Computer Security Workshops - PowerPoint PPT Presentation

1 / 14
About This Presentation
Title:

Computer Security Workshops

Description:

Get a hands-on introduction to practical computer security ... E.g. to unlock your system after screen saver kicks in. Environment (3) Exercises ... – PowerPoint PPT presentation

Number of Views:41
Avg rating:3.0/5.0
Slides: 15
Provided by: clicsC
Category:

less

Transcript and Presenter's Notes

Title: Computer Security Workshops


1
Computer Security Workshops
  • Introduction Workshop 2
  • Paul Wagner, Tom Paine, Jason Wudi, Jamison
    Schmidt
  • (Daren Bauer at home)
  • University of Wisconsin Eau Claire

2
Goals for Attendees
  • Get a hands-on introduction to practical computer
    security
  • Gain familiarity with some of the common security
    tools under Linux and/or Windows
  • Understand computer security issues in the
    context of a networked environment
  • Gain resources for teaching computer security
  • See the prototype of a portable networked
    workshop system

3
Focus
  • Computer Security
  • Not network security
  • Technological Perspective
  • Little on social engineering, physical security,
    web security, application security, though some
    aspects will arise
  • For Educators New To Teaching Computer Security
  • Not low-level details
  • Get you started, you can dig more

4
Optimal Assumptions
  • Know how to use Windows
  • Run an application
  • Know how to use Linux
  • Run an application
  • Command line in terminal window
  • Know basic security concepts
  • Know basic networking concepts

5
Environment
  • Isolated wireless network
  • Student machines
  • Two virtual client operating system images per
    laptop running under virtualization software
    (VMWare Player)
  • one client system is Linux (Ubuntu 8.10)
  • one client system is Windows (Windows 2003
    Server)
  • Other non-student machines are on network, either
    Linux or Windows
  • Simulating a web/business environment

6
Environment (2)
  • Windows and Linux images on each laptop
  • Running virtually (under VMWare Player)
  • Can move cursor between VMWare client windows or
    to host environment that is booted on our or your
    machines
  • Some machines booting off portable passport
    hard disk drive into host environment (Ubuntu
    8.04 Linux)
  • Access each system by choosing appropriate window
  • Administrative Passwords
  • Ubuntu user/user
  • W2K3 Administrator/ltnonegt
  • Ubuntu Getting a command line in a terminal
    window
  • Click on grey Terminal icon near System menu at
    top
  • Ctrl-Alt-Insert acts as Ctrl-Alt-Del in the
    virtual windows environment
  • E.g. to unlock your system after screen saver
    kicks in

7
Environment (3)
  • Exercises
  • On Ubuntu system, terminal command prompt is
  • Exercise commands are shown with prompt e.g.
  • sudo nessus-mkcert
  • Note that is not typed as part of command
  • sudo do (some task) as super-user (root)
  • Normally asks for password of account being used
  • This allows system work to have audit trail of
    who did what (not possible if everyone uses root
    account

8
Advantages of Virtualization
  • Can provide multiple operating systems
    environments without rebooting
  • Provides a safe environment for experimentation
    at the administrator level
  • Trash the system? Just restore it
  • Can isolate virtual systems (and virtual network)
    from physical systems and internet
  • These are all significant for teaching computer
    security!

9
General Approach How To Deal With Problems?
  • Prevention
  • Gather information about problem
  • Remove cause, or
  • If cant remove cause, preclude it from affecting
    you
  • Detection
  • If cant prevent, at least know when it happens
  • Recovery
  • Respond to it, repairing the damage
  • Use the information gained to attempt to prevent
    it from happening again

10
Parallel Breaking/Making Computer Security
  • Breaking
  • Gather information about target(s)
  • Assess vulnerability of target(s)
  • Attempt exploit of target(s)
  • Making
  • Limit exposure of information
  • Need to know what information youre making
    available
  • Harden systems to prevent intrusions where
    possible
  • Need to assess vulnerability first
  • Detect and repair any successful intrusions
  • Need to be able to identify intrusions, then
    respond

11
Workshop 1 Schedule
  • Introduction
  • Module 1 Footprinting / Gathering Information /
    Packet Sniffing
  • Module 2 Port Scanning
  • Module 3 Vulnerability Analysis
  • Module 4 Password Cracking
  • Summary and Evaluation

12
Workshop 2 Schedule
  • Introduction
  • Module 5 System Hardening
  • Module 6 Intrusion Detection
  • Module 7 System Auditing
  • Summary and Evaluation
  • MOBILE the portable networked workshop
    environment

13
Acknowledgements
  • This workshop is part of the MOBILE (a MOBile
    Instruction and Laboratory Environment) project
    at the University of Wisconsin Eau Claire
  • http//www.cs.uwec.edu/mobile
  • Primarily supported through NSF DUE CCLI Phase 2
    Grant 0817295

14
Other Systems on Network
  • Recall the four bait machines on network
  • energy.uwec.mobile 172.20.1.239
  • grot.uwec.mobile 172.20.1.10
  • before.uwec.mobile 172.20.1.13
  • ileus.uwec.mobile 172.20.1.201
  • Identify your own Ubuntu and Windows machines by
    IP number and name
Write a Comment
User Comments (0)
About PowerShow.com