CREATE YOUR OWN EXERCISE 1 Outline Team 1: IPv6 Firewalls Team 2: - - PowerPoint PPT Presentation

create your own exercise
SMART_READER_LITE
LIVE PREVIEW

CREATE YOUR OWN EXERCISE 1 Outline Team 1: IPv6 Firewalls Team 2: - - PowerPoint PPT Presentation

Jan 31, 2024 172 likes •454 views

Wave II: Review January 23 rd 2014 CREATE YOUR OWN EXERCISE 1 Outline Team 1: IPv6 Firewalls Team 2: OpenVPN Team 3: CoDel Team 4: Honeypots 2 Thomas Schultz Aneta Stevanovic IPv6 Firewall Testing 3 Reviewing Highlights

slide-1
SLIDE 1

CREATE YOUR OWN EXERCISE

Wave II: Review – January 23rd 2014

1

slide-2
SLIDE 2

Outline

  • Team 1: IPv6 Firewalls
  • Team 2: OpenVPN
  • Team 3: CoDel
  • Team 4: Honeypots

2

slide-3
SLIDE 3

IPv6 Firewall Testing

Thomas Schultz Aneta Stevanovic

3

slide-4
SLIDE 4

Reviewing Highlights

  • Doing their lab

– Storybased workflow – Entertaining prelab questions

  • Seeing them do our lab

– Weaknesses in the lab instructions – Seeing which prelab parts needed more emphasis for doing the exercise

=> Gain insight into swapped perspectives

4

slide-5
SLIDE 5

Exercise Setup

Server Client/ Attacker

Web-Server port 80 SSH-Server port 22

Firewall Server Server Client ISP

eth0 aaaa::2 eth0 aaaa::1 eth1 bbbb::2 eth1 bbbb::1

mtu=1280

eth0 cccc::1 eth0 cccc::5 eth0 cccc::4

PC2 PC1 PC3 PC5 PC4

slide-6
SLIDE 6

Course of our Lab

  • Ip6tables script
  • Webserver
  • ICMPv6
  • Outgoing Traffic
  • Extension headers
  • Validation

6

slide-7
SLIDE 7

Feedback Highlights

  • Clear how IPv6 has to be treated differently from Ipv4
  • Builds on iptables from ilab1
  • Clearly structured ip6tables skeleton script, no

misunderstandings where the current task should be inserted

  • Attack toolkit tests the functionality of the setup well and

provides feedback on the success of the penetration attempts

7

slide-8
SLIDE 8

Major Points to Improve

  • Add storyline, small linking sections for better flow
  • Investigate fragmentation issue in the lab system
  • Prelab: Improve external references to include more

further readings

  • Summarize security issues in more detail

8

slide-9
SLIDE 9

Virtual Private Networks with OpenVPN in restricted environments

Benjamin Beier and Felix Kuperjans

9

slide-10
SLIDE 10

Reviewing the other team's lab

  • Felt a bit like being kept under surveillance
  • Interesting to see a lab in its early stages
  • Exiciting to run into unforseen problems

10

slide-11
SLIDE 11

Observing the other team doing

  • ur lab
  • Extremely difficult to hold one's tongue
  • Notice problems that you didn't expect
  • Unforseen interpretations of our guidance

11

slide-12
SLIDE 12

The Setup(tm)

HTTP Proxy OpenVPN Server OpenVPN Client B OpenVPN Client A

Private Webserver

  • The Internet
  • Restricted Network
  • Private Network

Public Webserver

eth1/10.1.1.123/24 eth0/172.16.0.123/12 eth0/172.16.0.234/12 eth0/172.16.0.1/12 eth0/172.16.0.2/12 eth1/10.1.1.1/24 eth1/10.2.2.1/24 eth1/10.2.2.2/24 Netgear

slide-13
SLIDE 13

Course of Your Lab

  • Set up the networks
  • Configure the http proxy
  • Configure the webservers
  • Get the basic OpenVPN setup running
  • Circumvent the proxy
  • Further discussion

