Computer Security CurriculumComputer Security Curriculum

at theat the

Univ. of Wisconsin Univ. of Wisconsin –– Eau Claire Eau Claire

Paul J. WagnerPaul J. Wagner

wagnerpj@uwec.eduwagnerpj@uwec.edu

BackgroundBackground

!! Attended week-long workshop at Indiana University ofAttended week-long workshop at Indiana University of

Pennsylvania in 2002 with colleague Andy PhillipsPennsylvania in 2002 with colleague Andy Phillips

!! Generated NSF Course, Curriculum and LaboratoryGenerated NSF Course, Curriculum and Laboratory

Improvement (CCLI) Adaptation and ImplementationImprovement (CCLI) Adaptation and Implementation

(A&I) proposal to develop a computer security lab, two(A&I) proposal to develop a computer security lab, two

courses (Computer Security, Cryptography/Networkcourses (Computer Security, Cryptography/Network

Security), and security modules to be used in other coursesSecurity), and security modules to be used in other courses

!! Proposal was approved, grant funded 2003-2005Proposal was approved, grant funded 2003-2005

!! Results:Results:

!! 8-station Windows/Linux security lab created8-station Windows/Linux security lab created

!! Both courses developedBoth courses developed

!! Approximately 10 modules developed for use in CS1, CS2,Approximately 10 modules developed for use in CS1, CS2,

Architecture, Software Engineering, Database Systems, etc. classesArchitecture, Software Engineering, Database Systems, etc. classes

Computer Security Course - OverviewComputer Security Course - Overview

!! CourseCourse

!! Computer Security (CS 370)Computer Security (CS 370)

!! Prerequisite Prerequisite –– Data Structures (CS 265) Data Structures (CS 265)

!! Goals for courseGoals for course

!! Develop understanding and background in:Develop understanding and background in:

"" Concepts / PrinciplesConcepts / Principles

"" ToolsTools

"" EthicsEthics

!! Approach from perspective of security professionalApproach from perspective of security professional

!! Learn as defenders of computer systems and networksLearn as defenders of computer systems and networks

!! Look at what attackers do to understand their mindset andLook at what attackers do to understand their mindset and

methodsmethods

!! Systems approach in an enterprise environmentSystems approach in an enterprise environment

!! Students sign an agreement that stresses ethical issues andStudents sign an agreement that stresses ethical issues and

behavior, limits their use of tools to scope of coursebehavior, limits their use of tools to scope of course

Computer Security Course Computer Security Course –– Overview (2) Overview (2)

!! TopicsTopics

!! Introduction, Central Principles/Concepts, Risk Analysis, PoliciesIntroduction, Central Principles/Concepts, Risk Analysis, Policies

!! Ethical/Privacy/Legal Issues, Social Engineering; System Mgmt.Ethical/Privacy/Legal Issues, Social Engineering; System Mgmt.

!! Networking Basics, Network Hardware and ConceptsNetworking Basics, Network Hardware and Concepts

!! Firewall Configuration, Collecting InformationFirewall Configuration, Collecting Information

!! Packet Sniffing, Port ScanningPacket Sniffing, Port Scanning

!! Passwords/Cracking, Cryptography BasicsPasswords/Cracking, Cryptography Basics

!! Secure Application Development, Vulnerability AnalysisSecure Application Development, Vulnerability Analysis

!! Types of Attacks, Malware, Access ControlTypes of Attacks, Malware, Access Control

!! System HardeningSystem Hardening

!! System Logs, Intrusion Detection and Prevention SystemsSystem Logs, Intrusion Detection and Prevention Systems

!! Disaster Recovery/Forensics, Physical Security, Email SecurityDisaster Recovery/Forensics, Physical Security, Email Security

!! Operating System /Web / Database System SecurityOperating System /Web / Database System Security

!! Cyberwar Lab ExerciseCyberwar Lab Exercise

!! Presentations on Current Security IssuesPresentations on Current Security Issues

Computer Security Course - ContentComputer Security Course - Content

!! Weekly Written ExercisesWeekly Written Exercises

!! PoliciesPolicies

!! Ethics, Social EngineeringEthics, Social Engineering

!! Weekly Laboratory ExercisesWeekly Laboratory Exercises

!! Information Gathering Tools (general OS tools, Sam Spade)Information Gathering Tools (general OS tools, Sam Spade)

!! Packet Sniffing (ethereal/wireshark)Packet Sniffing (ethereal/wireshark)

!! Port Scanning (nmap/SuperScan 4)Port Scanning (nmap/SuperScan 4)

!! Password Security/Analysis (john the ripper, SamInside)Password Security/Analysis (john the ripper, SamInside)

!! Vulnerability Assessment (nessus, Nessus for Windows)Vulnerability Assessment (nessus, Nessus for Windows)

!! System Hardening (bastille, tripwire, MS Baseline Sec. Analyzr.)System Hardening (bastille, tripwire, MS Baseline Sec. Analyzr.)

