security exercises for the online classroom with deter
play

Security Exercises for the Online Classroom with DETER Peter A. H. - PowerPoint PPT Presentation

Aug 12, 2023 •34 likes •314 views

Security Exercises for the Online Classroom with DETER Peter A. H. Peterson and Dr. Peter L. Reiher {pahp, reiher}@cs.ucla.edu Laboratory for Advanced Systems Research (LASR) University of California Los Angeles The 3 rd Workshop on Cyber

  1. Security Exercises for the Online Classroom with DETER Peter A. H. Peterson and Dr. Peter L. Reiher {pahp, reiher}@cs.ucla.edu Laboratory for Advanced Systems Research (LASR) University of California Los Angeles The 3 rd Workshop on Cyber Security Experimentation and Test (CSET'10)

  2. Key Points 1. DETER is an ideal choice for hands-on, online security education. 08/09/10 3rd Workshop on Cyber Security Experimentation and Test 2

  3. Key Points 2. Realistic, hands-on, exercises are a powerful addition to our security curriculum. 08/09/10 3rd Workshop on Cyber Security Experimentation and Test 3

  4. Outline  Project motivation  DETER as an educational platform  Our labs as a case study  Lessons Learned  Conclusion 08/09/10 3rd Workshop on Cyber Security Experimentation and Test 4

  5. Project Motivation  Homework for the online classroom  Requirements  Same value as traditional homework  Easy to use without much “face time”  Possibilities  Research Projects  Pen and paper coursework  Hands-on labs 08/09/10 3rd Workshop on Cyber Security Experimentation and Test 5

  6. Why Hands-on?  Theory alone does not provide security  Real security is theory and practice, together  The real world is complicated  “Give a person a fish...”  Real-world scenarios and tools add relevancy  Fundamental issues exemplified in real systems 08/09/10 3rd Workshop on Cyber Security Experimentation and Test 6

  7. Hands-on Approaches  Applications  OWASP WebGoat, custom demonstrations, etc.  We wanted to use real software systems  Some topics hard to put in “application form”  Virtualization  QEMU, VirtualBox, VMware  Testbeds  In-house, Emulab, DETER 08/09/10 3rd Workshop on Cyber Security Experimentation and Test 7

  8. Why Not Virtualization?  Remote software support  Multi-gigabyte download  Bugfixes  Virtual networking  Cheating  Overhead of multiple hosts MITM Topology 08/09/10 3rd Workshop on Cyber Security Experimentation and Test 8

  9. DETER  Dynamic physical networks  Based on Emulab  ~300 machines  Internet-accessible  Public  Grouped resources DETER Homepage  Security focused 08/09/10 3rd Workshop on Cyber Security Experimentation and Test 9

  10. DETER Experiments  Network Topology  Machines  Software DETER Topology designer 08/09/10 3rd Workshop on Cyber Security Experimentation and Test 10

  11. DETER Customization  Boot-time customization  Packages install from course archive on DETER  Single repository  Stable platform and interface DETER customization scripts 08/09/10 3rd Workshop on Cyber Security Experimentation and Test 11

  12. DETER for Students  Individual, private logins  Simple web control panel  Requires only a web browser and SSH  Built-in redundancy  Backups  Testbed support 08/09/10 3rd Workshop on Cyber Security Experimentation and Test 12

  13. Any DETERrents?  Shared testbed with finite resources  Only a minor inconvenience in practice  Not local hardware  Overkill for some uses  “Installation media” not 100% secure 08/09/10 3rd Workshop on Cyber Security Experimentation and Test 13

  14. Case Study  Hands-on, practical online exercises  Courseware components  DETER  Lab Manual  Lab software  Five labs  Supporting a class on DETER 08/09/10 3rd Workshop on Cyber Security Experimentation and Test 14

  15. Lab Manual  Wiki for CMS  Remote Access  Easy to update  Read-only for students  Internal/External links Lab manual homepage 08/09/10 3rd Workshop on Cyber Security Experimentation and Test 15

  16. Lab Template  Self-contained unit:  Overview  Technical discussion  External reading  “The Story So Far...”  Assignment Permissions Lab Table of Contents 08/09/10 3rd Workshop on Cyber Security Experimentation and Test 16

  17. Lab Descriptions  Topics  Permissions and Firewalls  Exploits  Computer Forensics  Man-in-the-middle  Network intrusion detection systems  All freely available open-source software  Most are standard security/networking tools 08/09/10 3rd Workshop on Cyber Security Experimentation and Test 17

