A Laboratory Based Course on A Laboratory Based Course on Internet SecurityInternet Security
Prabhaker MatetiWright State UniversityDayton, OH 45435
NSF DUE-9951380
SIGCSE2003 Mateti/WrightStateU 2
GoalsGoals
Awareness of Security Issues Teach security improvement
techniquesExplain how exploitable errors
have been made in the development of software.
Raise the level of ethics awarenessBring attention to legal issues
SIGCSE2003 Mateti/WrightStateU 3
Assumptions in the Course Design Assumptions in the Course Design
Beliefs?Lab-oriented?Whole course or Distributed into …Required or Elective?10 weeks or 15?
SIGCSE2003 Mateti/WrightStateU 4
The course needs to be lab-oriented.The course needs to be lab-oriented.
“I hear and I think. I see and I remember. I do and I know.”
-- Confucius
SIGCSE2003 Mateti/WrightStateU 5
Should be a course by itself.Should be a course by itself.
Integrating security concepts into other courses is very difficult.
Easier to propose and implement an entire course that is new.
SIGCSE2003 Mateti/WrightStateU 6
Should be a Required Course.Should be a Required Course.
Security exploits have become way too-common.
Can motivate why Software Development should be a more rigorous discipline.
Many security topics synthesize what is learned in several disparate and un-integrated courses.
SIGCSE2003 Mateti/WrightStateU 7
Can only be an Elective Course.Can only be an Elective Course.
Most BS Degree Requirements are too full of core and required courses.
Required Courses cannot be “downgraded” to Electives.
Cannot even re-work n required courses into m required courses, m < n.
Is it a “discipline” ?
SIGCSE2003 Mateti/WrightStateU 8
Term or Semester CourseTerm or Semester Course
Both must be accommodated: Term = 10, semester = 15 weeks
At WSU …
SIGCSE2003 Mateti/WrightStateU 9
Course LogisticsCourse Logistics
Lectures on topic one per weekLectures on experiment one per
weekLab experiments one per weekFirst week, only lectures. (May be
second week too.)
SIGCSE2003 Mateti/WrightStateU 10
Currently Available MaterialCurrently Available Material
BooksWebsitesCourses elsewhere
SIGCSE2003 Mateti/WrightStateU 11
Books on SecurityBooks on Security
Many books, > 500 Academic text books, in the tens. Garfinkel and Spafford 1996/2003, Practical
UNIX & Internet Security, O'Reilly. Rubin 2001, White-hat Security Arsenal,
Addison Wesley. Stallings 1998, Cryptography and Network
Security, Prentice Hall. Bishop 2003, Computer Security, Addison
Wesley.
SIGCSE2003 Mateti/WrightStateU 12
Amazon.com book search resultsAmazon.com book search results(2003/02/19, 19:00 PST)(2003/02/19, 19:00 PST)
Network security 714Internet security 910Computer security 2673System security 1328Homeland security 45Security 32000
SIGCSE2003 Mateti/WrightStateU 13
Web SitesWeb Sites
“There is an oceanic amount of material on network security available over the Internet.”
-- A Web Page.
How do we define a “Security Web Site”?
1000+ web sites
SIGCSE2003 Mateti/WrightStateU 14
A Few Chosen Security WebsitesA Few Chosen Security Websites
www.incidents.orgwww.cert.orgwww.cerias.purdue.eduwww.securityfocus.comlwn.net/securitywww.microsoft.com/securitywww.phrack.com
SIGCSE2003 Mateti/WrightStateU 15
Courses ElsewhereCourses Elsewhere
Many “commercial” courses. Academic courses:
– Mostly graduate level– Focused on cryptography– Principles and concepts only– Projects, not Lab Experiments– E.g., theory.lcs.mit.edu/~rivest/ crypto-security.html
Thirty-six Centers of Academic Excellence in Information Assurance Education sponsored by NSA www.nsa.gov/isso/programs/nietp/ newspg1.htm
SIGCSE2003 Mateti/WrightStateU 16
What We DevelopedWhat We Developed
About 30 lectures, 75 minutes each. About 25 lab experiments, 2 hours each Security Lab setup details. Collected articles on Ethics and Legal Issues. Past exams, and links to code. A support website, with the above. At WSU, introduced a new course,
CEG 429: Internet Security.
