CS530L lab component of lab component of CS530L Security - - PDF document

1

CS530L CS530L – – lab component of lab component of Security Systems course Security Systems course

August 28, 2020

Correlation Correlation lab component << >> main course lab component << >> main course

loosely coupled contributes to course grade

– directly: via grading of individual labs – indirectly: subject matter may appear in exams

cumulative lab results are reported to

Professor Neuman who considers them in determining course grade

2

Lab sessions per week Lab sessions per week

a 50-minute lab lecture

– Friday 4:30 pm, via Webex – addresses the theory that the exercise demonstrates – explains the exercise procedurally

a lab exercise

– performed hands on – conducted on a VirtualBox virtual machine (VM) – each exercise on a particular VM – per specific instructions

Lab exercise weekly topics Lab exercise weekly topics

Cryptography/key mgmt Authentication Authorization Application security Packet sniffing Firewalls Intrusion detection ARP spoofing Tunnels & VPNs Filesystem labeling

subject to adjustment – some changes might be made

3

Lab website Lab website

http://www-scf.usc.edu/~csci530l/

• r equivalently

http://ccss.usc.edu/530l

g

• t

c h a !

l e t t e r “ e l l ” n

• t

n u m b e r “ w u n n ”

announcements lab exercise instructions

Lab exercise mechanics Lab exercise mechanics

before lecture: preview website’s posted instructions

for the upcoming topic

attend lecture on that week's topic

(synchronously/live or asynchronously/recorded)

perform lab on that topic during ensuing week after: electronically turn in requested result

– email it to csci530l@usc.edu – use prescribed email title keywords for each lab

(the specific keywords are posted on website)

– deadline: start of following week’s lab lecture, 4:30 Fridays

4

11/13 11/6 filesystem labeling 11/6 10/30 tunnels and vpns 10/30 10/23 arp spoofing 10/23 10/16 intrusion detection 10/16 10/9 firewalls 10/9 10/2 packet sniffing 10/2 9/25 application security 9/25 9/18 authorization 9/18 9/11 authentication 9/11 9/4 cryptography 8/28 introduction Due date Lecture date Lecture topic

Lab schedule Lab schedule

subject to adjustment – probable week off around 10/9 midterm time

Lab grading Lab grading

there are 10 lab exercises each is followed by a few questions every question must be answered each lab graded fail/lo-pass/pass/hi-pass

0 1 2 3

8 highest grades averaged (i.e., lowest discarded) average will influence course grade – average > 2 raises/enhances – average < 2 lowers/damages – average = 2 no effect

5

Policies Policies

no late submissions follow course online homes

– lab website at

http://www-scf.usc.edu/~csci530l/

– professor's main site for the course

http://csclass.info/USC/CSCI530/F20/

Lab platform Lab platform

VirtualBox

– how do I get VirtualBox?

several VMs will be distributed

– what VMs are there? – how do I get the VMs? – how do I import the VMs into VirtualBox?

6

How do I get How do I get VirtualBox VirtualBox? ? What What VMs VMs are there? are there?

there will be 3 or 4 of them in the form of .ova files

– ova files are large – I will split them into smaller fragments for download – you will recombine the fragments post-download

the first one is now posted (succeeding slides)

– the others will follow when needed

see lab website's "detailed instructions" link

7

CentOS 4.3 min-gdb

stack overflow

(tba/tbd)

heartbleed

fedora30-fall20

C sign extension

(tba/tbd)

filesystem labeling fedora30-fall20 tunnels and vpns fedora30-fall20 arp spoofing CentOS 4.3 min-gdb intrusion detection fedora30-fall20 firewalls fedora30-fall20 packet sniffing application security fedora30-fall20 authorization

(tba/tbd)

authentication fedora30-fall20 cryptography Lecture date Lecture topic

Which labs use which Which labs use which VMs VMs? ?

tba/tbd = to be annouced to be delivered

How do I get the How do I get the VMs VMs? ?

visit this URL and log in with your USC credentials students please confirm shared drives' accessibility

8

How do I import the How do I import the VMs VMs into into VirtualBox VirtualBox? ?

Some configuration scripts Some configuration scripts

VirtualBox includes "vboxmanage" command

– a command line equivalent for GUI features

I wrote short scripts that use vboxmanage to

automate VM setup work for you

– to create them – to make settings (virtual cabling, IPs, hostnames) – to power them on and off – to destroy them

because your time is for using, not configuring

9

Getting the scripts Getting the scripts

initially (8/28/20) these contain scripts only for the first lab, about cryptography (others will be added/included before future labs)

Using the scripts Using the scripts

there are 10 labs a set of scripts for each, in its own directory

– for Windows ".bat" batch language scripts – for linux/Apple ".sh" bash shell language script – functionally equivalent

4 to 6 scripts in each set

4 scripts 6 scripts

10

Script execution order Script execution order

using them in order is important

at first, to start: vmconfigure-populate.bat (or .sh for bash, on linux or Apple) vmconfigure-construct-network.bat (if present) vmconfigure-guestOS-internal-settings.bat (if present) OR vmconfigure-poweron.bat to end: vmconfigure-poweroff.bat vmconfigure-destroy.bat

Script functions Script functions

vmconfigure-populate.bat

creates VMs by cloning the base VM

vmconfigure-construct-network.bat

cables interfaces to network(s) common to other VMs

vmconfigure-guestOS-internal-settings.bat

powers machines on runs commands in their OS (linux) to establish hostnames, addresses, routes

vmconfigure-poweron.bat

powers machines on (only)

vmconfigure-poweroff.bat

powers machines off (cleanly)

vmconfigure-destroy.bat

deletes all trace of machines (must first be in poweroff state)

11

Demo Demo -

• instantiating this net

instantiating this net

Run:

• 1. vmconfigure-populate.sh
• 2. vmconfigure-construct-network.sh
• 3. vmconfigure-guestOS-internal-settings.sh
• 4. vmconfigure-poweroff.sh
• 5. vmconfigure-destroy.sh

Demo Demo -

• resultant screenshot

resultant screenshot

12

Today Today’ ’s take s take-

• away for your to

away for your to-

• do list

do list

download/install VirtualBox download/import one appliance (VM)

– "fedora30-fall20"

download scripts for your platform preview the instructions for next week's

"cryptography" lab topic

http://www-scf.usc.edu/~csci530l/lab-publickey.htm

Email contacts Email contacts

csci530l@usc.edu

lab grader(s), me, course TA, prof collectively

davidmor@usc.edu

me individually

13

Thank you Thank you

for sharing an interest in the subject matter for adjusting to new, remote classwork for your kind attention today