security exercises for the online classroom with deter
play

Security Exercises for the Online Classroom with DETER Peter A. H. - PowerPoint PPT Presentation

Aug 12, 2023 •34 likes •314 views

Security Exercises for the Online Classroom with DETER Peter A. H. Peterson and Dr. Peter L. Reiher {pahp, reiher}@cs.ucla.edu Laboratory for Advanced Systems Research (LASR) University of California Los Angeles The 3 rd Workshop on Cyber

  1. Security Exercises for the Online Classroom with DETER Peter A. H. Peterson and Dr. Peter L. Reiher {pahp, reiher}@cs.ucla.edu Laboratory for Advanced Systems Research (LASR) University of California Los Angeles The 3 rd Workshop on Cyber Security Experimentation and Test (CSET'10)

  2. Key Points 1. DETER is an ideal choice for hands-on, online security education. 08/09/10 3rd Workshop on Cyber Security Experimentation and Test 2

  3. Key Points 2. Realistic, hands-on, exercises are a powerful addition to our security curriculum. 08/09/10 3rd Workshop on Cyber Security Experimentation and Test 3

  4. Outline  Project motivation  DETER as an educational platform  Our labs as a case study  Lessons Learned  Conclusion 08/09/10 3rd Workshop on Cyber Security Experimentation and Test 4

  5. Project Motivation  Homework for the online classroom  Requirements  Same value as traditional homework  Easy to use without much “face time”  Possibilities  Research Projects  Pen and paper coursework  Hands-on labs 08/09/10 3rd Workshop on Cyber Security Experimentation and Test 5

  6. Why Hands-on?  Theory alone does not provide security  Real security is theory and practice, together  The real world is complicated  “Give a person a fish...”  Real-world scenarios and tools add relevancy  Fundamental issues exemplified in real systems 08/09/10 3rd Workshop on Cyber Security Experimentation and Test 6

  7. Hands-on Approaches  Applications  OWASP WebGoat, custom demonstrations, etc.  We wanted to use real software systems  Some topics hard to put in “application form”  Virtualization  QEMU, VirtualBox, VMware  Testbeds  In-house, Emulab, DETER 08/09/10 3rd Workshop on Cyber Security Experimentation and Test 7

  8. Why Not Virtualization?  Remote software support  Multi-gigabyte download  Bugfixes  Virtual networking  Cheating  Overhead of multiple hosts MITM Topology 08/09/10 3rd Workshop on Cyber Security Experimentation and Test 8

  9. DETER  Dynamic physical networks  Based on Emulab  ~300 machines  Internet-accessible  Public  Grouped resources DETER Homepage  Security focused 08/09/10 3rd Workshop on Cyber Security Experimentation and Test 9

  10. DETER Experiments  Network Topology  Machines  Software DETER Topology designer 08/09/10 3rd Workshop on Cyber Security Experimentation and Test 10

  11. DETER Customization  Boot-time customization  Packages install from course archive on DETER  Single repository  Stable platform and interface DETER customization scripts 08/09/10 3rd Workshop on Cyber Security Experimentation and Test 11

  12. DETER for Students  Individual, private logins  Simple web control panel  Requires only a web browser and SSH  Built-in redundancy  Backups  Testbed support 08/09/10 3rd Workshop on Cyber Security Experimentation and Test 12

  13. Any DETERrents?  Shared testbed with finite resources  Only a minor inconvenience in practice  Not local hardware  Overkill for some uses  “Installation media” not 100% secure 08/09/10 3rd Workshop on Cyber Security Experimentation and Test 13

  14. Case Study  Hands-on, practical online exercises  Courseware components  DETER  Lab Manual  Lab software  Five labs  Supporting a class on DETER 08/09/10 3rd Workshop on Cyber Security Experimentation and Test 14

  15. Lab Manual  Wiki for CMS  Remote Access  Easy to update  Read-only for students  Internal/External links Lab manual homepage 08/09/10 3rd Workshop on Cyber Security Experimentation and Test 15

  16. Lab Template  Self-contained unit:  Overview  Technical discussion  External reading  “The Story So Far...”  Assignment Permissions Lab Table of Contents 08/09/10 3rd Workshop on Cyber Security Experimentation and Test 16

  17. Lab Descriptions  Topics  Permissions and Firewalls  Exploits  Computer Forensics  Man-in-the-middle  Network intrusion detection systems  All freely available open-source software  Most are standard security/networking tools 08/09/10 3rd Workshop on Cyber Security Experimentation and Test 17