SIGCSE2003 Mateti/WrightStateU 17
Overview of Course ContentsOverview of Course Contents
Depth v BreadthChoice of TopicsDesign of ExperimentsCEG429 week-by-week
SIGCSE2003 Mateti/WrightStateU 18
Depth v BreadthDepth v Breadth
Discuss current security breaches and protection measures breadth.
Conduct experiments knowledgeably depth.
SIGCSE2003 Mateti/WrightStateU 19
““Internet Security”Internet Security”
Trojan Horses, Viruses and Worms Privacy and Authentication TCP/IP exploits Firewalls Cryptography Secure Config of Personal Machines Buffer Overflow and Other Bug Exploitation Writing Bug-free and Secure Software Secure e-Commerce Transactions Ethics and Legal Issues
SIGCSE2003 Mateti/WrightStateU 20
SIGCSE2003 Mateti/WrightStateU 21
Typical Article on our WebsiteTypical Article on our Website
Title Summary Educational Objectives Background Information Pre-Lab and Suggested
Preparation Procedures Appendix A: Acronyms Appendix B: Further
Reading Links Appendix C: Notes to TAs
Procedures– Step 1, 2, …– Achievement Test – Concluding Activities
Demo Witness Report Lab cleanup
– Report on the Experiment
SIGCSE2003 Mateti/WrightStateU 22
Lab Experiments DevelopedLab Experiments Developed
1. Experience serious nuisance.2. Viruses, Worms, and Trojans.3. Boot from power up to login4. System Administration.5. Password Cracking Tools.
SIGCSE2003 Mateti/WrightStateU 23
Lab Experiments DevelopedLab Experiments Developed
6. One-time passwords, and secure shell.
7. Privacy Enhancing Tools.8. Securely configure a Linux PC.9. Fortification of a System.10. Build a hardened kernel.11. Setup a router.12. Install and Run a network sniffer.
SIGCSE2003 Mateti/WrightStateU 24
Lab Experiments DevelopedLab Experiments Developed
13. Hijack an on-going telnet session.14. User authentication and spoofing.15. DNS spoof.16. Download a rootkit and install.17. Install and discover back doors18. White-Hat Security Tools.
SIGCSE2003 Mateti/WrightStateU 25
Lab Experiments DevelopedLab Experiments Developed
19. Buffer Overflow Exploits.20. Packet Filter Firewall.21. Probing For Weaknesses.22. Denial-of-Service Attacks.23. Design Weaknesses of TCP.24. Security Audit.25. IPv6-enabled kernel, and tools.
SIGCSE2003 Mateti/WrightStateU 26
SIGCSE2003 Mateti/WrightStateU 27
EthicsEthics
Sign on to our Ethics Statement The Ethics of Hacking. A discourse by "Dissident"
www.attrition.org/~modify/texts/hacking_texts/hacethic.txt
The Hackers Ethic. The six tenets from Steven Levy, "Heroes of the Computer Revolution". project.cyberpunk.ru/idb/hacker_ethics.html
OSU Ethics Website. www.cgrg.ohio-state.edu/Astrolabe
Codes of Ethics from ACM+IEEE. www.onlineethics.org www.ethics.org
SIGCSE2003 Mateti/WrightStateU 28
Ethics StatementEthics Statement
In this course I am learning network and computer security principles. It is a 10-week long course, with a prerequisite of general understanding of operating systems and computer networks. I realize that this learning is just a beginning.
I assure the instructor, the University, and the world that I am a caring, responsible, and principled person. I will help create a better world. Never will I engage in activity that deprives others in order to benefit from it.
The techniques and links that I am exposed to are for educational purposes only. As a power user of computers and future network or systems administrator, I must be familiar with the tools that may be used to bring a network down. A may engage in a legitimate form of hacking, or more precisely, ethical hacking, as a consultant who performs security audits. This is the driving force in learning the past attack techniques.
I will not directly provide anyone with the tools to create mischief. Nor shall I pass my knowledge to others without verifying that they also subscribe to the principles apparent in this statement.
I will not engage in or condone any form of illegal activity including unauthorized break-ins, cracking, or denial of service attacks.
___________________________ ___________________________________Name of the student Signature and Date
SIGCSE2003 Mateti/WrightStateU 29
Internet Security Lab SetupInternet Security Lab Setup
PCs, NICs, Switches, CablesEach PC with 2 NICsPhysically IsolatablePrivate NetworkLinux-based Firewall-cum-Router
SIGCSE2003 Mateti/WrightStateU 30
OSIS: Operating Systems and OSIS: Operating Systems and Internet Security LabInternet Security Lab
Room 429, Russ Engineering Center, WSU In continuous use since November 1999 26 PCs in the lab for students' use, and one
web server, one router, one file server, and one PC for re-configuration experimentation.
