Home page logo
/

basics logo Security Basics mailing list archives

Re: Few interesting topics in Network Security please.
From: Wes Deviers <wdevie () hrcsb org>
Date: Mon, 28 Apr 2008 12:00:26 -0400

On Sat 26 Apr  2008 9:04:43 pm KishoreKumar Bairi wrote:
Hi all,

I am a student. Who is doing project under a professor. In our
university from next year a new course on NETWORKING is going to be
started. My task is to design "lab experiments" for that course.

Can you please suggest few experimental ideas, that will help a newbie
in Networking field.

Note: "Network Security" is also included.


Regards,
KishoreKumar.

I don't want to be "that guy", but some of the suggestions on here are a 
little...difficult for the average undergraduate course.  Having recently (in 
the past 5 years) graduated from a CS program, I think trying to get 
undergrads in a course called "Networking" to do meaningful packet analysis 
with Wireshark is wishful thinking at best.

Here's a setup I think might actually teach some useful skills and not just 
convince students that networking is voodoo.  You should be specifically 
target routing and IP addressing since that seems to be really hard for 
folks.  

* Set up a classroom with 4-5 groups of computers.  Create 4-5 teams of 
students and give them each a group of computers, a L3 managed switch that's 
unconfigured, a few crossover cables, and some OS install disks.  You should 
probably do some variant of Windows Server on a couple and a Q&D Linux 
install on a couple.


Exercise 1) Install all the operatint systems and connect all the computers 
together via the switch.  Use static assignments; this should corrospond well 
to your lecture on IP addressing and netmasks.  Make sure they can all 
communicate.  Have the students run one service on each.  Say, IIS with FTP, 
and a telnet server on Linux.  Make sure each service is accessable by all 
the other machines.  Introduce a packet sniffer, briefly, as a lecture 
exercise.  Have one of the students log into their Linux machine root account 
via FTP then give everybody their password as a proof of concept.  ---Make 
sure they pick a unique password so they don't use the same one as 
Gmail/etc/---

Ex 2) Address the problem from 1 by installing an ssh server & ftp/ssl server.  
Demonstrate the difference.  Set up a DHCP server, make sure it works on all 
the machines.  Basic DNS also; more advanced comes later.

Ex 3) Get them logged into the L3 switch and play around with blocking 
protocols and ports.  Fits in well with your lecture on the OSI model (this 
is probably week 3)

Ex 4) Pick two of the machines, one Windows and one Linux, to designate as 
routers.  Have them install a 2nd NIC in each.  For many students, this will 
be the first time they ever have a case off their computer.  Connect the two 
machines via a crossover cable and assign them a new subnet.  This will be 
their routing backbone.  Make sure the assignments are unique.

...

Ex 15) By this point, you should have the entire lab functioning as a fully 
dynamic, redundant, routed network using Quagga/Zebra and BGP.  Services 
should be available via DNS with firewalls set up to block specified teams.  
You should have had at least part of a lecture about Patch Tuesday; there 
should have been at least one lecture about firewalls and IDS, about why 
touching networks is dangerous, etc.  You should also have covered at least 
the basics of packet sniffing and how headers control functionality and are 
useful for debugging.  And, because nobody else will cover it, "programming 
with security in mind" will probably fall to this class as well.  Hopefully 
your school still teaches a class or two that uses a language with no garbage 
collector/memory manager so the students will at least "get it".

If you could send out graduates that know -anything- about routing (especially 
dynamic), CIDR, OSI/Internet layered models, packet layout, or layered 
security, you would be doing the world a big favor. 

Wes


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]