Upload
others
View
2
Download
1
Embed Size (px)
Citation preview
1
CS530L CS530L –– lab component of lab component of
Security Systems courseSecurity Systems course
August 28, 2020
CorrelationCorrelation
lab component << >> main courselab component << >> main course
� loosely coupled
� contributes to course grade
– directly: via grading of individual labs
– indirectly: subject matter may appear in exams
� cumulative lab results are reported to Professor Neuman who considers them in determining course grade
2
Lab sessions per weekLab sessions per week
� a 50-minute lab lecture
– Friday 4:30 pm, via Webex
– addresses the theory that the exercise demonstrates
– explains the exercise procedurally
� a lab exercise
– performed hands on
– conducted on a VirtualBox virtual machine (VM)
– each exercise on a particular VM
– per specific instructions
Lab exercise weekly topicsLab exercise weekly topics
� Cryptography/key mgmt
� Authentication
� Authorization
� Application security
� Packet sniffing
� Firewalls
� Intrusion detection
� ARP spoofing
� Tunnels & VPNs
� Filesystem labeling
subject to adjustment – some changes might be made
3
Lab websiteLab website
http://www-scf.usc.edu/~csci530l/
or equivalently
http://ccss.usc.edu/530l
gotcha!
letter “ell”
not
number “wunn”
� announcements
� lab exercise instructions
Lab exercise mechanicsLab exercise mechanics
� before lecture: preview website’s posted instructions for the upcoming topic
� attend lecture on that week's topic(synchronously/live or asynchronously/recorded)
� perform lab on that topic during ensuing week
� after: electronically turn in requested result
– email it to [email protected]
– use prescribed email title keywords for each lab(the specific keywords are posted on website)
– deadline: start of following week’s lab lecture, 4:30 Fridays
4
11/1311/6filesystem labeling
11/610/30tunnels and vpns
10/3010/23arp spoofing
10/2310/16intrusion detection
10/1610/9firewalls
10/910/2packet sniffing
10/29/25application security
9/259/18authorization
9/189/11authentication
9/119/4cryptography
8/28introduction
Due dateLecture dateLecture topic
Lab scheduleLab schedule
subject to adjustment – probable week off around 10/9 midterm time
Lab gradingLab grading
� there are 10 lab exercises
� each is followed by a few questions
� every question must be answered
� each lab graded fail/lo-pass/pass/hi-pass0 1 2 3
� 8 highest grades averaged (i.e., lowest discarded)
� average will influence course grade– average > 2 raises/enhances
– average < 2 lowers/damages
– average = 2 no effect
5
PoliciesPolicies
� no late submissions
� follow course online homes
– lab website at
http://www-scf.usc.edu/~csci530l/
– professor's main site for the course
http://csclass.info/USC/CSCI530/F20/
Lab platformLab platform
� VirtualBox
– how do I get VirtualBox?
� several VMs will be distributed
– what VMs are there?
– how do I get the VMs?
– how do I import the VMs into VirtualBox?
6
How do I get How do I get VirtualBoxVirtualBox??
What What VMsVMs are there?are there?
� there will be 3 or 4 of them
� in the form of .ova files
– ova files are large
– I will split them into smaller fragments for download
– you will recombine the fragments post-download
� the first one is now posted (succeeding slides)
– the others will follow when needed
see lab website's "detailed instructions" link
7
CentOS 4.3 min-gdbstack overflow
(tba/tbd)heartbleed
fedora30-fall20C sign extension
(tba/tbd)filesystem labeling
fedora30-fall20tunnels and vpns
fedora30-fall20arp spoofing
CentOS 4.3 min-gdbintrusion detection
fedora30-fall20firewalls
fedora30-fall20packet sniffing
application security
fedora30-fall20authorization
(tba/tbd)authentication
fedora30-fall20cryptography
Lecture dateLecture topic
Which labs use which Which labs use which VMsVMs??
tba/tbd = to be annouced
to be delivered
How do I get the How do I get the VMsVMs??
visit this URL and log in with your USC credentials
students please confirm shared drives' accessibility
8
How do I import the How do I import the VMsVMs into into VirtualBoxVirtualBox??
Some configuration scriptsSome configuration scripts
� VirtualBox includes "vboxmanage" command
– a command line equivalent for GUI features
� I wrote short scripts that use vboxmanage to automate VM setup work for you
– to create them
– to make settings (virtual cabling, IPs, hostnames)
– to power them on and off
– to destroy them
� because your time is for using, not configuring
9
Getting the scriptsGetting the scripts
initially (8/28/20) these contain scripts only for the first lab, about cryptography
(others will be added/included before future labs)
Using the scriptsUsing the scripts
� there are 10 labs
� a set of scripts for each, in its own directory– for Windows ".bat" batch language scripts
– for linux/Apple ".sh" bash shell language script
– functionally equivalent
� 4 to 6 scripts in each set
4 scripts
6 scripts
10
Script execution orderScript execution order
� using them in order is important
at first, to start:
vmconfigure-populate.bat (or .sh for bash, on linux or Apple)
vmconfigure-construct-network.bat (if present)
vmconfigure-guestOS-internal-settings.bat (if present) OR vmconfigure-poweron.bat
to end:
vmconfigure-poweroff.bat
vmconfigure-destroy.bat
Script functionsScript functions
vmconfigure-populate.batcreates VMs by cloning the base VM
vmconfigure-construct-network.batcables interfaces to network(s) common to other VMs
vmconfigure-guestOS-internal-settings.batpowers machines on
runs commands in their OS (linux) to establish hostnames, addresses, routes
vmconfigure-poweron.batpowers machines on (only)
vmconfigure-poweroff.batpowers machines off (cleanly)
vmconfigure-destroy.batdeletes all trace of machines (must first be in poweroff state)
11
Demo Demo -- instantiating this netinstantiating this net
Run:
1. vmconfigure-populate.sh
2. vmconfigure-construct-network.sh
3. vmconfigure-guestOS-internal-settings.sh
4. vmconfigure-poweroff.sh
5. vmconfigure-destroy.sh
Demo Demo -- resultant screenshotresultant screenshot
12
TodayToday’’s takes take--away for your toaway for your to--do listdo list
� download/install VirtualBox
� download/import one appliance (VM)
– "fedora30-fall20"
� download scripts for your platform
� preview the instructions for next week's "cryptography" lab topic
http://www-scf.usc.edu/~csci530l/lab-publickey.htm
Email contactsEmail contacts
lab grader(s), me, course TA, prof collectively
me individually
13
Thank youThank you
� for sharing an interest in the subject matter
� for adjusting to new, remote classwork
� for your kind attention today