  18. Permissions & Firewalls  POSIX file system permissions  Including special permissions and sudo  Stateful firewalls with iptables  Principle of Least Privilege  Deny by Default Design  Emphasis on unexpected interactions 08/09/10 3rd Workshop on Cyber Security Experimentation and Test 18

  19. Exploits  Buffer overflows  Pathname attacks  SQL Injection  Find, Exploit, Patch, Debrief  No Security in Obscurity /etc/shadow is not a memo!  Failure or Works As Designed? 08/09/10 3rd Workshop on Cyber Security Experimentation and Test 19

  20. Computer Forensics  Security involves detective work  Three scenarios and disk images  Data recovery  Log analysis  Analysis and written report  Talk about exploratory learning!  Two sides to every story 08/09/10 3rd Workshop on Cyber Security Experimentation and Test 20

  21. Man-in-the-middle  ARP poisoning  Eavesdropping  Replay  Injection  Canonical MITM  Nonce design  The liability of abstraction The scene of the crime 08/09/10 3rd Workshop on Cyber Security Experimentation and Test 21

  22. NIDS  Intrusion Detection  Craft signatures  Real data  Security tuning  Highly context sensitive task BASE interface  TCP trace analysis (http://base.secureideas.net/) 08/09/10 3rd Workshop on Cyber Security Experimentation and Test 22

  23. Supporting DETER Classes  Email is the #1 support tool, by far  Live office hours with  Instant messaging  SSH tunneling  GNU screen  Low-tech and works like a charm! 08/09/10 3rd Workshop on Cyber Security Experimentation and Test 23

  24. DETER Lessons  We feel DETER superior to VMs for our needs  Especially:  For online courses  For multi-node scenarios  When physical networks are important  For security-oriented projects  Also great for “brick and mortar” classes 08/09/10 3rd Workshop on Cyber Security Experimentation and Test 24

  25. Hands-on Lessons  Excellent interest and response  Unexpected and creative answers  Exploration reaps rewards  Novices and experts both succeed  Theory illuminated by practice 08/09/10 3rd Workshop on Cyber Security Experimentation and Test 25

  26. Future Work  Flexibility and Repeatability issues  Reducing development cost  Forensic Image Creator  New labs  DETER-specific issues 08/09/10 3rd Workshop on Cyber Security Experimentation and Test 26

  27. Conclusion 1. DETER is great for educational use 2. Hands-on, exploratory labs are a powerful (and fun!) way to reinforce theory 08/09/10 3rd Workshop on Cyber Security Experimentation and Test 27

  28. Q&A Labs available at: http://lasr.cs.ucla.edu/classes/seclabs/ {pahp, reiher}@cs.ucla.edu Contact us for more information. 08/09/10 3rd Workshop on Cyber Security Experimentation and Test 28

Recommend

What is Google Classroom? Google Classroom is an online platform that allows teachers and

What is Google Classroom? Google Classroom is an online platform that allows teachers and

What is Google Classroom? Google Classroom is an online platform that allows teachers and students to communicate and collaborate. Content can be created, distributed, shared, and graded--all within the virtual Classroom. *Using your school

456 views • 33 slides
Experience with DETER A Testbed for Security Research Terry Benzel, Bob Braden, Dongho Kim,

Experience with DETER A Testbed for Security Research Terry Benzel, Bob Braden, Dongho Kim,

Information Sciences Institute Experience with DETER A Testbed for Security Research Terry Benzel, Bob Braden, Dongho Kim, Clifford Neuman, Anthony Joseph, Keith Sklower, Ron Ostrenga, and Stephen Schwab Clifford Neuman Director, USC Center

397 views • 20 slides
The future of cyber security exercises more than just education? The Problem: how can

The future of cyber security exercises more than just education? The Problem: how can

The future of cyber security exercises more than just education? The Problem: how can we run large cyber security exercises once a week? 2 Stepping back Looking at the configuration management problem, e.g., the gap

749 views • 20 slides
Hands On Exercises for Globus Online Command Line Interface IGE Globus Online Tutorial EGI

Hands On Exercises for Globus Online Command Line Interface IGE Globus Online Tutorial EGI

Hands On Exercises for Globus Online Command Line Interface IGE Globus Online Tutorial EGI Community Forum 2013, Manchester, April 9, 2013 Trainers: S. Tuecke, M. Hoffman, I. Muntean Setup: Add your public key to your identities in Globus

56 views • 3 slides
High-performance real time Virtual Classroom integrated in your website ~ online learning made

High-performance real time Virtual Classroom integrated in your website ~ online learning made

High-performance real time Virtual Classroom integrated in your website ~ online learning made easy ~ Grow your business Stand out from the competition Expand online Do you run a classroom-based Language School? Do you want a branded