Shared Lab– Operating Systems Courses, CEG 433,434– Distributed Computing Courses, CEG 730,830– Multiple Operating Systems
SIGCSE2003 Mateti/WrightStateU 31
OSIS: Operating Systems andOSIS: Operating Systems andInternet Security LabInternet Security Lab
1999 Lab
– 26 PC s (PIII 450MHz, 128 MB RAM, 13 GB HDD)
– 8 Fast Ethernet Switches
Operating Systems– Caldera Open Linux 2.3– Kernel 2.2.10– Windows NT 4– Windows 98 SR2
2003 Lab
– 26 upgraded PC s (2*PIII 450MHz, 512 MB RAM, 13 GB HDD)
– 8 Fast Ethernet Switches
Operating Systems– Mandrake Linux 8.2/9.0– Linux 2.4.x– Windows XP– Windows 98 SR2
SIGCSE2003 Mateti/WrightStateU 32
OSIS: Operating Systems andOSIS: Operating Systems andInternet Security LabInternet Security Lab
All the PCs are on a private LANOne Fast Ethernet switch for each
a group of 4-6 PCs.Each PC is loaded with
– Linux Mandrake 8.2/9.0– Windows XP – Windows 98.
Boot into one of these via ntldr
SIGCSE2003 Mateti/WrightStateU 33
osis111.cs.wright.eduosis111.cs.wright.edu
All the lab PCs: 192.168.*.* router.osis.cs.wright.edu = 192.168.17.111 osis111.cs.wright.edu = 130.108.17.111 IP Filtering Router Firewall All Internet connections are through the
Firewall IP masquerading
SIGCSE2003 Mateti/WrightStateU 34
Security SoftwareSecurity Software
Secure Shell, PGP, …Firewall KitsTools
– Top 50 Security Tools survey from www.nmap.org– http://www.packetfactory.net– nmap, SAINT, …– tcpdump, ethereal, snort, …– Password cracking– Tcpwrapper
SIGCSE2003 Mateti/WrightStateU 35
Lab MaintenanceLab Maintenance
Individual student logins.Students need to be superusers.Reload OS images periodically.Update packages.Forgotten passwords, etc.Students files are not archived.
SIGCSE2003 Mateti/WrightStateU 36
Cloning the OS ImagesCloning the OS Images
Setup a Golden Client. Several cloning tools exist:
– Symantec Ghost– Open source SystemImager– Open source UDPcast– None of the above deal (well) with multiple file
volumes from multiple OS. Takes about 45 minutes for 26 PCs Individualize Each PC
– Hostname– IP address– Ssh host keys
SIGCSE2003 Mateti/WrightStateU 37
Teaching ExperienceTeaching Experience
Lectures must be updated to keep up with software patched with the latest.
Most students take the course in their (semi-) final term.
Cannot find knowledgeable TAs.
SIGCSE2003 Mateti/WrightStateU 38
Learning ExperienceLearning Experience
Considerable amount of “wow” effect.
“We really learned a lot!”Prerequisite:
– Computer Networking, CEG 402: Wrong?– Operating Systems, CEG 433: Right?
SIGCSE2003 Mateti/WrightStateU 39
Goals AchievedGoals Achieved
Awareness of Security Issues Teach security improvement techniques Explain how exploitable errors have
been made in the development of software.
Raise the level of ethics awareness Bring attention to legal issues Taught Yes, Learned Yes, Believe In it may be.
SIGCSE2003 Mateti/WrightStateU 40
By-Products: Students are …By-Products: Students are …
More at ease with real hardware and real software – not a black box any more.
Amazed at the Open Source movement, but do not understand.
SIGCSE2003 Mateti/WrightStateU 41
If I may urge you …If I may urge you …
Introduce a course like this into your curriculum.
Peer-Review the articles on our web site.
SIGCSE2003 Mateti/WrightStateU 42
LinksLinks
CEG 429 Home Pagewww.cs.wright.edu/~pmateti/Courses/429 [local-link]
OSIS Lab Home Pagewww.cs.wright.edu/~pmateti/OSIS[local-link]
Support Web Sitewww.cs.wright.edu/~pmateti/InternetSecurity/ [local-link]