A Simple Laboratory Environment for Real World Offensive Security Education
-
Upload
chunkybacon -
Category
Education
-
view
135 -
download
2
Transcript of A Simple Laboratory Environment for Real World Offensive Security Education
Motivation Environment Labs Future Work Summary
A Simple Laboratory Environmentfor Real-World Offensive Security Education
Maxim Timchenko David Starobinski
Electrical and Computer Engineering DepartmentBoston University
SIGCSE’15, March 7, 2015
A Simple Laboratory Environment for Real-World Offensive Security Education 1 / 23
Motivation Environment Labs Future Work Summary
Outline
1. Motivation / Goals
2. Environment
3. Labs
4. Future Work
A Simple Laboratory Environment for Real-World Offensive Security Education 2 / 23
Motivation Environment Labs Future Work Summary
Goals for a Laboratory Environment
Must Have• Security
• Separation
Stretch Goals
• Redundancy
• Persistence
Simple
• Simple to install and use
• Reuse available parts
• This is an introductory course
A Simple Laboratory Environment for Real-World Offensive Security Education 3 / 23
Motivation Environment Labs Future Work Summary
“Real-world” and “Offensive”
• Practice topics using tools common within the industry
• Discuss actual exploits, demonstrate issues vividly• Metasploit modules• Social engineering
• Cover current events (e.g. 2014: Shellshock, Heartbleed)
• Attacker mindset vs. developer mindset
A Simple Laboratory Environment for Real-World Offensive Security Education 4 / 23
Motivation Environment Labs Future Work Summary
Environments
Local isolated network containing actual hardware
• Expensive
• Limited flexibility
• Limited sharing
Photo: Leonardo Rizzi, Flickr, Creative Commons
A Simple Laboratory Environment for Real-World Offensive Security Education 5 / 23
Motivation Environment Labs Future Work Summary
Environment Virtualization
Centralized On Premises
• Set-up and maintenance
• Limited scaling
• Example: Tele-Lab [10]
A Simple Laboratory Environment for Real-World Offensive Security Education 6 / 23
Motivation Environment Labs Future Work Summary
Environment Virtualization
Cloud
• More complex architecture
• Expensive scaling
• Potentially, worst responsiveness(traffic and delay)
• Example: Salah [6] on AWS
• Yesterday: Weiss et al. - EDUrange
A Simple Laboratory Environment for Real-World Offensive Security Education 6 / 23
Motivation Environment Labs Future Work Summary
Environment Virtualization
Local
• Easy set-up
• No scaling issues
• Best responsiveness
• Example: SEED [2] onVMWare/VirtualBox
A Simple Laboratory Environment for Real-World Offensive Security Education 6 / 23
Motivation Environment Labs Future Work Summary
Detailed Environment Architecture
Lab Workstation
“Attacker”Kali Linux VM
“Target”Metasploitable VM
“Zombie”FreeBSD 6 VM
BU Intranet, Internet gateway
File Server for VM Images
A Simple Laboratory Environment for Real-World Offensive Security Education 7 / 23
Motivation Environment Labs Future Work Summary
VM Image Sets
Lab Workstation
File Server for VM Images
Carol
Bob
Alice
Local non-persistent environmentReference Image
Persistent Student Environments
A Simple Laboratory Environment for Real-World Offensive Security Education 8 / 23
Motivation Environment Labs Future Work Summary
The Attacker - Kali Linux
• Pentesting and Auditing
• Based on Debian Wheezy
• Hundreds of tools
• Top 10: Aircrack, Burp Suite,Hydra, John, Maltego,Metasploit, NMAP, ZAP,SQLmap, Wireshark
• Maintained by OffensiveSecurity
A Simple Laboratory Environment for Real-World Offensive Security Education 9 / 23
Motivation Environment Labs Future Work Summary
The Target - Metasploitable 2
• Intentionally Vulnerable VM
• Based on Ubuntu
• Many vulnerabilities of variousobviousness
• Two intentionally vulnerableweb applications (DWVA,Mutillidae)
• No GUI
A Simple Laboratory Environment for Real-World Offensive Security Education 10 / 23
Motivation Environment Labs Future Work Summary
Resource Requirements
OS Memory Use, MB (4GB RAM)
Kali
Metasploitable
FreeBSD 6
Host OS
0
2
4
6
8
10
12
14
16
Disk Use,GB
A Simple Laboratory Environment for Real-World Offensive Security Education 11 / 23
Motivation Environment Labs Future Work Summary
Studying Cybersecurity Anywhere
Photo: Alper Cugun, Flickr, CC-BY 2.0 — Whitehat Icon: Open Security Architecture, CC-BY-SA
A Simple Laboratory Environment for Real-World Offensive Security Education 12 / 23
Motivation Environment Labs Future Work Summary