!! Intrusion Detection (snort)Intrusion Detection (snort)

!! Programming Assignments (Java)Programming Assignments (Java)

!! Cryptography with Java Cryptography Extensions (JCE)Cryptography with Java Cryptography Extensions (JCE)

!! Secure Communication with SSL / Java Secure Socket Ext. (JSSE)Secure Communication with SSL / Java Secure Socket Ext. (JSSE)

Changes Based on UMSSIA 2007Changes Based on UMSSIA 2007

!! No new sections / topics / modules, butNo new sections / topics / modules, but……

!! Significantly expanded content in many listed modulesSignificantly expanded content in many listed modules

based on UMSSIA contentbased on UMSSIA content

!! Lab exercises modified / being further modified to use someLab exercises modified / being further modified to use some

material gained from UMSSIA 2007 labs; e.g.material gained from UMSSIA 2007 labs; e.g.

!! OWASP.orgOWASP.org

!! pfSense open source firewallpfSense open source firewall

Computer Security Course Computer Security Course ––

Final Cybersecurity ExerciseFinal Cybersecurity Exercise

!! GoalsGoals

!! Real-World ProjectReal-World Project

!! Team-BasedTeam-Based

!! Focus on Defense in a Realistic EnvironmentFocus on Defense in a Realistic Environment

"" Defense Defense –– understand what needs to be done and how to accomplish it understand what needs to be done and how to accomplish it

"" Attack Attack –– to experience the mindset and techniques of the attacker to experience the mindset and techniques of the attacker

!! Gain Experience in:Gain Experience in:

"" Technological security Technological security –– with tools used in weekly labs with tools used in weekly labs

"" Physical securityPhysical security

"" Social securitySocial security

The Cyberwar Exercise (2)The Cyberwar Exercise (2)

!! Exercise StructureExercise Structure

!! Pre-labPre-lab

"" Set up heterogeneous isolated networkSet up heterogeneous isolated network

"" Group students into teamsGroup students into teams

"" Teams discover exact environment (shortly before exercise starts)Teams discover exact environment (shortly before exercise starts)

!! Defense PeriodDefense Period

"" Teams secure Linux and Windows systems within constraints ofTeams secure Linux and Windows systems within constraints of

exerciseexercise

•• No major upgrades of OS allowedNo major upgrades of OS allowed

"" Must keep certain services available; e.g. ssh, http, file share, 3Must keep certain services available; e.g. ssh, http, file share, 3rdrd

party applicationparty application

"" 24 hours24 hours

The Cyberwar Exercise (3)The Cyberwar Exercise (3)

!! Exercise Structure (cont.)Exercise Structure (cont.)

!! Attack periodAttack period

"" Teams footprint network, other team systems, Teams footprint network, other team systems, ““baitbait”” systems systems

"" Teams attempt to plant flag on as many systems on network as possibleTeams attempt to plant flag on as many systems on network as possible

"" Defense continues (adjustments, further work)Defense continues (adjustments, further work)

"" Systems Staff attempt seven attacks against student systems usingSystems Staff attempt seven attacks against student systems using

MetasploitMetasploit

"" Points given for keeping services up, footprinting, exploits,Points given for keeping services up, footprinting, exploits,

documentationdocumentation

"" 24 hours24 hours

!! Report/Evaluation/DiscussionReport/Evaluation/Discussion

"" Student teams keep log on patches, defensive steps, attack techniques,Student teams keep log on patches, defensive steps, attack techniques,

tools used, issues, problemstools used, issues, problems

•• Useful to the students and the instructorUseful to the students and the instructor

"" Whole class discussion after exercise completedWhole class discussion after exercise completed

Original Laboratory SetupOriginal Laboratory Setup

!! Physical StructurePhysical Structure

!! 8 physical host machines (Windows XP)8 physical host machines (Windows XP)

"" Can be used for general purpose work by other students, as networkCan be used for general purpose work by other students, as network

is connected / switchedis connected / switched

!! Each host machine has two VMWare client imagesEach host machine has two VMWare client images

"" Fedora Core 4 (Linux)Fedora Core 4 (Linux)

"" Windows Server 2003 (Windows)Windows Server 2003 (Windows)

!! Client images run using VMWare Player (free)Client images run using VMWare Player (free)

!! Students given root/administrator access on each client systemStudents given root/administrator access on each client system

!! Other VMWare images added to network as Other VMWare images added to network as ““baitbait”” systems for systems for

explorationexploration

"" Run on VMWare ServerRun on VMWare Server

Original Laboratory Setup (2)Original Laboratory Setup (2)

!! Cybersecurity ExerciseCybersecurity Exercise

!! Same lab, except:Same lab, except:

"" Switch flooded to create hub-like environmentSwitch flooded to create hub-like environment

"" Lab network isolated from campus networkLab network isolated from campus network

"" More bait machines addedMore bait machines added

Laboratory Laboratory –– Original (Now Using VMWare) Original (Now Using VMWare)

Laboratory Evolution 2008-onLaboratory Evolution 2008-on

!! Laboratory was only used for Computer Security eachLaboratory was only used for Computer Security each

spring semesterspring semester

!! Dedicated usage (off-limits to other students) only for 3-day periodDedicated usage (off-limits to other students) only for 3-day period

around Cybersecurity exercisearound Cybersecurity exercise

!! VMWare images have been made available in all three labsVMWare images have been made available in all three labs

!! Work not limited to our Security labWork not limited to our Security lab

!! Space shortage in our Science buildingSpace shortage in our Science building

!! Expansion of materials science / nanotechnology staff, othersExpansion of materials science / nanotechnology staff, others

!! All of above factors have lead to reassignment of our labAll of above factors have lead to reassignment of our lab

starting 2008-2009 school yearstarting 2008-2009 school year

!! Changes necessaryChanges necessary……..

