Learning About VLabNet – An Introduction

 

• INFS6230 Entry Point Networking
• INFS6760 Entry Point Information Security
• VLabNet Learning Environment Architecture
• VLabNet Protocol Stack Models:
1. Internet 5-layer hybrid protocol stack
2. Comparison of 5-layer model with ISO TCP/IP 7-layer reference model
• VLabNet Processes
• VLabNet Port List
• VLabNet Tools
• VLabNet Page on Spanning Trees
• VLabNet Addressing
• VLabNet Firewall Configuration
• VLabNet Command Summary (INFS6230 and INFS6760)
• INFS6230 Exercises using VLabNet; focus areas: routing and encapsulation
1. Initial Exploration
2. Protocol stack and encapsulation concepts; addresses and ports
3. Addresses, masks, MTUs, MSSs, fragments
4. Routing concepts and routing protocol summary
5. Static Routing
6. RIP
7. OSPF
8. Cisco 2610 Router
9. Generic Routing Encapsulation (tunnels)
10. Autonomous Systems (AS) and BGP
• INFS6760 Exercises using VLabNet; focus areas: intrusion detection, penetration testing, and firewall configuration
1. Initial Exploration
2. Logging concepts and implementation
1. Testing and using syslog
2. Modifying syslog configuration file
3. Setting up central audit
3. Intrusion detection concepts and implementation
1. Starting and configuring Snort
2. Adding local rules
3. Documenting and classifying exploits
4. Penetration testing: OS fingerprinting using nmap
5. Packet filtering: firewall configuration using iptables
1. Policies, chains, and rules
• Resources and Links
1. Routing, Encapsulation, Networks (INFS6230)
2. Information Security, Intrusion Detection, Penetration Testing (INFS6760)

 

Papers about VLabNet:

 

• Harvey, Johnson, and Turchek (2007). “Virtual Laboratory Intrusion Detection Experience for Information Systems Professionals,” Information Systems Education Journal, 5 (5). http://isedj.org/5/5/. ISSN: 1545-679X. (Online at http://isedj.org/5/5/; also appears in The Proceedings of ISECON 2006: §3722. ISSN: 1542-7382.)
• Powell, Johnson, Turchek, Davis, Wu, Parker (2007), “VLabNet: The Integrated Design of Hands-on Learning in Information Security and Networks.” Proceedings of the 2007 Conference for Information Security Curriculum Development, Kennesaw State University (September 2007.) Listing at http://text.usg.edu:8080/tt/infosec.kennesaw.edu/InfoSecCD/Program.shtml
• Powell, V J H, J C Turchek, P Y Wu, L C Franzi, R S Johnson, I W Parker, and C T Davis.  VLabNet: A Virtual Laboratory Environment for Teaching Networking and Data Communications.  In The Proceedings of ISECON 2007, v 24 (Pittsburgh): §2335. ISSN: 1542-7382. http://isedj.org/isecon/2007/2335/ISECON.2007.Powell.pdf

Acknowledgements:

This project is the result of collaboration between RMU IT Technical Services and RMU C&IS.

Technology: Debian Xen, Quagga, Hewlett Packard

This RMU INFS6760 and INFS6230 project uses Debian Xen. Xen is a Virtual Machine Monitor (VMM) originally developed by the Systems Research Group of the University of Cambridge Computer Laboratory, as part of the UK-EPSRC funded XenoServers project. See http://alioth.debian.org/projects/pkg-xen/ and http://packages.debian.org/unstable/utils/xen-tools

We use the Quagga Routing Suite for INFS6230

We use iptables in INFS6760 for packet filtering.

We use Snort, syslog-ng, nmap, logger, ftester in INFS6760 for intrusion detection and penetration testing.

Server: HP ML370G3 with a single 2.8 GHz CPU, two 36 GB SCSI disks in a hardware-based RAID-1 mirror, and 1 GB RAM.

Notes:

Change History

x.y.z. = first three octets of assigned routable network addresses for INFS6760/INFS6230;

n = student domain number {nÎN | ((n ≥ 101) Ù (n ≤ 120))}

Valerie J. H. Powell and Larry Franzi, RMU C&IS;

Randall S. Johnson and Ian W. Parker, RMU IT Technical Services.

© 2007 by Robert Morris University

Update: 2008-03-22