Audience
• A mix of undergraduate and graduate students
• A variety of skill levels
• Requirements: a programming language, basics of Linux
A Simple Laboratory Environment for Real-World Offensive Security Education 13 / 23
Motivation Environment Labs Future Work Summary
Existing Lab Sets
The SEED Project [2]
OWASP Hackademic [5]
Many papers containingone or two labs each
Internet tutorials, e.g. “How to useMetasploit to hack X”
A Simple Laboratory Environment for Real-World Offensive Security Education 14 / 23
Motivation Environment Labs Future Work Summary
Existing Lab Sets
The SEED Project [2] OWASP Hackademic [5]
Many papers containingone or two labs each
Internet tutorials, e.g. “How to useMetasploit to hack X”
A Simple Laboratory Environment for Real-World Offensive Security Education 14 / 23
Motivation Environment Labs Future Work Summary
Existing Lab Sets
The SEED Project [2] OWASP Hackademic [5]
Many papers containingone or two labs each
Internet tutorials, e.g. “How to useMetasploit to hack X”
A Simple Laboratory Environment for Real-World Offensive Security Education 14 / 23
Motivation Environment Labs Future Work Summary
Existing Lab Sets
The SEED Project [2] OWASP Hackademic [5]
Many papers containingone or two labs each
Internet tutorials, e.g. “How to useMetasploit to hack X”
A Simple Laboratory Environment for Real-World Offensive Security Education 14 / 23
Motivation Environment Labs Future Work Summary
Lab Topics and Dependencies
Introduction
Law and Ethics Search Engine Hacking
Network Utilities Network Attacks
Password Hacking
Intrusion Detection
Metasploit
A Simple Laboratory Environment for Real-World Offensive Security Education 15 / 23
Motivation Environment Labs Future Work Summary
Network Attacks Lab
• Zombie scan with nmap
• ARP Poisoning
• DNS resolving and caching
• DNS Poisoning
• Example: poisonMetasploitable’s DNS andreplace one website with another
A Simple Laboratory Environment for Real-World Offensive Security Education 16 / 23
Motivation Environment Labs Future Work Summary
Sample Lab Page
A Simple Laboratory Environment for Real-World Offensive Security Education 17 / 23
Motivation Environment Labs Future Work Summary
Sample Solution Page
A Simple Laboratory Environment for Real-World Offensive Security Education 18 / 23
Motivation Environment Labs Future Work Summary
Production Workflow (PDF)
HTML Source
Common Stylesheet
Lab Stylesheet
Solution Stylesheet
Print Stylesheet
Print JavaScript
Prince Prince
Lab PDFSolution
A Simple Laboratory Environment for Real-World Offensive Security Education 19 / 23
Motivation Environment Labs Future Work Summary
Production Workflow (HTML)
HTML Source
Common Stylesheet
Lab Stylesheet
Solution Stylesheet
HTMLProc.
Lab HTMLSolution
HTML
ProcessingRules
A Simple Laboratory Environment for Real-World Offensive Security Education 20 / 23
Motivation Environment Labs Future Work Summary
Directons for Future Work
• Updates to Metasploitable
• Easier modifications to Metasploitable
• Adding other OS images and platforms
• Adding network device simulation(routers, peripherals)
• Automated grading
A Simple Laboratory Environment for Real-World Offensive Security Education 21 / 23
Motivation Environment Labs Future Work Summary
Summary
• A virtual-machine based environment for teaching practicalcybersecurity
• A set of structured labs based on the environment
• Directions for future work
A Simple Laboratory Environment for Real-World Offensive Security Education 22 / 23
Motivation Environment Labs Future Work Summary
Summary
• A virtual-machine based environment for teaching practicalcybersecurity
• A set of structured labs based on the environment
• Directions for future work
A Simple Laboratory Environment for Real-World Offensive Security Education 22 / 23
Motivation Environment Labs Future Work Summary
Summary
• A virtual-machine based environment for teaching practicalcybersecurity
• A set of structured labs based on the environment
• Directions for future work
A Simple Laboratory Environment for Real-World Offensive Security Education 22 / 23
Motivation Environment Labs Future Work Summary
Thank you for your attention!
The sources for this talk and several of the labs can be found in ourGitHub repository:
https://github.com/maxvt/cyberlabs
Contact the authors at:
• [email protected], @maxvt
• http://nislab.bu.edu/
A Simple Laboratory Environment for Real-World Offensive Security Education 23 / 23