1 / 14

Computer Security Workshops

Computer Security Workshops. Introduction – Workshop 2 Paul Wagner, Tom Paine, Jason Wudi, Jamison Schmidt (Daren Bauer at home) University of Wisconsin – Eau Claire. Goals for Attendees. Get a hands-on introduction to practical computer security

lora
Télécharger la présentation

Computer Security Workshops

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Computer Security Workshops Introduction – Workshop 2 Paul Wagner, Tom Paine, Jason Wudi, Jamison Schmidt (Daren Bauer at home) University of Wisconsin – Eau Claire

  2. Goals for Attendees • Get a hands-on introduction to practical computer security • Gain familiarity with some of the common security tools under Linux and/or Windows • Understand computer security issues in the context of a networked environment • Gain resources for teaching computer security • See the prototype of a portable networked workshop system

  3. Focus • Computer Security • Not network security • Technological Perspective • Little on social engineering, physical security, web security, application security, though some aspects will arise • For Educators New To Teaching Computer Security • Not low-level details • Get you started, you can dig more

  4. Optimal Assumptions • Know how to use Windows • Run an application • Know how to use Linux • Run an application • Command line in terminal window • Know basic security concepts • Know basic networking concepts

  5. Environment Isolated wireless network Student machines Two virtual client operating system images per laptop running under virtualization software (VMWare Player) one “client” system is Linux (Ubuntu 8.10) one “client” system is Windows (Windows 2003 Server) Other non-student machines are on network, either Linux or Windows Simulating a web/business environment

  6. Environment (2) Windows and Linux images on each laptop Running “virtually” (under VMWare Player) Can move cursor between VMWare client windows or to host environment that is booted on our or your machines Some machines: booting off portable “passport” hard disk drive into host environment (Ubuntu 8.04 – Linux) Access each system by choosing appropriate window Administrative Passwords Ubuntu: user/user W2K3: Administrator/<none> Ubuntu – Getting a command line in a terminal window Click on grey Terminal icon near System menu at top Ctrl-Alt-Insert acts as Ctrl-Alt-Del in the virtual windows environment E.g. to unlock your system after screen saver kicks in

  7. Environment (3) • Exercises • On Ubuntu system, terminal command prompt is ‘$’ • Exercise commands are shown with prompt; e.g. • $ sudo nessus-mkcert • Note that ‘$’ is not typed as part of command • sudo = do (some task) as super-user (root) • Normally asks for password of account being used • This allows system work to have audit trail of who did what (not possible if everyone uses root account

  8. Advantages of Virtualization • Can provide multiple operating systems environments without rebooting • Provides a safe environment for experimentation at the administrator level • Trash the system? Just restore it… • Can isolate virtual systems (and virtual network) from physical systems and internet • These are all significant for teaching computer security!

  9. General Approach: How To Deal With Problems? • Prevention • Gather information about problem • Remove cause, or… • If can’t remove cause, preclude it from affecting you • Detection • If can’t prevent, at least know when it happens • Recovery • Respond to it, repairing the damage • Use the information gained to attempt to prevent it from happening again

  10. Parallel: Breaking/Making Computer Security • Breaking • Gather information about target(s) • Assess vulnerability of target(s) • Attempt exploit of target(s) • Making • Limit exposure of information • Need to know what information you’re making available • Harden systems to prevent intrusions where possible • Need to assess vulnerability first • Detect and repair any successful intrusions • Need to be able to identify intrusions, then respond

  11. Workshop 1 Schedule • Introduction • Module 1 – Footprinting / Gathering Information / Packet Sniffing • Module 2 – Port Scanning • Module 3 – Vulnerability Analysis • Module 4 – Password Cracking • Summary and Evaluation

  12. Workshop 2 Schedule • Introduction • Module 5 – System Hardening • Module 6 – Intrusion Detection • Module 7 – System Auditing • Summary and Evaluation • MOBILE – the portable networked workshop environment

  13. Acknowledgements • This workshop is part of the MOBILE (a MOBile Instruction and Laboratory Environment) project at the University of Wisconsin – Eau Claire • http://www.cs.uwec.edu/mobile • Primarily supported through NSF DUE CCLI Phase 2 Grant #0817295

  14. Other Systems on Network • Recall the four bait machines on network: energy.uwec.mobile 172.20.1.239 grot.uwec.mobile 172.20.1.10 before.uwec.mobile 172.20.1.13 ileus.uwec.mobile 172.20.1.201 • Identify your own Ubuntu and Windows machines by IP number and name

More Related