262 views • 24 slides
A Multi Layer Multi Sensor Approach DETER DETECT DELAY DENY Presentation Approach:

A Multi Layer Multi Sensor Approach DETER DETECT DELAY DENY Presentation Approach:

CONVERGING INTRUSION DETECTION TECHNOLOGY AND PHYSICAL SECURITY A Multi Layer Multi Sensor Approach DETER DETECT DELAY DENY Presentation Approach: Introduction to Slingshot Security Solutions Private Limited and its key technology

662 views • 19 slides
GOALS AND PROJECTS 2017-18 CLICK TO EDIT MASTER TITLE STYLE Charter President Dr. Otm ar Deter

GOALS AND PROJECTS 2017-18 CLICK TO EDIT MASTER TITLE STYLE Charter President Dr. Otm ar Deter

GOALS AND PROJECTS 2017-18 CLICK TO EDIT MASTER TITLE STYLE Charter President Dr. Otm ar Deter Charter President Dr. Otmar Deter President Dr. Margret Deter President Elect Maneeya Engelking National Income per capita and year, 1996-2016

319 views • 21 slides
DEMYSTIFYING VIDEO ASSIGNMENTS AND PRESENTATIONS FOR THE ONLINE CLASSROOM Dr. Meghan Ferraro Dr.

DEMYSTIFYING VIDEO ASSIGNMENTS AND PRESENTATIONS FOR THE ONLINE CLASSROOM Dr. Meghan Ferraro Dr.

DEMYSTIFYING VIDEO ASSIGNMENTS AND PRESENTATIONS FOR THE ONLINE CLASSROOM Dr. Meghan Ferraro Dr. Edward Snyder OBJECTIVES This session will help participants identify and explore technology tools necessary for online learning. This

365 views • 15 slides
Online/Digital Classroom Presence April 11, 2016 Tonight's Discussion Topics Student &

Online/Digital Classroom Presence April 11, 2016 Tonight's Discussion Topics Student &

Online/Digital Classroom Presence April 11, 2016 Tonight's Discussion Topics Student & parent online communication needs Online/digital teacher expectations for 2016-2017 Management systems and tools Operationalizing

320 views • 31 slides
Hands-on Exercises C H I P S T E R A N D F E D E R A T E D C L O U D Slides and Exercises m

Hands-on Exercises C H I P S T E R A N D F E D E R A T E D C L O U D Slides and Exercises m

Hands-on Exercises C H I P S T E R A N D F E D E R A T E D C L O U D Slides and Exercises m odified from the CSC presentation (EMBO event) Outline 2 Introduction to Chipster NGS data analysis and visualization Quality control

920 views • 46 slides
Intro to Tabletop Exercises Michael Ruple School Safety Coordinator Area A 01/28/2016 Enabling

Intro to Tabletop Exercises Michael Ruple School Safety Coordinator Area A 01/28/2016 Enabling

Georgia Emergency Management Agency Homeland Security Intro to Tabletop Exercises Michael Ruple School Safety Coordinator Area A 01/28/2016 Enabling Objectives Define Exercise Why should we conduct exercises? Types of exercises

363 views • 19 slides
Do audits deter future non-compliance? Evidence on Self-Employed Taxpayers Sebastian Beer,

Do audits deter future non-compliance? Evidence on Self-Employed Taxpayers Sebastian Beer,

Do audits deter future non-compliance? Evidence on Self-Employed Taxpayers Sebastian Beer, Matthias Kasper, Erich Kirchler, and Brian Erard November 11, 2016 Do audits deter future non-compliance? What happens when you experience an audit?

359 views • 20 slides
Cryptography II Exercises Luca Vigan` o Institut f ur Informatik

Cryptography II Exercises Luca Vigan` o Institut f ur Informatik

Cryptography II Exercises Luca Vigan` o Institut f ur Informatik Albert-Ludwigs-Universit at Freiburg IT-Security: Theory and Practice (WS02) Luca Vigan` o 1 Solutions of the exercises of last week EXERCISE 1. The ciphertext

612 views • 37 slides
Course setup 9 ec course examination based on computer exercises weekly exercises

Course setup 9 ec course examination based on computer exercises weekly exercises

Course setup 9 ec course examination based on computer exercises weekly exercises discussed in tutorial class All course materials (slides, exercises) and schedule via http://www.snn.ru. nl/bertk/machinelearning/ Bert Kappen ML

696 views • 43 slides
Presentation plan: 1-2 hour training Teams is an online classroom hub designed with

Presentation plan: 1-2 hour training Teams is an online classroom hub designed with