  18. Permissions & Firewalls  POSIX file system permissions  Including special permissions and sudo  Stateful firewalls with iptables  Principle of Least Privilege  Deny by Default Design  Emphasis on unexpected interactions 08/09/10 3rd Workshop on Cyber Security Experimentation and Test 18

  19. Exploits  Buffer overflows  Pathname attacks  SQL Injection  Find, Exploit, Patch, Debrief  No Security in Obscurity /etc/shadow is not a memo!  Failure or Works As Designed? 08/09/10 3rd Workshop on Cyber Security Experimentation and Test 19

  20. Computer Forensics  Security involves detective work  Three scenarios and disk images  Data recovery  Log analysis  Analysis and written report  Talk about exploratory learning!  Two sides to every story 08/09/10 3rd Workshop on Cyber Security Experimentation and Test 20

  21. Man-in-the-middle  ARP poisoning  Eavesdropping  Replay  Injection  Canonical MITM  Nonce design  The liability of abstraction The scene of the crime 08/09/10 3rd Workshop on Cyber Security Experimentation and Test 21

  22. NIDS  Intrusion Detection  Craft signatures  Real data  Security tuning  Highly context sensitive task BASE interface  TCP trace analysis (http://base.secureideas.net/) 08/09/10 3rd Workshop on Cyber Security Experimentation and Test 22

  23. Supporting DETER Classes  Email is the #1 support tool, by far  Live office hours with  Instant messaging  SSH tunneling  GNU screen  Low-tech and works like a charm! 08/09/10 3rd Workshop on Cyber Security Experimentation and Test 23

  24. DETER Lessons  We feel DETER superior to VMs for our needs  Especially:  For online courses  For multi-node scenarios  When physical networks are important  For security-oriented projects  Also great for “brick and mortar” classes 08/09/10 3rd Workshop on Cyber Security Experimentation and Test 24

  25. Hands-on Lessons  Excellent interest and response  Unexpected and creative answers  Exploration reaps rewards  Novices and experts both succeed  Theory illuminated by practice 08/09/10 3rd Workshop on Cyber Security Experimentation and Test 25

  26. Future Work  Flexibility and Repeatability issues  Reducing development cost  Forensic Image Creator  New labs  DETER-specific issues 08/09/10 3rd Workshop on Cyber Security Experimentation and Test 26

  27. Conclusion 1. DETER is great for educational use 2. Hands-on, exploratory labs are a powerful (and fun!) way to reinforce theory 08/09/10 3rd Workshop on Cyber Security Experimentation and Test 27

  28. Q&A Labs available at: http://lasr.cs.ucla.edu/classes/seclabs/ {pahp, reiher}@cs.ucla.edu Contact us for more information. 08/09/10 3rd Workshop on Cyber Security Experimentation and Test 28

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

What is Google Classroom? Google Classroom is an online platform that allows teachers and

What is Google Classroom? Google Classroom is an online platform that allows teachers and

What is Google Classroom? Google Classroom is an online platform that allows teachers and students to communicate and collaborate. Content can be created, distributed, shared, and graded--all within the virtual Classroom. *Using your school

456 views • 33 slides
Experience with DETER A Testbed for Security Research Terry Benzel, Bob Braden, Dongho Kim,

Experience with DETER A Testbed for Security Research Terry Benzel, Bob Braden, Dongho Kim,

Information Sciences Institute Experience with DETER A Testbed for Security Research Terry Benzel, Bob Braden, Dongho Kim, Clifford Neuman, Anthony Joseph, Keith Sklower, Ron Ostrenga, and Stephen Schwab Clifford Neuman Director, USC Center

397 views • 20 slides
The future of cyber security exercises more than just education? The Problem: how can

The future of cyber security exercises more than just education? The Problem: how can

The future of cyber security exercises more than just education? The Problem: how can we run large cyber security exercises once a week? 2 Stepping back Looking at the configuration management problem, e.g., the gap

749 views • 20 slides
Hands On Exercises for Globus Online Command Line Interface IGE Globus Online Tutorial EGI

Hands On Exercises for Globus Online Command Line Interface IGE Globus Online Tutorial EGI

Hands On Exercises for Globus Online Command Line Interface IGE Globus Online Tutorial EGI Community Forum 2013, Manchester, April 9, 2013 Trainers: S. Tuecke, M. Hoffman, I. Muntean Setup: Add your public key to your identities in Globus

56 views • 3 slides
High-performance real time Virtual Classroom integrated in your website ~ online learning made

High-performance real time Virtual Classroom integrated in your website ~ online learning made

High-performance real time Virtual Classroom integrated in your website ~ online learning made easy ~ Grow your business Stand out from the competition Expand online Do you run a classroom-based Language School? Do you want a branded

