Hybrid Network Security (NS) and Crypto Lab Implementationisses.etf.bg.ac.rs/wp-content/uploads/2020/06/Hybrid-NS-and-Crypto … · 1 Introduction This document describes the hybrid

ISSES – Information Security Services Education in Serbia

Supported by the Erasmus+ Capacity Building in the field of Higher Education (CBHE) grant

N° 586474-EPP-1-2017-1-RS-EPPKA2-CBHE-JP

The European Commission support for the production of this publication does not constitute endorsement of the contents which reflects the views only of the authors, and the Commission cannot be held responsible for any use which may be made of the information contained therein.

Hybrid Network Security (NS) and Crypto

Lab Implementation

Version 0.3

Author(s)/Organisation(s):

Zarko Stanisavljevic / UB-ETF

Pavle Vuletic / UB-ETF

Igor Tartalja / UB-ETF

Date of final release:

TBD

Relevant Work Package(s):

WP3 – Lab development: Task 3.6 Hybrid NS and Crypto Lab Implementation (P5)

Short Description:

Hybrid network security and crypto laboratory implementation at UB-ETF (P5) description.

Keywords:

Network Security Laboratory, Crypto Laboratory




2

Revision History:

Revision Date Author(s) Status Description

V0.1 May 05, 2020 Zarko Stanisavljevic Working

draft

First edition

V0.2 May 08, 2020 Pavle Vuletic Working

draft

Second edition

V0.3 May 15, 2020 Zarko Stanisavljevic Working

draft

Third edition

V03.1 May 27th

, 2020 Imre Lendak Working

draft

Text generalizations added the

document will be used as a template for

other reports




3

CONTENTS 1 Introduction ........................................................................................................................................... 4

2 Hybrid NS and crypto lab implementation description ......................................................................... 5

2.1 NS lab implementation .................................................................................................................. 5

2.2 Crypto lab implementation ........................................................................................................... 7

3 Description of environments for the network security laboratory exercises ........................................ 9

3.1 Laboratory configuration 1 ............................................................................................................ 9

3.2 Laboratory configuration 2 .......................................................................................................... 10



4 Description of environment for the crypto laboratory exercises........................................................ 13




4

1 Introduction This document describes the hybrid network security and crypto laboratory implementation at UB-ETF (P5). Section two explains which equipment and software is needed to set up the environment for each laboratory exercise. This is explained for both network security and crypto parts of the laboratory. In the third section four different laboratory environments for performing network security exercises are explained in detail. It also provides a description of the environment for crypto laboratory exercises.




5

2 Laboratory implementation description The Hybrid NS and crypto laboratory implementation at UB-ETF (P5) consists of two separate, but interconnected parts:

Network security (NS) laboratory, which was implemented using laboratory equipment

acquired through the ISSES Erasmus+ CBHE project, equipment available from the home

institution and laboratory software available from the home institution, as stated in the

Network Security Laboratory (NS Lab) design document (available through ISSES web site:

http://isses.etf.bg.ac.rs/wp-content/uploads/2020/03/Network-Security-Laboratory-NS-Lab-

design-UB-ETF-v0.2.pdf) and

Crypto laboratory, which was implemented using laboratory equipment available from the

home institution and laboratory software developed at the home institution.

2.1 NS lab implementation

In order to implement the NS lab, additional equipment had to be acquired and installed and configured according to the NS lab design document, lab equipment list and lab equipment setup.




6

The equipment procured as part of the Information Security Services Education in Serbia (ISSES) Erasmus+ Capacity Building in the field of Higher Education project was installed at the School of Electrical Engineering – University of Belgrade computing centre. The equipment consists of four servers (2 x 14C/28T CPU (Xeon Gold 5120, 2.2GHz), 128GB RAM, 4 x 800GB SSD; Total 56 Threads), one L2/L3 switch and one rack. The equipment was installed as a small virtualized server cluster using VMware virtualization technology. Such setup enables the creation of isolated environments with virtual machines configured for students to connect and work independently in lab environments consisting of sets of dedicated (virtual) machines. For the laboratory connectivity towards the internet and the VPN access for all the students, University of Belgrade – School of Electrical Engineering (UB-ETF) deployed one Mikrotik router as a VPN concentrator.

The following table enlists the laboratory exercises that were implemented as part of the ISSES – Information Security Services Education in Serbia project, supported by the Erasmus+ Capacity Building in the field of Higher Education (CBHE) grant N° 586474-EPP-1-2017-1-RS-EPPKA2-CBHE-JP referencing the NS lab design document. In addition to the table from the NS lab design document columns Implemented and Tools are added. The column “Implemented” describes the specific exercises that were implemented through ISSES for the Advanced Network and System Security course (project task and deliverable 2.6), and the column “Tools” lists the additional software tools needed to be installed in the virtual environment in order for the exercise to be performed.

