Interesting

    You can use knoppix STD and Phlak Bootable linux distros to keep the machines clean and give the students tools and "hacking" experience. I also recommend Target machines (i.e. windows server(web/email etc), solaris server, linux server, couple windows desktops) and make sure you keep symantec ghost images so you can bring them back to state quickly. Additionally, Firewalls, VPNs, IDS (snort is a good one to learn on). links to stuff: www.phlak.org (pro hacker linux assault kit) www.knoppix.org (cdrom zero foot print linux) www.symantec.com (ghost harddrive image software) www.snort.org (Network intrusion detection)