13

slide-14
SLIDE 14

Highlights of Your Lab

  • Good prelab ↔ lab coverage
  • Interesting real-world examples
  • Clear and precise prelab questions
  • Highly relevant for practical use cases

14

slide-15
SLIDE 15

Major Points to Improve

  • Reordering some questions
  • Add links to the prelab and man pages
  • Be more precise in explanations of complex

topics

  • Add guiding questions to larger tasks

15

slide-16
SLIDE 16

DEFEAT THE LAG

Peter Gawronski and Simon Gabl

slide-17
SLIDE 17

How Did You Like the Reviewing?

  • Just give a short impression about:

– It is very nice to see a short but interesting lab – The expression on the creator's faces when we did something “stupid” is priceless ;) – Tasks take double the time you may think they will

  • do. You underestimate time for reading, research
  • etc. massively when you already know what you

want them to do. – Think of wrong turns the reviewer may take – it should work anyway or be verifiable

17

slide-18
SLIDE 18

Your Setup

18

slide-19
SLIDE 19

Course of Your Lab

  • Give a 2 minute outline of your lab

– Setup of a Bandwidth Throttler (e.g. for real life usage with a “dumb” router) – Try three different queueing mechanisms (the good, the bad and the ugly) – Test their performance in numbers with and watch the buffers bloat – Experience the differences in a real life application: assaultcube, online FPS

19

This pic is huge!!!

slide-20
SLIDE 20

Highlights of Your Lab

  • What did your review team like most?

– The testing part – you really see the massive improvement in both numbers and game experience – The not so strict mood and a little humor in the lab with a storyline about a real life problem and its solution – CoDel was not the only content but a broader

  • verview over topics

20

slide-21
SLIDE 21

Major Points to Improve

  • What are the major points you will improve?

– Questions may seem clear to you but not to someone else, especially look out for instructions which may be misinterpreted – Are you able to do the lab completely with an answer missing or doing it “wrong”? – Maybe add more information to the prelab about tools used – students will have seen it before and can use it easier

21

slide-22
SLIDE 22

Securing networks with Honeypots

Benjamin Braun, Klemens Mang

slide-23
SLIDE 23

How Did You Like the Reviewing?

  • Highlights as reviewer

– The lab looked very complete, sophisticated and with a nice level of difficulty – In some parts of the lab some additional guidance would be appreciated to speed up the progress

  • Highlights as reviewed team

– Students do not read every part of the lab and therefore key information should be particularly highlighted – Students actually do the lab in more complicated way than you would actually expected them to do

23

slide-24
SLIDE 24

Lab Setup

eth0/10.0.2.2/28 eth1/10.0.2.2/28 eth0/10.0.1.254/24 eth0/10.0.1.0/28 (DHCP) eth3/10.0.1.20/24

Ubuntu Honeyd Server Router Attacker

Switch

PC3 PC2 PC1 PC4 PC5 PC6

slide-25
SLIDE 25

Course of Your Lab

  • Install Ubuntu and do the cabling
  • Deploy a basic honeypot configuration for a

particular personality and fake service

  • Explore a pre-defined network topology and

find a specific target host

  • With the help of fingerprints and portscans try

to distinguish the real host from honeypots

  • Do a honeypot log analysis and further

thinking

25

slide-26
SLIDE 26

Highlights of Your Lab

  • The reviewers particularly enjoyed the

interactivity of the honeynet exploration

  • The creativity of the virtual hosts in the

exploration part caught the reviewers’ interest

  • The questions about thinking further were

enjoyed

26

slide-27
SLIDE 27

Major Points to Improve

  • The deployment scripts and the overall lab

should be made more robust

  • The most important instructions should be

highlighted more clearly and references to the PreLab should be made when appropriate

  • Important debugging information should be

provided when appropriate

  • Provide a better storyline and practical
  • utlook

27