information security at the university of wisconsin – eau claire
DESCRIPTION
Information Security at the University of Wisconsin – Eau Claire. Paul J. Wagner [email protected] Department of Computer Science University of Wisconsin - Eau Claire Eau Claire, WI 54701. UW-Eau Claire Project. Goals: Build computer security laboratory - PowerPoint PPT PresentationTRANSCRIPT
Information Security at the Information Security at the University of Wisconsin – University of Wisconsin –
Eau ClaireEau Claire
Paul J. WagnerPaul J. [email protected]@uwec.edu
Department of Computer ScienceDepartment of Computer ScienceUniversity of Wisconsin - Eau ClaireUniversity of Wisconsin - Eau Claire
Eau Claire, WI 54701Eau Claire, WI 54701
UW-Eau Claire ProjectUW-Eau Claire Project
Goals:Goals: Build computer security laboratoryBuild computer security laboratory Develop two courses (Computer Security, Cryptography and Develop two courses (Computer Security, Cryptography and
Network Security)Network Security) Develop course modules for other CS courses related to security Develop course modules for other CS courses related to security
issuesissues Received NSF Course, Curriculum and Laboratory Received NSF Course, Curriculum and Laboratory
Improvement (CCLI) Adaptation and Implementation Improvement (CCLI) Adaptation and Implementation (A&I) grant to do this(A&I) grant to do this Based on security lab and courses (actual and proposed) at Based on security lab and courses (actual and proposed) at
Indiana University of PennsylvaniaIndiana University of Pennsylvania Term: 6/2003 – 5/2005Term: 6/2003 – 5/2005
Computer LaboratoryComputer Laboratory
HeterogeneousHeterogeneous 8 Windows XP machines, 8 Linux machines8 Windows XP machines, 8 Linux machines Shared keyboard, video monitor and mouse with KVM switchShared keyboard, video monitor and mouse with KVM switch
8 stations8 stations Several Cisco PIX firewalls, one 48-port switchSeveral Cisco PIX firewalls, one 48-port switch
Dual UseDual Use Computer Security and regular usage (general, pair Computer Security and regular usage (general, pair
programming)programming) Normal setup – systems open to internetNormal setup – systems open to internet Secure setup – all or partially isolated from internetSecure setup – all or partially isolated from internet
Computer Laboratory (2)Computer Laboratory (2)
Use Virtual Machines for Computer Security courseUse Virtual Machines for Computer Security course Virtual PC (Microsoft)Virtual PC (Microsoft)
Another possibility: VMWareAnother possibility: VMWare Fedora images stored on network, downloaded to a Windows Fedora images stored on network, downloaded to a Windows
systemsystem AdvantagesAdvantages
Can give students root, systems easily replaced if trashedCan give students root, systems easily replaced if trashed DisadvantagesDisadvantages
Storage, network downloadsStorage, network downloads Labororatory Network is PartitionableLabororatory Network is Partitionable
Normal setup – Windows machines on one subnet, Linux Normal setup – Windows machines on one subnet, Linux machines on another subnetmachines on another subnet
Cyberwar lab setup – additional subnets emulating secure Cyberwar lab setup – additional subnets emulating secure businessbusiness
Laboratory LayoutLaboratory Layout
Bait 1 Bait 2
Bait 3 Bait 4
DMZ
Secure Zone
Secure Business Theatre
Linux Win XP Linux Win XP Linux Win XP Linux Win XP
Pseudo Internet
CLICS Lab Environment
Linux Win XP Linux Win XP Linux Win XP Linux Win XP
Switch/HubSwitch/Hub
Hub
Campus Network & Internet
Hub
Hub
Hub
Hub
Bait 5
CoursesCourses
Computer SecurityComputer Security Principles (technological, physical and social)Principles (technological, physical and social) Practice (hands-on laboratory exercises each week)Practice (hands-on laboratory exercises each week)
Primarily with Linux tools (ethereal, nmap, nessus, bastille, tripwire, Primarily with Linux tools (ethereal, nmap, nessus, bastille, tripwire, snort, john the ripper)snort, john the ripper)
Culmination – multi-day cyberwar laboratory exerciseCulmination – multi-day cyberwar laboratory exercise Paper presented at SIGCSE 2004Paper presented at SIGCSE 2004
Cryptography and Network SecurityCryptography and Network Security Mathematical background for cryptographyMathematical background for cryptography Cryptographic algorithmsCryptographic algorithms Programming using cryptography, SSLProgramming using cryptography, SSL
Course ModulesCourse Modules
CS1/CS2CS1/CS2 Rail CipherRail Cipher Caesar CipherCaesar Cipher SteganographySteganography Biometrics (timing keystrokes)Biometrics (timing keystrokes) RSA (simplified and secure, using Java)RSA (simplified and secure, using Java) Spam Filter / Email AnalyzerSpam Filter / Email Analyzer
Advanced CoursesAdvanced Courses Buffer Overflow (Computer Architecture / Operating Systems)Buffer Overflow (Computer Architecture / Operating Systems) Database Security (Database Systems / Software Engineering)Database Security (Database Systems / Software Engineering) Remote User Authentication (Software Engineering)Remote User Authentication (Software Engineering)
Mostly assignments that fit in existing course structure Mostly assignments that fit in existing course structure Just another assignment domainJust another assignment domain
Goals, Contact InformationGoals, Contact Information
GoalsGoals Further development and dissemination of our workFurther development and dissemination of our work Application for Center of Excellence in Information Assurance Application for Center of Excellence in Information Assurance
Education certification in December 2004Education certification in December 2004
More information on our work:More information on our work: http://clics.cs.uwec.edu/http://clics.cs.uwec.edu/
NSF Project, Andrew Phillips and Paul Wagner, Co-PIsNSF Project, Andrew Phillips and Paul Wagner, Co-PIs EmailEmail
[email protected]@uwec.edu