Elsevier

Computers & Security

Volume 23, Issue 4, June 2004, Pages 282-289
Computers & Security

Tele-Lab “IT-Security” on CD: portable, reliable and safe IT security training

https://doi.org/10.1016/j.cose.2004.02.005Get rights and content

Abstract

Besides gaining theoretical knowledge, IT students and professionals need to be prepared to apply security technologies and tools in their daily work. Therefore, today's security training should intend to provide hands-on experience by integrating practical exercises into the learning process. Tele-Lab “IT-Security” is a novel training system that makes interactive security exercises in a real laboratory environment possible that is equipped with rich security tools. Since for security tasks privileged operations have to be allowed, this laboratory environment needs to be carefully prevented from corruption by misuse or failures. To this end, we integrated Tele-Lab “IT-Security” including its operating system into a live system which is completely run on a small-sized CD without hard-disk installation. In this way, its portability, reliability and safety are also improved. Students can very easily access security training on any decent PC by booting Tele-Lab “IT-Security” from CD. Any activity in the training does not affect hardware and software systems; any system failure can be recovered by reboot.

In this paper, the architecture, implementation and applications of the Tele-Lab are described.

Introduction

Besides learning theoretic facts, IT students need to be prepared to apply security technologies and tools in real environments. Therefore, today's security training is intended to provide hands-on experience by integrating practical exercises. The current situation is that practical security experience can be received only from exercises or training programs which are carried out in laboratories. However, it is hard to integrate security exercises into training systems no matter whether they are computer- or web-based. The reason is, unlike other training systems for particular software, security training systems have to manage exercises in complicated laboratory environments, e.g. configuring operating systems and preparing various security tools. Additionally, like a human instructor, they need to interact with students step-by-step in each exercise. Therefore, existing training systems or web-based courses can only provide security experiences by visualized demonstration or simulation up to a limited degree.

To integrate security exercises, Tele-Lab “IT-Security”, a novel training system, is currently being developed at the University of Trier, Germany. It is an improved version based on the LPF learning system (E-Learning Platform IT security) developed by Hu et al. (2003). Tele-Lab “IT-Security” or the LPF is designed to equip a security laboratory. Its core idea is that each training system is installed on a Linux machine and integrated with a web interface. The Linux system provides students a configured laboratory environment equipped with various open-source security tools, which are easily available from Linux distributions. A student learns security facts and gets security experiences using a browser, and complete exercises (e.g. cracking passwords and security scanning) on the underlying Linux system via a shell or an X-based interface. The student's results can be either the answers submitted to its web server or some changes to the Linux system. After his/her submission, corresponding scripts will be invoked for comparing answers or tracing those system changes.

One difficulty in the current system is that the training machine and its OS must be carefully installed and configured. Most work has to be done by hand (e.g. installing security tools for a new chapter) though employing scripts is helpful. The other issue is that the system is run in an unsafe manner because privileged operations have to be allowed for particular exercises (e.g. security scanning). This introduces a risk that students may corrupt the entire system; all installations and configurations must be re-prepared after that. How to make the system reliable will be a big concern if it is applied in practical use.

In order to improve its reliability, current development of Tele-Lab attempts to integrate the entire system onto a live CD. This introduces a special feature from the live Linux technology. Based on it, teaching contents and real-life exercises will be put into a live Linux system. This live Linux can be run completely on a small-sized CD without hard-disk installation. In this way, a portable and reliable training system on CD can be realized. A student can very simply get training by finding any decent PC and booting it from this CD. Any activity in the training would not affect hardware and software systems, and any system crash can be recovered by reboot.

In this stage of development, the range of security topics covers cryptography, digital certificates, secure email, authentication, and security scanning. These topics familiarize students with the basic knowledge of the security technology, and help them understand how technologies work in reality. In order to follow the topics, students are required to have some rudimentary knowledge about network and UNIX concepts (e.g. how to run a UNIX command, or how to create or delete a directory or file), but do not have to hold security knowledge in advance. Students are classified into three categories: ordinary users, administrators, and IT students. We defined different sets of security topics for these categories, e.g. IT students are allowed to take all the topics while ordinary users can only access the topics which require less background knowledge and skills.

