Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2008 T.Zlateva, L.Burstein, A.MacNeil Virtual Laboratories for Learning Real World Security The 12 th Colloquium for Information Systems Security Education.

Similar presentations


Presentation on theme: "© 2008 T.Zlateva, L.Burstein, A.MacNeil Virtual Laboratories for Learning Real World Security The 12 th Colloquium for Information Systems Security Education."— Presentation transcript:

1 © 2008 T.Zlateva, L.Burstein, A.MacNeil Virtual Laboratories for Learning Real World Security The 12 th Colloquium for Information Systems Security Education University of Texas, Dallas June 2-4, 2008 Presented by: Tanya Zlateva Leo Burstein Andy MacNeil

2 Boston University Slideshow Title Goes Here © 2008 T.Zlateva, L.Burstein, A.MacNeil Agenda  Introductions, Institutional Context  Motivation  Choosing Topic, Scope and Technology  Lab Scenario and Implementation Overview  Step by Step Walkthrough  Future Work  Student Feedback  Q&A Virtual Laboratories for Learning Real World Security 2 4/18/2015

3 Boston University Slideshow Title Goes Here © 2008 T.Zlateva, L.Burstein, A.MacNeil Institutional Context  Graduate programs in CS, CIS, TC, concentration in security  Majority of students are working professionals typically employed by high-tech Boston area companies  Course Delivery is face-to-face, online, blended Virtual Laboratories for Learning Real World Security4/18/2015 3

4 Boston University Slideshow Title Goes Here © 2008 T.Zlateva, L.Burstein, A.MacNeil Motivation  To succeed in complex modern workplace, students need solid academic knowledge and practical skills combined with key enterprise competencies  Reinforcement effect: studies show that students learn better when they understand practical applications of theoretical concepts  Properly designed Labs help students to develop important career-building skills (teamwork, passion to innovate, managing change, working in a global environment, building toolkits, etc.) Virtual Laboratories for Learning Real World Security4/18/2015 4

5 Boston University Slideshow Title Goes Here © 2008 T.Zlateva, L.Burstein, A.MacNeil Choosing Topics, Scope and Technology  Putting Cryptography in Context Crypto algorithms draw on the most abstract branches of mathematics while their correct (or incorrect) application decides vital problems ranging from security of nation’s critical infrastructure to privacy of personal information.  Choosing the Scope Modeling complex end-to-end integrated practical scenario (vs. isolated concept-specific exercises) helps to “see the whole picture”, learn real-life scenarios, and emphasize human factors (process vs. technology).  Virtualization as an Enabling Technology Minimize setup times and hardware requirements, promote role playing and team collaboration, implementation flexibility esp. simulating distributed environments, support for larger classes. Virtual Laboratories for Learning Real World Security4/18/2015 5

6 Boston University Slideshow Title Goes Here © 2008 T.Zlateva, L.Burstein, A.MacNeil Scenario and Implementation Overview End User Systems Admin Hacker Security Manager Virtual Laboratories for Learning Real World Security4/18/ MS IIS/2003WireSharkIE Browser MS Server 2008 MS VS 2005 (Dell 16GB)

7 Boston University Slideshow Title Goes Here © 2008 T.Zlateva, L.Burstein, A.MacNeil Step by Step Walkthrough Step 1 – Security Fundamentals, Setting Up the Stage Theory: Fundamental Security Properties Authentication Authorization Confidentiality Integrity Non-repudiation Practice: Exploring Vulnerabilities of Typical Infrastructures Web server security-related configurations Common Internet protocols Network traffic analyzers (not just a hacking tool) Common vulnerabilities and countermeasures Virtual Laboratories for Learning Real World Security4/18/ App. Server Client Wstation USERNAME PASSWORD

8 Boston University Slideshow Title Goes Here © 2008 T.Zlateva, L.Burstein, A.MacNeil Step by Step Walkthrough Theory: Crypto Fundamentals of Group Theory Encryption Algorithms Hash Functions Digital Signatures Secret and Public Key Cryptography SECURITY PROTOCOLS Practice: Securing Internet Communications: Configuring servers with TLS Generating and exchanging keys and digital certificates Step 2 – Interplay of Crypto Theory and Internet Security Virtual Laboratories for Learning Real World Security4/18/2015 8

