Motivation Environment Labs Future Work Summary A Simple Laboratory Environment for Real-World Offensive Security Education Maxim Timchenko David Starobinski Electrical and Computer Engineering Department Boston University SIGCSE’15, March 7, 2015 A Simple Laboratory Environment for Real-World Offensive Security Education 1 / 23
30
Embed
A Simple Laboratory Environment for Real World Offensive Security Education
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Motivation Environment Labs Future Work Summary
A Simple Laboratory Environmentfor Real-World Offensive Security Education
Maxim Timchenko David Starobinski
Electrical and Computer Engineering DepartmentBoston University
SIGCSE’15, March 7, 2015
A Simple Laboratory Environment for Real-World Offensive Security Education 1 / 23
Motivation Environment Labs Future Work Summary
Outline
1. Motivation / Goals
2. Environment
3. Labs
4. Future Work
A Simple Laboratory Environment for Real-World Offensive Security Education 2 / 23
Motivation Environment Labs Future Work Summary
Goals for a Laboratory Environment
Must Have• Security
• Separation
Stretch Goals
• Redundancy
• Persistence
Simple
• Simple to install and use
• Reuse available parts
• This is an introductory course
A Simple Laboratory Environment for Real-World Offensive Security Education 3 / 23
Motivation Environment Labs Future Work Summary
“Real-world” and “Offensive”
• Practice topics using tools common within the industry
• Discuss actual exploits, demonstrate issues vividly• Metasploit modules• Social engineering
• Cover current events (e.g. 2014: Shellshock, Heartbleed)
• Attacker mindset vs. developer mindset
A Simple Laboratory Environment for Real-World Offensive Security Education 4 / 23
Motivation Environment Labs Future Work Summary
Environments
Local isolated network containing actual hardware
• Expensive
• Limited flexibility
• Limited sharing
Photo: Leonardo Rizzi, Flickr, Creative Commons
A Simple Laboratory Environment for Real-World Offensive Security Education 5 / 23
Motivation Environment Labs Future Work Summary
Environment Virtualization
Centralized On Premises
• Set-up and maintenance
• Limited scaling
• Example: Tele-Lab [10]
A Simple Laboratory Environment for Real-World Offensive Security Education 6 / 23
Motivation Environment Labs Future Work Summary
Environment Virtualization
Cloud
• More complex architecture
• Expensive scaling
• Potentially, worst responsiveness(traffic and delay)
• Example: Salah [6] on AWS
• Yesterday: Weiss et al. - EDUrange
A Simple Laboratory Environment for Real-World Offensive Security Education 6 / 23
Motivation Environment Labs Future Work Summary
Environment Virtualization
Local
• Easy set-up
• No scaling issues
• Best responsiveness
• Example: SEED [2] onVMWare/VirtualBox
A Simple Laboratory Environment for Real-World Offensive Security Education 6 / 23
Motivation Environment Labs Future Work Summary
Detailed Environment Architecture
Lab Workstation
“Attacker”Kali Linux VM
“Target”Metasploitable VM
“Zombie”FreeBSD 6 VM
BU Intranet, Internet gateway
File Server for VM Images
A Simple Laboratory Environment for Real-World Offensive Security Education 7 / 23
Motivation Environment Labs Future Work Summary
VM Image Sets
Lab Workstation
File Server for VM Images
Carol
Bob
Alice
Local non-persistent environmentReference Image
Persistent Student Environments
A Simple Laboratory Environment for Real-World Offensive Security Education 8 / 23