Laboratory Evolution 2008-on (2)Laboratory Evolution 2008-on (2)

!! Regular laboratory exercises will be done in other twoRegular laboratory exercises will be done in other two

computer science labscomputer science labs

!! Cybersecurity exercise options:Cybersecurity exercise options:

!! In one of these labsIn one of these labs

!! In another room, using portable laboratory/workshop technologyIn another room, using portable laboratory/workshop technology

that wethat we’’ve developedve developed

"" Developed portable computer security workshop based onDeveloped portable computer security workshop based on

supplemental NSF CCLI grantsupplemental NSF CCLI grant

•• Offered at SIGCSE 2005, 2006, 2007; again in 2009?Offered at SIGCSE 2005, 2006, 2007; again in 2009?

"" Used laptops, cabled network, switch, VMWare, customUsed laptops, cabled network, switch, VMWare, custom

scripts and programs to quickly distribute images to networkscripts and programs to quickly distribute images to network

systems, execute commands on any participating systemsystems, execute commands on any participating system

"" CCLI phase 2 proposal submitted to further develop thisCCLI phase 2 proposal submitted to further develop this

portable laboratory system in general; wireless, useportable laboratory system in general; wireless, use

participant laptops by bringing in our virtual system fromparticipant laptops by bringing in our virtual system from

portable storage.portable storage.

Cryptography / Network Security CourseCryptography / Network Security Course

!! Content (Selected Topics)Content (Selected Topics)

!! Network BasicsNetwork Basics

!! Historical Substitution and Transposition CiphersHistorical Substitution and Transposition Ciphers

!! Mathematical Background for CryptographyMathematical Background for Cryptography

!! Feistel Networks, Symmetric Key Systems (DES, AES, TripleFeistel Networks, Symmetric Key Systems (DES, AES, Triple

DES, Blowfish, etc.)DES, Blowfish, etc.)

!! Pseudo-random and random number generationPseudo-random and random number generation

!! Public Key Cryptography and Key Exchange (RSA, Diffie-Public Key Cryptography and Key Exchange (RSA, Diffie-

Hellman, Elliptic Curve systems)Hellman, Elliptic Curve systems)

!! Secure (and not so secure) Hashing (MD4, MD5, SHA1, etc.)Secure (and not so secure) Hashing (MD4, MD5, SHA1, etc.)

!! Digital SignaturesDigital Signatures

!! Network security (Kerberos, X-509 Certificates)Network security (Kerberos, X-509 Certificates)

!! Email SecurityEmail Security

Security Course ModulesSecurity Course Modules

!! ExamplesExamples

!! RSA Implementation (CS1 (Java), Scientific Computing (Maple))RSA Implementation (CS1 (Java), Scientific Computing (Maple))

!! RC4 Implementation (Scientific Computing (Maple))RC4 Implementation (Scientific Computing (Maple))

!! SDES Implementation (Scientific Computing (Maple))SDES Implementation (Scientific Computing (Maple))

!! Steganography (CS1 (Java))Steganography (CS1 (Java))

!! Spam Filter (CS1 (Java))Spam Filter (CS1 (Java))

!! Database Security (Database Systems)Database Security (Database Systems)

!! Buffer Overflows (Computer Architecture)Buffer Overflows (Computer Architecture)

Acknowledgements / More InformationAcknowledgements / More Information

!! Our systems and networking staffOur systems and networking staff

!! Very difficult and time-consuming to do this without them!Very difficult and time-consuming to do this without them!

!! Dr. Andrew Phillips, UW-ECDr. Andrew Phillips, UW-EC

!! Co-PI on our NSF CCLI A&I GrantCo-PI on our NSF CCLI A&I Grant

!! CLICS CLICS –– a Computational Laboratory for Information and a Computational Laboratory for Information and

Computer SecurityComputer Security

!! Development of Physical Lab, Courses, and ModulesDevelopment of Physical Lab, Courses, and Modules

!! Supplemental Grant: Develop 2 3-hour hands-on computerSupplemental Grant: Develop 2 3-hour hands-on computer

security workshops (condensed version of labs/cybersecurity)security workshops (condensed version of labs/cybersecurity)

"" Given at SIGCSE 2005, 2006, 2007Given at SIGCSE 2005, 2006, 2007

!! More information: More information: http://clics.cs.uwec.eduhttp://clics.cs.uwec.edu

!! Supported by NSF Grant, DUE 0309818Supported by NSF Grant, DUE 0309818