Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
ISSES – Information Security Services Education in Serbia
Supported by the Erasmus+ Capacity Building in the field of Higher Education (CBHE) grant
N° 586474-EPP-1-2017-1-RS-EPPKA2-CBHE-JP
The European Commission support for the production of this publication does not constitute endorsement of the contents which reflects the views only of the authors, and the Commission cannot be held responsible for any use which may be made of the information contained therein.
Hybrid Network Security (NS) and Crypto
Lab Implementation
Version 0.3
Author(s)/Organisation(s):
Zarko Stanisavljevic / UB-ETF
Pavle Vuletic / UB-ETF
Igor Tartalja / UB-ETF
Date of final release:
TBD
Relevant Work Package(s):
WP3 – Lab development: Task 3.6 Hybrid NS and Crypto Lab Implementation (P5)
Short Description:
Hybrid network security and crypto laboratory implementation at UB-ETF (P5) description.
Keywords:
Network Security Laboratory, Crypto Laboratory
ISSES – Information Security Services Education in Serbia
Supported by the Erasmus+ Capacity Building in the field of Higher Education (CBHE) grant
N° 586474-EPP-1-2017-1-RS-EPPKA2-CBHE-JP
2
Revision History:
Revision Date Author(s) Status Description
V0.1 May 05, 2020 Zarko Stanisavljevic Working
draft
First edition
V0.2 May 08, 2020 Pavle Vuletic Working
draft
Second edition
V0.3 May 15, 2020 Zarko Stanisavljevic Working
draft
Third edition
V03.1 May 27th
, 2020 Imre Lendak Working
draft
Text generalizations added the
document will be used as a template for
other reports
ISSES – Information Security Services Education in Serbia
Supported by the Erasmus+ Capacity Building in the field of Higher Education (CBHE) grant
N° 586474-EPP-1-2017-1-RS-EPPKA2-CBHE-JP
3
CONTENTS 1 Introduction ........................................................................................................................................... 4
2 Hybrid NS and crypto lab implementation description ......................................................................... 5
2.1 NS lab implementation .................................................................................................................. 5
2.2 Crypto lab implementation ........................................................................................................... 7
3 Description of environments for the network security laboratory exercises ........................................ 9
3.1 Laboratory configuration 1 ............................................................................................................ 9
3.2 Laboratory configuration 2 .......................................................................................................... 10
3.3 Laboratory configuration 3 .......................................................................................................... 11
3.4 Laboratory configuration 4 .......................................................................................................... 12
4 Description of environment for the crypto laboratory exercises........................................................ 13
ISSES – Information Security Services Education in Serbia
Supported by the Erasmus+ Capacity Building in the field of Higher Education (CBHE) grant
N° 586474-EPP-1-2017-1-RS-EPPKA2-CBHE-JP
4
1 Introduction This document describes the hybrid network security and crypto laboratory implementation at UB-ETF (P5). Section two explains which equipment and software is needed to set up the environment for each laboratory exercise. This is explained for both network security and crypto parts of the laboratory. In the third section four different laboratory environments for performing network security exercises are explained in detail. It also provides a description of the environment for crypto laboratory exercises.
ISSES – Information Security Services Education in Serbia
Supported by the Erasmus+ Capacity Building in the field of Higher Education (CBHE) grant
N° 586474-EPP-1-2017-1-RS-EPPKA2-CBHE-JP
5
2 Laboratory implementation description The Hybrid NS and crypto laboratory implementation at UB-ETF (P5) consists of two separate, but interconnected parts:
Network security (NS) laboratory, which was implemented using laboratory equipment
acquired through the ISSES Erasmus+ CBHE project, equipment available from the home
institution and laboratory software available from the home institution, as stated in the
Network Security Laboratory (NS Lab) design document (available through ISSES web site:
http://isses.etf.bg.ac.rs/wp-content/uploads/2020/03/Network-Security-Laboratory-NS-Lab-
design-UB-ETF-v0.2.pdf) and
Crypto laboratory, which was implemented using laboratory equipment available from the
home institution and laboratory software developed at the home institution.
2.1 NS lab implementation
In order to implement the NS lab, additional equipment had to be acquired and installed and configured according to the NS lab design document, lab equipment list and lab equipment setup.