9 Boston University Slideshow Title Goes Here © 2008 T.Zlateva, L.Burstein, A.MacNeil Step by Step Walkthrough Theory: Secret and Public Key Cryptography Security Protocols Public Key Infrastructure Practice: Implementing PKI Elements of Public Key Infrastructure Anatomy of TLS negotiations – matching theory with practice Step 3: Public Key Cryptography and Public Key Infrastructure Virtual Laboratories for Learning Real World Security4/18/ App. Server Client Wstation

10 Boston University Slideshow Title Goes Here © 2008 T.Zlateva, L.Burstein, A.MacNeil Step by Step Walkthrough Theory : Secret and Public Key Cryptography (cont.) Security Protocols Practice: Managing Trust Certificate Authority (CA) (and operational procedures!) CA Hierarchies Key Management nightmare Out-of-bound communications Emergencies Revocation Lists (more procedures…) Strong authentication and client-side configurations Step 4 – Trusts, Signatures, Revocations – and Management Virtual Laboratories for Learning Real World Security4/18/ Discuss: technology vs. processes; collaboration – all levels; security vs. business objectives; risk management; controls; central/ mandate vs. distributed/grassroots “Tools” + “Rules” < 100% awareness clearly seeing “the whole picture”  knowing what we don’t know

11 Boston University Slideshow Title Goes Here © 2008 T.Zlateva, L.Burstein, A.MacNeil Future Work  Offer choice of application platforms, browsers, CA, etc. to accommodate group preferences  Optimize lab implementation for larger classes, online and blended programs  Explore additional security protocols (e.g. IPSec)  Introduce additional workplace scenarios (e.g. enterprise perimeter security, SCADA systems, database security)  Introduce additional attack vectors, vulnerabilities and countermeasures, elements of network forensics  Add case studies and simulations to emphasize importance of processes and promote experience sharing  How to measure learning outcomes? Virtual Laboratories for Learning Real World Security4/18/

12 Boston University Slideshow Title Goes Here © 2008 T.Zlateva, L.Burstein, A.MacNeil Student’s Perspective Andy MacNeil, 2008 BU Graduate, NSA Information Assurance Scholarship Program Participant Virtual Laboratories for Learning Real World Security4/18/

13 Boston University Slideshow Title Goes Here © 2008 T.Zlateva, L.Burstein, A.MacNeil Key Learning Points  Reality of Basic Network Security  Use of Encryption Algorithms  Establishing relationships  Building a valuable toolbox and skill inventory Virtual Laboratories for Learning Real World Security 13 4/18/2015

14 Boston University Slideshow Title Goes Here © 2008 T.Zlateva, L.Burstein, A.MacNeil Basic Security  Username and password concept is very simple  Simplicity in exchange for security  Initial thoughts Virtual Laboratories for Learning Real World Security4/18/

15 Boston University Slideshow Title Goes Here © 2008 T.Zlateva, L.Burstein, A.MacNeil Encryption Algorithms  Was unclear how encryption could be used to secure a transmission  Do we have to install a separate program to encrypt the data we send?  Cipher Suites  What is this?  How are they determined?  Ex. TLS_RSA_WITH_RC4_128_SHA (0x0005) Virtual Laboratories for Learning Real World Security4/18/

16 Boston University Slideshow Title Goes Here © 2008 T.Zlateva, L.Burstein, A.MacNeil Piecing It All Together  How can we be certain?  Where does the trust/mistrust occur?  Trusted Root Stores  What is this  What does it do Virtual Laboratories for Learning Real World Security4/18/

17 Boston University Slideshow Title Goes Here © 2008 T.Zlateva, L.Burstein, A.MacNeil My Toolset  Useful tools and skills to jump-start my career  Working with others and having fun!  Learning through writing a manual to teach others  … and getting respect for security processes for the rest of my life Virtual Laboratories for Learning Real World Security 17 4/18/2015

18 Boston University Slideshow Title Goes Here © 2008 T.Zlateva, L.Burstein, A.MacNeil Questions & Answers Virtual Laboratories for Learning Real World Security 18 4/18/2015


Download ppt "© 2008 T.Zlateva, L.Burstein, A.MacNeil Virtual Laboratories for Learning Real World Security The 12 th Colloquium for Information Systems Security Education."

Similar presentations


Ads by Google