Course 1: All about Teams 1/6 Presentation plan: 1-2 hour training Teams is an online classroom hub designed with instructional ISTE Educator effjciency and student growth in mind. In this space, teachers can Standards: 1B, 2C,

539 views • 6 slides
Finding Similar Exercises in Online Education Systems Reporter: Zai Huang Date: 2018.07.22

Finding Similar Exercises in Online Education Systems Reporter: Zai Huang Date: 2018.07.22

The 24nd ACM SIGKDD Conference on Knowledge Discovery and Data Mining 2018/08/19-08/23 , London Finding Similar Exercises in Online Education Systems Reporter: Zai Huang Date: 2018.07.22 Anhui Province Key Laboratory Of Big Data Analysis and

391 views • 38 slides
EXISTING OVERALL FLOOR PLAN 1 NORTH SCALE: 1" = 20'-0" SHEET NUMBER CLASSROOM

EXISTING OVERALL FLOOR PLAN 1 NORTH SCALE: 1" = 20'-0" SHEET NUMBER CLASSROOM

SHEET NUMBER CLASSROOM CLASSROOM 307 306 CLASSROOM 308 CLASSROOM 305 CORRIDOR 315 CLASSROOM CLASSROOM 309 304 DATE CLASSROOM SCIENCE 310 303 CORRIDOR 316 PREP SEE PLAN 2 ON ENLARGED CONF. ROOM BOYS' FLOOR PLAN SHEET

244 views • 8 slides
COLO-NESCO ELEMENTARY ARCHITECTURE + ENGINEERING + ENVIRONMENTAL + PLANNING

COLO-NESCO ELEMENTARY ARCHITECTURE + ENGINEERING + ENVIRONMENTAL + PLANNING

SHEET NUMBER 0 CLASSROOM CLASSROOM RESTROOM CLASSROOM RESTROOM CLASSROOM CLASSROOM TOILET JANITOR STORAGE WKRM PRESCHOOL PRESCHOOL REF. TELECOM TLT. WORK CONFERENCE/ MECHANICAL ROOM INSTRUCTIONAL COACH COLLAB MEDIA CENTER

68 views • 4 slides
COURSE PRESENTATION FALL 2020 *Important - This course will be offered online ONLY* Course:

COURSE PRESENTATION FALL 2020 *Important - This course will be offered online ONLY* Course:

COURSE PRESENTATION FALL 2020 *Important - This course will be offered online ONLY* Course: Course: Chemistry 1210 R25 Instructor: Patrick Duffy Classroom: ONLINE Class Hours: M/Th, 8 10 AM Lab Room #: ONLINE Lab Hours: Wednesdays, 2

67 views • 5 slides
How Would the Money be Used? How Would the Money be Used? Upgrade interactive classroom displays

How Would the Money be Used? How Would the Money be Used? Upgrade interactive classroom displays

How Would the Money be Used? How Would the Money be Used? Upgrade interactive classroom displays Replace student 1:1 computers/devices Increase budgets for classrooms Upgrade wireless network & security (classroom

156 views • 3 slides
EXERCISES EXERCISES Important Perfectly safe for the vast majority of people Those with

EXERCISES EXERCISES Important Perfectly safe for the vast majority of people Those with

EXERCISES EXERCISES Important Perfectly safe for the vast majority of people Those with any medical issues should perform the workout only with the consent of your medical practitioner. Certain exercises, such as strong breath holds,

1.07k views • 72 slides
1 Analysis of SNP data with R The data we will be working with here can be read into R using the

1 Analysis of SNP data with R The data we will be working with here can be read into R using the

Statistical methods in bioinformatics April 9, 2018 Exercises day 2 Claus Ekstrm These exercises will use a combination of R and specific programmes. The exercises are build up over two types of problems: introductory text that you should run

282 views • 5 slides
Fall 2020 Classroom AV Overview Technology to support hybrid and online delivery modes in

Fall 2020 Classroom AV Overview Technology to support hybrid and online delivery modes in

Fall 2020 Classroom AV Overview Technology to support hybrid and online delivery modes in General University (GU) classrooms New Classroom Audiovisual Technology: Available in General University (GU) classrooms Supported by

405 views • 9 slides
Transformation Exercises: Denavit- Hartenberg Method Some images and exercises from:

Transformation Exercises: Denavit- Hartenberg Method Some images and exercises from:

Transformation Exercises: Denavit- Hartenberg Method Some images and exercises from: Introduction to Autonomous Mobile Robots, Siegwart, Nourbakhsh, 2011 Robot Dynamics and Control Second Edition, Spong, Hutchinson, Vidyasagar, 2004 Spacecraft

711 views • 23 slides

More recommend