1

CS530L CS530L –– lab component of lab component of

Security Systems courseSecurity Systems course

August 28, 2020

CorrelationCorrelation

lab component << >> main courselab component << >> main course

� loosely coupled

� contributes to course grade

– directly: via grading of individual labs

– indirectly: subject matter may appear in exams

� cumulative lab results are reported to Professor Neuman who considers them in determining course grade

2

Lab sessions per weekLab sessions per week

� a 50-minute lab lecture

– Friday 4:30 pm, via Webex

– addresses the theory that the exercise demonstrates

– explains the exercise procedurally

� a lab exercise

– performed hands on

– conducted on a VirtualBox virtual machine (VM)

– each exercise on a particular VM

– per specific instructions

Lab exercise weekly topicsLab exercise weekly topics

� Cryptography/key mgmt

� Authentication

� Authorization

� Application security

� Packet sniffing

� Firewalls

� Intrusion detection

� ARP spoofing

� Tunnels & VPNs

� Filesystem labeling

subject to adjustment – some changes might be made

3

Lab websiteLab website

http://www-scf.usc.edu/~csci530l/

or equivalently

http://ccss.usc.edu/530l

gotcha!

letter “ell”

not

number “wunn”

� announcements

� lab exercise instructions

Lab exercise mechanicsLab exercise mechanics

� before lecture: preview website’s posted instructions for the upcoming topic

� attend lecture on that week's topic(synchronously/live or asynchronously/recorded)

� perform lab on that topic during ensuing week

� after: electronically turn in requested result

– email it to csci530l@usc.edu

– use prescribed email title keywords for each lab(the specific keywords are posted on website)

– deadline: start of following week’s lab lecture, 4:30 Fridays

4

11/1311/6filesystem labeling

11/610/30tunnels and vpns

10/3010/23arp spoofing

10/2310/16intrusion detection

10/1610/9firewalls

10/910/2packet sniffing

10/29/25application security

9/259/18authorization

9/189/11authentication

9/119/4cryptography

8/28introduction

Due dateLecture dateLecture topic

Lab scheduleLab schedule

subject to adjustment – probable week off around 10/9 midterm time

Lab gradingLab grading

� there are 10 lab exercises

� each is followed by a few questions

� every question must be answered

� each lab graded fail/lo-pass/pass/hi-pass0 1 2 3

� 8 highest grades averaged (i.e., lowest discarded)

� average will influence course grade– average > 2 raises/enhances

– average < 2 lowers/damages

– average = 2 no effect

5

PoliciesPolicies

� no late submissions

� follow course online homes

– lab website at

http://www-scf.usc.edu/~csci530l/

– professor's main site for the course

http://csclass.info/USC/CSCI530/F20/

Lab platformLab platform

� VirtualBox

– how do I get VirtualBox?

� several VMs will be distributed

– what VMs are there?

– how do I get the VMs?

– how do I import the VMs into VirtualBox?

6

How do I get How do I get VirtualBoxVirtualBox??

What What VMsVMs are there?are there?

� there will be 3 or 4 of them

� in the form of .ova files

– ova files are large

– I will split them into smaller fragments for download

– you will recombine the fragments post-download

� the first one is now posted (succeeding slides)

– the others will follow when needed

see lab website's "detailed instructions" link

7

CentOS 4.3 min-gdbstack overflow

(tba/tbd)heartbleed

fedora30-fall20C sign extension

(tba/tbd)filesystem labeling

fedora30-fall20tunnels and vpns

fedora30-fall20arp spoofing

CentOS 4.3 min-gdbintrusion detection

fedora30-fall20firewalls

fedora30-fall20packet sniffing

application security

fedora30-fall20authorization

(tba/tbd)authentication

fedora30-fall20cryptography

Lecture dateLecture topic

Which labs use which Which labs use which VMsVMs??

tba/tbd = to be annouced

to be delivered

How do I get the How do I get the VMsVMs??

visit this URL and log in with your USC credentials

students please confirm shared drives' accessibility

8

How do I import the How do I import the VMsVMs into into VirtualBoxVirtualBox??

Some configuration scriptsSome configuration scripts

� VirtualBox includes "vboxmanage" command

– a command line equivalent for GUI features

� I wrote short scripts that use vboxmanage to automate VM setup work for you

– to create them

– to make settings (virtual cabling, IPs, hostnames)

– to power them on and off

– to destroy them

� because your time is for using, not configuring

9

Getting the scriptsGetting the scripts

initially (8/28/20) these contain scripts only for the first lab, about cryptography

(others will be added/included before future labs)

Using the scriptsUsing the scripts

� there are 10 labs

� a set of scripts for each, in its own directory– for Windows ".bat" batch language scripts

– for linux/Apple ".sh" bash shell language script

– functionally equivalent

� 4 to 6 scripts in each set

4 scripts

6 scripts

10

Script execution orderScript execution order

� using them in order is important

at first, to start:

vmconfigure-populate.bat (or .sh for bash, on linux or Apple)

vmconfigure-construct-network.bat (if present)

vmconfigure-guestOS-internal-settings.bat (if present) OR vmconfigure-poweron.bat

to end:

vmconfigure-poweroff.bat

vmconfigure-destroy.bat

Script functionsScript functions

vmconfigure-populate.batcreates VMs by cloning the base VM

vmconfigure-construct-network.batcables interfaces to network(s) common to other VMs

vmconfigure-guestOS-internal-settings.batpowers machines on

runs commands in their OS (linux) to establish hostnames, addresses, routes

vmconfigure-poweron.batpowers machines on (only)

vmconfigure-poweroff.batpowers machines off (cleanly)

vmconfigure-destroy.batdeletes all trace of machines (must first be in poweroff state)

11

Demo Demo -- instantiating this netinstantiating this net

Run:

1. vmconfigure-populate.sh

2. vmconfigure-construct-network.sh

3. vmconfigure-guestOS-internal-settings.sh

4. vmconfigure-poweroff.sh

5. vmconfigure-destroy.sh

Demo Demo -- resultant screenshotresultant screenshot

12

TodayToday’’s takes take--away for your toaway for your to--do listdo list

� download/install VirtualBox

� download/import one appliance (VM)

– "fedora30-fall20"

� download scripts for your platform

� preview the instructions for next week's "cryptography" lab topic

http://www-scf.usc.edu/~csci530l/lab-publickey.htm

Email contactsEmail contacts

� csci530l@usc.edu

lab grader(s), me, course TA, prof collectively

� davidmor@usc.edu

me individually

13

Thank youThank you

� for sharing an interest in the subject matter

� for adjusting to new, remote classwork

� for your kind attention today