ISSES – Information Security Services Education in Serbia
Supported by the Erasmus+ Capacity Building in the field of Higher Education (CBHE) grant
N° 586474-EPP-1-2017-1-RS-EPPKA2-CBHE-JP
6
The equipment procured as part of the Information Security Services Education in Serbia (ISSES) Erasmus+ Capacity Building in the field of Higher Education project was installed at the School of Electrical Engineering – University of Belgrade computing centre. The equipment consists of four servers (2 x 14C/28T CPU (Xeon Gold 5120, 2.2GHz), 128GB RAM, 4 x 800GB SSD; Total 56 Threads), one L2/L3 switch and one rack. The equipment was installed as a small virtualized server cluster using VMware virtualization technology. Such setup enables the creation of isolated environments with virtual machines configured for students to connect and work independently in lab environments consisting of sets of dedicated (virtual) machines. For the laboratory connectivity towards the internet and the VPN access for all the students, University of Belgrade – School of Electrical Engineering (UB-ETF) deployed one Mikrotik router as a VPN concentrator.
The following table enlists the laboratory exercises that were implemented as part of the ISSES – Information Security Services Education in Serbia project, supported by the Erasmus+ Capacity Building in the field of Higher Education (CBHE) grant N° 586474-EPP-1-2017-1-RS-EPPKA2-CBHE-JP referencing the NS lab design document. In addition to the table from the NS lab design document columns Implemented and Tools are added. The column “Implemented” describes the specific exercises that were implemented through ISSES for the Advanced Network and System Security course (project task and deliverable 2.6), and the column “Tools” lists the additional software tools needed to be installed in the virtual environment in order for the exercise to be performed.
Area of exercise Specification Implemented Tools
Reconnaissance Packet capture, Wireshark, tcpdump, netstat, nmap , Shodan
Packet and communication session analysis
Wireshark
Computer system and network reconnaissance
nmap, hping3, p0f, FTP
Network attack examples
ARP spoofing, DNS spoofing,…
ARP spoofing Putty, WinSCP, Wireshark, VNC, Firefox, dsniff
DNS spoofing Putty, dsniff, shell, VNC, remmina, dnsmasq, Firefox
WiFi attacks Cracking WEP key Attack on WEP security mechanism
airplay-ng, aircrack-ng
System attack examples
SQL injections, EternalBlue and similar
SQL injection
Custom made vulnerable web applications, Firefox, Burp Suite, Java
ISSES – Information Security Services Education in Serbia
Supported by the Erasmus+ Capacity Building in the field of Higher Education (CBHE) grant
N° 586474-EPP-1-2017-1-RS-EPPKA2-CBHE-JP
7
XSS
Custom made vulnerable web application, Firefox, Node, npm, Java
Network protection
Firewall, IPS, IDS, packet filters (iptables)
IP packet filters Putty, FTP, iptables
Firewall
Putty, Firewall pfsense, Firefox, tcpdump, hping3, netstat
Penetration testing Final exam Vulnerability scanning
Nessus Essentials, Firefox, FTP, WinSCP, ApacheDS, Java
Note: PDF files for all above mentioned laboratory exercises (from column Implemented) are available through the ISSES project’s web site (page: https://isses.etf.bg.ac.rs/advanced-network-and-systems-security-2-6/).
2.2 Crypto lab implementation
In order to implement crypto lab at the UB-ETF the existing equipment available from home institution and the laboratory software developed at the home institution were sufficient.
The equipment consists of two hundred and more desktop PCs (Intel Core i5-2320 @ 3.00GHz, 8GB DDR3 RAM, 500GB SATAIII HDD or similar) and additional network equipment and software for managing them.
ISSES – Information Security Services Education in Serbia
Supported by the Erasmus+ Capacity Building in the field of Higher Education (CBHE) grant
N° 586474-EPP-1-2017-1-RS-EPPKA2-CBHE-JP
8
The following table enlists the laboratory exercises that were implemented.
Area of exercise Specification Implemented Tools
Cryptography algorithms
Symmetric block algorithms DES COALA, Moodle
AES COALA, Moodle
Cryptography algorithms
Public key cryptography RSA COALA, Moodle
Diffie-Hellman key exchange
COALA, Moodle
ISSES – Information Security Services Education in Serbia
Supported by the Erasmus+ Capacity Building in the field of Higher Education (CBHE) grant
N° 586474-EPP-1-2017-1-RS-EPPKA2-CBHE-JP
9
3 Description of environments for the network security laboratory exercises
In order to cover all implemented laboratory exercises from section 1.1 four different laboratory configurations were established. The first virtual laboratory configuration covers the following lab exercises: Computer system and network reconnaissance, ARP spoofing, DNS spoofing, IP packet filters, and Firewall. The second virtual laboratory configuration covers the following lab exercises: SQL injection and XSS. The third laboratory configuration covers lab exercise WEP attack. The fourth virtual laboratory configuration covers lab exercise Vulnerability scanning. The exercise Packet and communication session analysis does not require any special lab configuration and can be performed on any computer.