262 views • 24 slides
A Multi Layer Multi Sensor Approach DETER DETECT DELAY DENY Presentation Approach:

A Multi Layer Multi Sensor Approach DETER DETECT DELAY DENY Presentation Approach:

CONVERGING INTRUSION DETECTION TECHNOLOGY AND PHYSICAL SECURITY A Multi Layer Multi Sensor Approach DETER DETECT DELAY DENY Presentation Approach: Introduction to Slingshot Security Solutions Private Limited and its key technology

662 views • 19 slides
GOALS AND PROJECTS 2017-18 CLICK TO EDIT MASTER TITLE STYLE Charter President Dr. Otm ar Deter

GOALS AND PROJECTS 2017-18 CLICK TO EDIT MASTER TITLE STYLE Charter President Dr. Otm ar Deter

GOALS AND PROJECTS 2017-18 CLICK TO EDIT MASTER TITLE STYLE Charter President Dr. Otm ar Deter Charter President Dr. Otmar Deter President Dr. Margret Deter President Elect Maneeya Engelking National Income per capita and year, 1996-2016

319 views • 21 slides
DEMYSTIFYING VIDEO ASSIGNMENTS AND PRESENTATIONS FOR THE ONLINE CLASSROOM Dr. Meghan Ferraro Dr.

DEMYSTIFYING VIDEO ASSIGNMENTS AND PRESENTATIONS FOR THE ONLINE CLASSROOM Dr. Meghan Ferraro Dr.

DEMYSTIFYING VIDEO ASSIGNMENTS AND PRESENTATIONS FOR THE ONLINE CLASSROOM Dr. Meghan Ferraro Dr. Edward Snyder OBJECTIVES This session will help participants identify and explore technology tools necessary for online learning. This

365 views • 15 slides
Online/Digital Classroom Presence April 11, 2016 Tonight's Discussion Topics Student &

Online/Digital Classroom Presence April 11, 2016 Tonight's Discussion Topics Student &

Online/Digital Classroom Presence April 11, 2016 Tonight's Discussion Topics Student & parent online communication needs Online/digital teacher expectations for 2016-2017 Management systems and tools Operationalizing

320 views • 31 slides
Hands-on Exercises C H I P S T E R A N D F E D E R A T E D C L O U D Slides and Exercises m

Hands-on Exercises C H I P S T E R A N D F E D E R A T E D C L O U D Slides and Exercises m

Hands-on Exercises C H I P S T E R A N D F E D E R A T E D C L O U D Slides and Exercises m odified from the CSC presentation (EMBO event) Outline 2 Introduction to Chipster NGS data analysis and visualization Quality control

920 views • 46 slides
Intro to Tabletop Exercises Michael Ruple School Safety Coordinator Area A 01/28/2016 Enabling

Intro to Tabletop Exercises Michael Ruple School Safety Coordinator Area A 01/28/2016 Enabling

Georgia Emergency Management Agency Homeland Security Intro to Tabletop Exercises Michael Ruple School Safety Coordinator Area A 01/28/2016 Enabling Objectives Define Exercise Why should we conduct exercises? Types of exercises

363 views • 19 slides
Do audits deter future non-compliance? Evidence on Self-Employed Taxpayers Sebastian Beer,

Do audits deter future non-compliance? Evidence on Self-Employed Taxpayers Sebastian Beer,

Do audits deter future non-compliance? Evidence on Self-Employed Taxpayers Sebastian Beer, Matthias Kasper, Erich Kirchler, and Brian Erard November 11, 2016 Do audits deter future non-compliance? What happens when you experience an audit?

359 views • 20 slides
Cryptography II Exercises Luca Vigan` o Institut f ur Informatik

Cryptography II Exercises Luca Vigan` o Institut f ur Informatik

Cryptography II Exercises Luca Vigan` o Institut f ur Informatik Albert-Ludwigs-Universit at Freiburg IT-Security: Theory and Practice (WS02) Luca Vigan` o 1 Solutions of the exercises of last week EXERCISE 1. The ciphertext

612 views • 37 slides
Course setup 9 ec course examination based on computer exercises weekly exercises

Course setup 9 ec course examination based on computer exercises weekly exercises

Course setup 9 ec course examination based on computer exercises weekly exercises discussed in tutorial class All course materials (slides, exercises) and schedule via http://www.snn.ru. nl/bertk/machinelearning/ Bert Kappen ML

696 views • 43 slides
Presentation plan: 1-2 hour training Teams is an online classroom hub designed with

Presentation plan: 1-2 hour training Teams is an online classroom hub designed with

