Asee peer logo

Using Virtual Machine Technology In An Undergraduate Intrusion Detection Lab

Download Paper |

Conference

2007 Annual Conference & Exposition

Location

Honolulu, Hawaii

Publication Date

June 24, 2007

Start Date

June 24, 2007

End Date

June 27, 2007

ISSN

2153-5965

Conference Session

Distance, Remote, and Virtual Experiments

Tagged Division

Division Experimentation & Lab-Oriented Studies

Page Count

10

Page Numbers

12.1575.1 - 12.1575.10

Permanent URL

https://peer.asee.org/2718

Download Count

121

Request a correction

Paper Authors

biography

Peng Li East Carolina University

visit author page

Peng Li is an Assistant Professor in the Department of Technology Systems at East Carolina University. His professional certifications include CISSP, LPIC and SCSECA. He received a Ph.D. in Electrical Engineering from University of Connecticut.

visit author page

biography

Philip Lunsford East Carolina University

visit author page

Phil Lunsford received a B.S. in Electrical Engineering and a M.S. in Electrical Engineering from Georgia Institute of Technology and a Ph.D. in Electrical Engineering from North Carolina State University. He is a registered professional engineer and is currently an Assistant Professor at East Carolina University. His research interests include system simulation, telemedicine applications, and information assurance.

visit author page

biography

Tijjani Mohammed East Carolina University

visit author page

TIJJANI MOHAMMED is an assistant professor in the Information and Computer Technology program, within the Department of Technology Systems at East Carolina University. Currently, Dr. Mohammed teaches both graduate and undergraduate courses addressing a range of issues in the planning, selection, deployment, and securing computer networks.

visit author page

biography

Lee Toderick East Carolina University

visit author page

Lee Toderick received a B.S. in Computer Science from East Carolina University and an MS in Computer Information Systems from Boston University. His professional certifications include CCNP/CCDP and RHCE. He currently
serves as teaching instructor in the Department of Technology Systems at East Carolina University. Research interests include remote lab access for distance learning students, firewall implementation, and information security as it applies to computer networks.

visit author page

biography

Chengcheng Li East Carolina University

visit author page

Chengcheng Li is an assistant professor at the Department of Technology Systems of East Carolina University. He obtained his M.S. and Ph.D. in Computer Science from Texas Tech University and MBA degree from the University of Southern Europe. He is holding MCSE and CCNA certifications issued by Microsoft and Cisco. His research interests are in network security, traffic engineering, and image processing.

visit author page

Download Paper |

Abstract
NOTE: The first page of text has been automatically extracted and included below in lieu of an abstract

Using Virtual Machine Technology in an Undergraduate Intrusion Detection Lab

Abstract

Virtual machine (VM) technology was recently adopted in an undergraduate lab on Intrusion Detection Technologies. Each student was provided with a pre-built, but non-configured Fedora Core 5 Linux VM image that was used to complete hands-on labs using the virtual machine on her/his own computer. To prepare the lab environment, a virtual network was built with Windows, Linux, FreeBSD, and Solaris virtual machines to simulate network attacks. Network traces of attacks were generated inside the virtual network using Metasploit Framework and other penetration testing tools. Student exercises included installing and using host-based intrusion detection systems, network-based intrusion detection systems and network monitoring tools. Students used TCPdump, Ethereal, Snort, and Bro to analyze the trace files. Students also performed installation and detection of loadable-kernel-module rootkits inside the virtual machine. A “compromised” virtual machine could be deleted after the lab and a fresh virtual machine could be reopened from the pre-built image in no time. The virtual machine was easy to use and easier to maintain than a real computer.

Using VM technology, it was possible to build a very “real” network environment at a minimal cost. Hands-on exercises of concepts could be set up in the virtual machine. Students were offered various opportunities to test other platforms such as Solaris without acquiring real physical machines. Additionally, the lab was available to students around the clock.

The adoption of VM technology helped students understand basic concepts, increased their interests and improved their troubleshooting skills. In addition, VM technologies expanded the physical boundaries of the lab environment. Students were able to use their own personal computers at home to perform lab exercises that previously would have required multiple machines configured in a dedicated lab room. This flexibility allowed the students to work at their own pace, and extended the lab environment to distance education students.

Using VM technology, we were able to transfer a physical hands-on intrusion detection lab from a Windows-dominated environment to a diversified virtual environment in a very short period. We believe that virtual machine technology can be successfully used in other computer security and networking labs.

1. Introduction

2006 may have been the year of virtual machine (VM) technology. During the year, VMware Inc. released VMware Server as freeware1. To compete with free virtualization solutions offered by VMware and Xen, Microsoft announced that Virtual Server 2005 R2 was available as a free download2. Virtualization technology enables multiple virtual machines to run concurrently on a single physical computer, with each virtual machine running an isolated operating system3. A virtual network is constructed that permits mesh or point-to-point VM connectivity. The pre-

Li, P., & Lunsford, P., & Mohammed, T., & Toderick, L., & Li, C. (2007, June), Using Virtual Machine Technology In An Undergraduate Intrusion Detection Lab Paper presented at 2007 Annual Conference & Exposition, Honolulu, Hawaii. https://peer.asee.org/2718

ASEE holds the copyright on this document. It may be read by the public free of charge. Authors may archive their work on personal websites or in institutional repositories with the following citation: © 2007 American Society for Engineering Education. Other scholars may excerpt or quote from these materials with the same citation. When excerpting or quoting from Conference Proceedings, authors should, in addition to noting the ASEE copyright, list all the original authors and their institutions and name the host city of the conference. - Last updated April 1, 2015