Computer Security Workshops - PowerPoint PPT Presentation

1 / 13
About This Presentation
Title:

Computer Security Workshops

Description:

Get a hands-on introduction to practical computer security ... E.g. to unlock your system after screen saver kicks in. Environment (3) Exercises ... – PowerPoint PPT presentation

Number of Views:65
Avg rating:3.0/5.0
Slides: 14
Provided by: clicsC
Category:

less

Transcript and Presenter's Notes

Title: Computer Security Workshops


1
Computer Security Workshops
  • Introduction Workshop 1
  • Paul Wagner, Tom Paine, Jason Wudi, Jamison
    Schmidt
  • (Daren Bauer at home)
  • University of Wisconsin Eau Claire

2
Goals for Attendees
  • Get a hands-on introduction to practical computer
    security
  • Gain familiarity with some of the common security
    tools under Linux and/or Windows
  • Understand computer security issues in the
    context of a networked environment
  • Gain resources for teaching computer security
  • See the prototype of a portable networked
    workshop system

3
Focus
  • Computer Security
  • Not network security
  • Technological Perspective
  • Little on social engineering, physical security,
    web security, application security, though some
    aspects will arise
  • For Educators New To Teaching Computer Security
  • Not low-level details
  • Get you started, you can dig more

4
Optimal Assumptions
  • Know how to use Windows
  • Run an application
  • Know how to use Linux
  • Run an application
  • Command line in terminal window
  • Some familiarity with basic security concepts
  • Some familiarity with basic networking concepts

5
Environment
  • Isolated wireless network
  • Student machines
  • Two virtual operating system images per laptop
    running on virtualization software (VMWare
    Player)
  • one system is Linux (Ubuntu 8.10)
  • one system is Windows (Windows 2003 Server)
  • Go to Virtual Machines folder on desktop
  • Double click on Ubuntu810
  • Double click on Ubuntu.vmx file to start the
    virtual system
  • Same two selection steps for Windows 2003 Server,
    .vmx file
  • Administrative Passwords (for login)
  • Ubuntu user/user
  • W2K3 Administrator/ltnonegt

6
Environment (2)
  • Windows and Linux images on each laptop
  • Running virtually (under VMWare Player)
  • Can move cursor between VMWare windows or to host
    environment that is booted on our or your
    machines
  • Some machines booting off portable passport
    hard disk drive into host environment (Ubuntu
    8.04 Linux)
  • Access each system by choosing appropriate window
  • Ubuntu Getting a command line in a terminal
    window
  • Click on grey Terminal icon near System menu at
    top
  • Ctrl-Alt-Insert can act as Ctrl-Alt-Del in the
    virtual Windows environment
  • E.g. to unlock your system after screen saver
    kicks in

7
Environment (3)
  • Exercises
  • On Ubuntu Linux system, terminal command prompt
    is
  • Exercise commands are shown with prompt e.g.
  • sudo nessus-mkcert
  • Note that is not typed as part of command
  • sudo do (some task) as super-user (root)
  • Normally asks for password of account being used
  • This allows system work to have audit trail of
    who did what (not possible if everyone uses root
    account
  • Other non-student machines are on network, either
    Linux or Windows
  • Simulating a web/business environment

8
Advantages of Virtualization
  • Can provide multiple operating systems
    environments without rebooting
  • Provides a safe environment for experimentation
    at the administrator level
  • Trash the system? Just restore it
  • Can isolate virtual systems (and virtual network)
    from physical systems and internet
  • These are all significant for teaching computer
    security!

9
General Approach How To Deal With Problems?
  • Prevention
  • Gather information about problem
  • Remove cause, or
  • If cant remove cause, preclude it from affecting
    you
  • Detection
  • If cant prevent, at least know when it happens
  • Recovery
  • Respond to it, repairing the damage
  • Use the information gained to attempt to prevent
    it from happening again

10
Parallel Breaking/Making Computer Security
  • Breaking
  • Gather information about target(s)
  • Assess vulnerability of target(s)
  • Attempt exploit of target(s)
  • Making
  • Limit exposure of information
  • Need to know what information youre making
    available
  • Harden systems to prevent intrusions where
    possible
  • Need to assess vulnerability first
  • Detect and repair any successful intrusions
  • Need to be able to identify intrusions, then
    respond

11
Workshop 1 Schedule
  • Introduction
  • Module 1 Footprinting / Gathering Information /
    Packet Sniffing
  • Module 2 Port Scanning
  • Module 3 Vulnerability Analysis
  • Module 4 Password Cracking
  • Summary and Evaluation

12
Workshop 2 Schedule
  • Introduction
  • Module 5 System Hardening
  • Module 6 Intrusion Detection
  • Module 7 System Auditing
  • Summary and Evaluation
  • MOBILE the portable networked workshop
    environment

13
Acknowledgements
  • This workshop is part of the MOBILE (a MOBile
    Instruction and Laboratory Environment) project
    at the University of Wisconsin Eau Claire
  • http//www.cs.uwec.edu/mobile
  • Primarily supported through NSF DUE CCLI Phase 2
    Grant 0817295
Write a Comment
User Comments (0)
About PowerShow.com