3.1 Laboratory configuration 1
The first virtual laboratory configuration covers lab exercises: Computer system and network reconnaissance, ARP spoofing, DNS spoofing, IP packet filters, and Firewall. Laboratory environment consists of four virtual machines. Each student has a separate set of virtual machines and dedicated access to them giving full freedom to students to work on the lab exercises but also to experiment and test other tools that are used for cyber security and are not the part of the official lab excersises. Three virtual machines are equipped with Ubuntu Linux and the fourth is equipped with Pfsense firewall. All virtual machines have four virtual network interfaces interconnected as described in the figure below. Such setup enables the configuration of various network topologies and relations between the machines needed for the successful execution of all security mechanisms.
Interface eth0 is for the students’ VPN access to virtual machines.
ISSES – Information Security Services Education in Serbia
Supported by the Erasmus+ Capacity Building in the field of Higher Education (CBHE) grant
N° 586474-EPP-1-2017-1-RS-EPPKA2-CBHE-JP
10
Next set of figures represent a preview (screenshots) of working in this virtual laboratory configuration for the following laboratory exercises: DNS spoofing and Firewall.
3.2 Laboratory configuration 2
The second virtual laboratory configuration covers lab exercises: SQL injection and XSS. The laboratory environment consists of one virtual machine equipped with Ubuntu Linux. Similarly to the previous configuration, the virtual machine’s eth0 interface is used for VPN access. Additionally, the
ISSES – Information Security Services Education in Serbia
Supported by the Erasmus+ Capacity Building in the field of Higher Education (CBHE) grant
N° 586474-EPP-1-2017-1-RS-EPPKA2-CBHE-JP
11
virtual machine is hosting different custom made vulnerable web applications (acting as application and database servers), while students can access the applications from their browsers using a VPN connection.
The next several figures represent a preview (screenshots) of working in this virtual laboratory configuration for the following laboratory exercises: SQL injection and XSS.
3.3 Laboratory configuration 3
The third laboratory configuration covers the lab exercise entitled “WEP attack”. The laboratory environment consists of a WiFi access point Linksys WRT54G and two Raspberry Pi Model 3 devices as shown in the following figure. One of these devices acts as an attacker who is trying to break into the WEP protected WiFi network setup on the access point and the other Raspberry Pi is acting as a regular user.
ISSES – Information Security Services Education in Serbia
Supported by the Erasmus+ Capacity Building in the field of Higher Education (CBHE) grant
N° 586474-EPP-1-2017-1-RS-EPPKA2-CBHE-JP
12
The next figure represents a screenshot of the WiFiCracking procedure set up in this laboratory configuration.
3.4 Laboratory configuration 4
The fourth virtual laboratory configuration covers lab exercises related to Vulnerability scanning. The laboratory environment consists of two virtual machines, equipped with Ubuntu Linux. The virtual machines are connected similarly as in the virtual laboratory configuration 1. One machine is used to install the Nessus Essentials vulnerability scanner and the other to run different services that can be scanned for vulnerabilities. Note that current version of Nessus Essentials scanner recommends 8GB of RAM and also uses significant disk space when running.
The next figure represents a preview (screenshot) of working in this virtual laboratory configuration.
ISSES – Information Security Services Education in Serbia
Supported by the Erasmus+ Capacity Building in the field of Higher Education (CBHE) grant
N° 586474-EPP-1-2017-1-RS-EPPKA2-CBHE-JP
13
4 Description of environment for the crypto laboratory exercises
As stated in section 1.2 no specific hardware environment was needed in order to cover all implemented laboratory exercises, only specific software system. The laboratory software that was used was developed at the home institution. Additionally, Moodle LMS was used as the environment for guiding students through exercise and also for testing their knowledge. The same software system was used for all laboratory exercises: DES, AES, RSA, and Diffie-Hellman.
Next several figures represent a preview (screenshots) of working in laboratory environment for the AES and RSA laboratory exercises.