Slashdot Mirror

← Back to Stories (view on slashdot.org)

Designing a Security Lab?

Posted by Cliff on from the building-a-hackers-playground dept.

RanmaPlex asks: "I've been asked by a university professor to design a network security lab for use by about 15 students. Designing a course was asked earlier, but little info was discussed on equipment. It needs to be vendor independent if possible. I've got ideas on using virtual machines, patches, IDS, firewalls/vpn and sniffers but would like to know what the Slashdot community can come up with."

1 of 33 comments (clear)

  1. The equipment you need has the initials "J.D." by orthogonal · · Score: 3, Interesting

    I've been asked by a university professor to design a network security lab for use by about 15 students... but little info was discussed on equipment. It needs to be vendor independent if possible.

    Your first and most important piece of equipment: a lawyer.

    No, I'm serious. Especially if you and your students will be investigating aspects of network security.

    Given the current mess involving "business process" patents and "Intellectual Property" and stealth/submarine patents, there's no guarantee that what seems obvious to you or your students may not be something somebody else claims as their sole property for the next 20 years. So far, that only opens you to years of litigation and the possibility of crippling penalties. You're lucky it only goes that far.

    Because...

    Given the current state of the U.S. law -- specifically the DMCA -- it's no longer clear that reverse engineering is legal. Anytime somebody, er, some corporation -- such as printer manufacturer Lexmark -- claims they've built an anti-circumvention device into their product -- you and your students face the possibility of civil and criminal penalties.

    And ...

    Not to mention that in our zeal to "protect" ourselves post 9-11, what may seem to you or your students to be reasonable and even noble acts -- like pointing out software vulnerabilities that hackers or terrorists might use -- may be itself construed as hacking or even terrorism. And prosecuted accordingly.

    Perhaps I'm overstating the legal barriers to innovation and research. I hope I am. But you owe it to yourself, your students, and your institution to hope for the best while preparing for the worst.

    And I'm afraid the way you prepare for the worst in America in 2003 is by getting yourself a lawyer.

    (PS, is it just me, or is Slashdot intermittently very very slow to respond -- that is, is Slashdot being, uh, Slashdotted?)

    --
    Opinions on the Twiddler2 hand-held keyboard?