The rest of the paper is organized as follows: the next section discusses related work. The section following that reviews the underlying LPF-system and its architecture and components. The subsequent sections describe live Linux technology, the implementation of the Tele-Lab on CD and the practical use of the Tele-Lab, while the last section concludes the paper.

Section snippets

Related work

Existing IT-security teaching systems of similar nature can be categorized into three categories. First, there are (a few) simulation systems for security training. For example, ID-Tutor (Rowe and Schiavo, 1998) and the Intelligent Tutoring System (ITS) described by Woo et al. (2002) familiarize the user with intrusion detection. The ID-Tutor creates audit files with information on user logins and executed commands. The user has to decide whether an intrusion has occurred, and, in case of an

Review of the LPF architecture

Our Tele-Lab “IT-Security” is concentrated on teaching security principles, delivering laboratory experiences, and managing a student's learning performance. The current development is basically based on the LPF architecture introduced in Hu et al. (2003) which is illustrated in Fig. 1. It consists of five major components: a tutor, a content repository, a configured Linux system, user objects and user interfaces. The content repository is an IT security knowledge base, in which all the

Live Linux

Recently, rescue and demonstration systems on a bootable Linux CD (Knopper, 2003) are becoming popular. These systems are run in the memory, use a compressed file system on CD, and do not need a hard-disk installation. They are featured with the function of the general hardware identification and a rich application installation. For example, Knoppix is an important live Linux implementation based on the Debian distribution and has gained a great popularity in the Internet community. It is able

Implementation of Tele-Lab “IT-Security” on CD

Providing Tele-Lab “IT-Security” on CD requires not only to re-master existing live Linux CDs but also to configure the Tele-Lab and its user settings. For our implementation, we use a small DSL live Linux (DSL Linux, 2003) CD, which is derived from Knoppix and provides a basic system and essential applications (50 MB). Technically, the re-mastering procedure is carried out in the following phases. First, during the running of a live Linux, the root file system including decompressed read-only

Training security using Tele-Lab “IT-Security”

Currently the Tele-Lab “IT-Security” has been successfully implemented on the live Linux CD. At this moment, five chapters are integrated and available. These chapters deal with cryptography, digital certificates, secure email, authentication, and access control. Other security relevant contents will be integrated in future in a similar manner. The Tele-Lab “IT-Security” CDs can be used to either equip a security laboratory in our Computer Science Department, or can be directly delivered to

Conclusions

In this paper, Tele-Lab “IT-Security”, an electronic training system for IT security on CD, has been presented. The system distinguished itself from existing security education activities in the following respects. First, it not only implements a tutoring system for delivering paper knowledge but also passes students hands-on experience about IT security. Second, Tele-Lab “IT-Security” is run on a live Linux CD which integrates a well-configured laboratory environment instead of a limited

Ji Hu received his MS in computer science from the Beijing Polytechnic University. Currently he is a doctoral candidate at the Department of Computer Science, University of Trier, Germany. His research interests include information security and security education.

References (11)

  • N.C Rowe et al.

    An intelligent tutor for intrusion detection on computer system

    Comput Educ

    (1998)
  • DSL Linux
  • Hill Associates

    What training should be

  • Hoffman LJ, Dodge R, Rosenberg T, Ragsdale DJ. Information assurance laboratory innovations. Seventh Colloquium for...
  • Ji Hu, Michael Schmitt, Christian Willems, Christoph Meinel. A tutoring system for IT security. In: Proceedings of the...
There are more references available in the full text version of this article.

Cited by (13)

View all citing articles on Scopus

Ji Hu received his MS in computer science from the Beijing Polytechnic University. Currently he is a doctoral candidate at the Department of Computer Science, University of Trier, Germany. His research interests include information security and security education.

Christoph Meinel is a full-time professor for Computer Science, University of Trier, Germany. Also he is a visiting professor of LIASIT in Luxembourg and of Beijing University of Technology. He is the author or coauthor of seven books and 200 research papers. His research interests are in Telematics—particularly in Internet security and Tele-teaching—VLSI Design and Verification and Computational Complexity.

View full text