Area of exercise Specification Implemented Tools

Reconnaissance Packet capture, Wireshark, tcpdump, netstat, nmap , Shodan

Packet and communication session analysis

Wireshark

Computer system and network reconnaissance

nmap, hping3, p0f, FTP

Network attack examples

ARP spoofing, DNS spoofing,…

ARP spoofing Putty, WinSCP, Wireshark, VNC, Firefox, dsniff

DNS spoofing Putty, dsniff, shell, VNC, remmina, dnsmasq, Firefox

WiFi attacks Cracking WEP key Attack on WEP security mechanism

airplay-ng, aircrack-ng

System attack examples

SQL injections, EternalBlue and similar

SQL injection

Custom made vulnerable web applications, Firefox, Burp Suite, Java




7

XSS

Custom made vulnerable web application, Firefox, Node, npm, Java

Network protection

Firewall, IPS, IDS, packet filters (iptables)

IP packet filters Putty, FTP, iptables

Firewall

Putty, Firewall pfsense, Firefox, tcpdump, hping3, netstat

Penetration testing Final exam Vulnerability scanning

Nessus Essentials, Firefox, FTP, WinSCP, ApacheDS, Java

Note: PDF files for all above mentioned laboratory exercises (from column Implemented) are available through the ISSES project’s web site (page: https://isses.etf.bg.ac.rs/advanced-network-and-systems-security-2-6/).

2.2 Crypto lab implementation

In order to implement crypto lab at the UB-ETF the existing equipment available from home institution and the laboratory software developed at the home institution were sufficient.

The equipment consists of two hundred and more desktop PCs (Intel Core i5-2320 @ 3.00GHz, 8GB DDR3 RAM, 500GB SATAIII HDD or similar) and additional network equipment and software for managing them.




8

The following table enlists the laboratory exercises that were implemented.

Area of exercise Specification Implemented Tools

Cryptography algorithms

Symmetric block algorithms DES COALA, Moodle

AES COALA, Moodle

Cryptography algorithms

Public key cryptography RSA COALA, Moodle

Diffie-Hellman key exchange

COALA, Moodle




9

3 Description of environments for the network security laboratory exercises

In order to cover all implemented laboratory exercises from section 1.1 four different laboratory configurations were established. The first virtual laboratory configuration covers the following lab exercises: Computer system and network reconnaissance, ARP spoofing, DNS spoofing, IP packet filters, and Firewall. The second virtual laboratory configuration covers the following lab exercises: SQL injection and XSS. The third laboratory configuration covers lab exercise WEP attack. The fourth virtual laboratory configuration covers lab exercise Vulnerability scanning. The exercise Packet and communication session analysis does not require any special lab configuration and can be performed on any computer.

3.1 Laboratory configuration 1

The first virtual laboratory configuration covers lab exercises: Computer system and network reconnaissance, ARP spoofing, DNS spoofing, IP packet filters, and Firewall. Laboratory environment consists of four virtual machines. Each student has a separate set of virtual machines and dedicated access to them giving full freedom to students to work on the lab exercises but also to experiment and test other tools that are used for cyber security and are not the part of the official lab excersises. Three virtual machines are equipped with Ubuntu Linux and the fourth is equipped with Pfsense firewall. All virtual machines have four virtual network interfaces interconnected as described in the figure below. Such setup enables the configuration of various network topologies and relations between the machines needed for the successful execution of all security mechanisms.

Interface eth0 is for the students’ VPN access to virtual machines.




10

Next set of figures represent a preview (screenshots) of working in this virtual laboratory configuration for the following laboratory exercises: DNS spoofing and Firewall.


The second virtual laboratory configuration covers lab exercises: SQL injection and XSS. The laboratory environment consists of one virtual machine equipped with Ubuntu Linux. Similarly to the previous configuration, the virtual machine’s eth0 interface is used for VPN access. Additionally, the




11

virtual machine is hosting different custom made vulnerable web applications (acting as application and database servers), while students can access the applications from their browsers using a VPN connection.

The next several figures represent a preview (screenshots) of working in this virtual laboratory configuration for the following laboratory exercises: SQL injection and XSS.


The third laboratory configuration covers the lab exercise entitled “WEP attack”. The laboratory environment consists of a WiFi access point Linksys WRT54G and two Raspberry Pi Model 3 devices as shown in the following figure. One of these devices acts as an attacker who is trying to break into the WEP protected WiFi network setup on the access point and the other Raspberry Pi is acting as a regular user.




12

The next figure represents a screenshot of the WiFiCracking procedure set up in this laboratory configuration.


The fourth virtual laboratory configuration covers lab exercises related to Vulnerability scanning. The laboratory environment consists of two virtual machines, equipped with Ubuntu Linux. The virtual machines are connected similarly as in the virtual laboratory configuration 1. One machine is used to install the Nessus Essentials vulnerability scanner and the other to run different services that can be scanned for vulnerabilities. Note that current version of Nessus Essentials scanner recommends 8GB of RAM and also uses significant disk space when running.

The next figure represents a preview (screenshot) of working in this virtual laboratory configuration.




13

4 Description of environment for the crypto laboratory exercises

As stated in section 1.2 no specific hardware environment was needed in order to cover all implemented laboratory exercises, only specific software system. The laboratory software that was used was developed at the home institution. Additionally, Moodle LMS was used as the environment for guiding students through exercise and also for testing their knowledge. The same software system was used for all laboratory exercises: DES, AES, RSA, and Diffie-Hellman.

Next several figures represent a preview (screenshots) of working in laboratory environment for the AES and RSA laboratory exercises.




14

Documents

Hybrid Network Security (NS) and Crypto Lab Implementationisses.etf.bg.ac.rs/wp-content/uploads/2020/06/Hybrid-NS-and-Crypto … · 1 Introduction This document describes the hybrid