Hands-on Cybersecurity Exercises and the RAVE Virtual Environment Richard Weiss, The Evergreen State College Vincent Nestler, California State University at San Bernadino Michael Locasto, The University of Calgary Jens Mache, Lewis & Clark College Brian Hay, The University of Alaska, Fairbanks This workshop is intended for anyone who would like to use hands-on exercises in cybersecurity for a variety of classes including Networking, OS, Computer Security and Software Engineering. It has received increased attention nationally in the proposed ACM/IEEE CS2013 Curricula Guidelines. The goal of this workshop is to provide faculty with varied backgrounds (including none) in this area with some tools and interactive exercises to facilitate incorporating this knowledge area into their curriculum. We believe that it is important that students develop analytical skills, thus we include an introduction to EDURange1 and the Hacker Curriculum principles: (1) understanding failure modes and (2) seeing across or through layers of abstraction according to a particular scenario. We will guide attendees through exercises tailored to their level and interests. The exercises will include port scanning and setting up a firewall. These can be done at a range of levels from beginner to advanced. We will include an introduction to tools for packet inspection, which is an important part of analysis. Attendees will receive accountsontheRAVE2with exercises that they can take back and use immediately with their classes. RAVE provides a number of VMs pre-configured for the exercises. RAVE is also a general purpose technology for other hands-on exercises. Laptop required.
Author: Amy G.
The highlights of this first EDURange hackathon from Michael Locasto were:
- Students paired with faculty on two-person teams to play our recon game. This scenario is inspired by a couple of PacketWars scenarios, and even though it is a very simple scenario, it was fun for faculty to play side-by-side with students and help walk them through some of the possible approaches to this task. This scenario has also served as our “proof-of-concept” to help drive the design and construction of the actual framework and technology behind the larger EDURange
- We created an event recognition language in our scenario description format that helps specify both learning goals as well as providing a hook for scoring and assessment
- We all worked together, brainstorming a few new scenarios and whiteboarding out the elements of the scenario or exercise to a level of detail where we felt we had something quite new and exciting
- The students suggested the need for a couple of canned “howto” video introductions to some scenarios so that students without much of a background in systems or networks can find a toehold to begin the first reconnaissance exercise.
The coolest, most radical, and enticing idea to come out of this weekend, however, was from some casual talk and brainstorming about how to get “live” and good quality cover traffic for one of our scenarios. Cover traffic is realistic background traffic and events that can potentially obscure the data that the player is looking for. A radical suggestion here was to simply eschew isolation and run every EDURange scenario concurrently in the same address space (i.e., network) and host machines. I think the interaction of scenarios would be fascinating to study, along with the social aspects of different players from different teams and scenarios communicating, bartering, and cooperating.
The lesson here is that “isolation is a barrier to learning.” Most times, we construct security exercises to be clean-slate and isolated — we do this to control complexity and as a “service” to both the student and the instructor so they won’t get distracted. But our insight here is that perhaps getting distracted is a good thing, especially since we want to give people the time and space to explore and poke around.