Course 1: All about Teams 1/6 Presentation plan: 1-2 hour training Teams is an online classroom hub designed with instructional ISTE Educator effjciency and student growth in mind. In this space, teachers can Standards: 1B, 2C,

539 views • 6 slides
Finding Similar Exercises in Online Education Systems Reporter: Zai Huang Date: 2018.07.22

Finding Similar Exercises in Online Education Systems Reporter: Zai Huang Date: 2018.07.22

The 24nd ACM SIGKDD Conference on Knowledge Discovery and Data Mining 2018/08/19-08/23 , London Finding Similar Exercises in Online Education Systems Reporter: Zai Huang Date: 2018.07.22 Anhui Province Key Laboratory Of Big Data Analysis and

391 views • 38 slides
Lecturer: S. Nii Bekoe Tackie, School of Information and Communication Studies, Department of

Lecturer: S. Nii Bekoe Tackie, School of Information and Communication Studies, Department of

Lecturer: S. Nii Bekoe Tackie, School of Information and Communication Studies, Department of Information Studies Contact Information: snbtackie@ug.edu.gh College of Education School of Continuing and Distance Education 2014/2015 2016/2017

616 views • 61 slides
2 nd semester ENG NGLI LISH SH LA LANG NGUAGE AGE Topic 35: Pupils book for the 11 th grade

2 nd semester ENG NGLI LISH SH LA LANG NGUAGE AGE Topic 35: Pupils book for the 11 th grade

ACADEMIC LYCEUM INTERNATIONAL HOUSE TASHKENT 2 nd semester ENG NGLI LISH SH LA LANG NGUAGE AGE Topic 35: Pupils book for the 11 th grade pupils Unit 7 Literature Vocabulary What types of stories are these? Mystery Horror Fiction

594 views • 7 slides
Use Motivational Interviewing and Turbo Goal Setting to Help Your Participants Make Healthy

Use Motivational Interviewing and Turbo Goal Setting to Help Your Participants Make Healthy

Use Motivational Interviewing and Turbo Goal Setting to Help Your Participants Make Healthy Changes Nora Lynch, MS RD Certified Wellcoach www.PreventionBuddy.com Thanks to those who participated in the 2013 Regional Training Survey! From the

400 views • 25 slides
Ages of Asteroid Families Affected by Secular Resonances zevi Zoran Kne c Serbian Academy

Ages of Asteroid Families Affected by Secular Resonances zevi Zoran Kne c Serbian Academy

Ages of Asteroid Families Affected by Secular Resonances zevi Zoran Kne c Serbian Academy of Sciences and Arts, Belgrade Dynamics and chaos in astronomy and physics, Luchon, September 20, 2016 zevi Kne c Asteroid family ages In

572 views • 36 slides
RDF Schema Slides by Pascal Hirtzler & Sebastian Rudolph DMQL Prof. Peter Fischer

RDF Schema Slides by Pascal Hirtzler & Sebastian Rudolph DMQL Prof. Peter Fischer

RDF Schema Slides by Pascal Hirtzler & Sebastian Rudolph DMQL Prof. Peter Fischer Today: RDF syntax RDF Schema 2 DMQL Prof. Peter Fischer Metadata in DB Data Models Basic Idea: Provide Data to Describe Data Two

611 views • 37 slides
Chapter 7.2: Sophocles His Greatest Achievements prominent public figure in his day

Chapter 7.2: Sophocles His Greatest Achievements prominent public figure in his day

Chapter 7.2: Sophocles His Greatest Achievements prominent public figure in his day Sophocles Sophocles was chosen to lead the celebrations after the Second Persian War when still young, he defeated the veteran Aeschylus at the

261 views • 12 slides
Calculating Lyapunov exponents for random products of positive matrices Mark Pollicott Warwick

Calculating Lyapunov exponents for random products of positive matrices Mark Pollicott Warwick

Calculating Lyapunov exponents for random products of positive matrices Mark Pollicott Warwick University 7 July, 2020 Greetings from Kenilworth This is a 1830 painting of the ruin of Kenilworth Castle by J.M.W. Turner. Of course, this is 190

1.07k views • 29 slides
4. THE MONTE CARLO METHOD 4.1 I ntroduction This chapter is aimed at describing the Monte Carlo

4. THE MONTE CARLO METHOD 4.1 I ntroduction This chapter is aimed at describing the Monte Carlo

C hapter 4: Monte Carlo Modeling of Grain Growth and Recrystallization, A.D. Rollett & P. Manohar 4. THE MONTE CARLO METHOD 4.1 I ntroduction This chapter is aimed at describing the Monte Carlo method for the simulation of grain growth and

2.05k views • 37 slides

More recommend