Re: Lab for Cybersecurity Program

[Alex Keller <axkeller () STANFORD EDU>]

City College of San Francisco has an awesome Cyber Security program and student club:
https://cybersecurityclub.github.io/cyber-club/

with a pretty comprehensive Code of Conduct:

https://docs.google.com/document/d/1YfbzKi7IMfqTGocB571zqRlPKgwoRGeQzHKRGJuBrT0/edit

While neither official nor all encompassing, I use some version of these talking points to preface workshops and alike…

Code of Conduct

·         Be lawful. Ignorance of the law is not a valid defense.
·         Be honorable.
·         Be respectful.
·         Protect yourself and your institution at all times.
·         Practice coordinated and responsible disclosure.
·         Demonstrate intentional and accountable use of technology.
·         Apply yourself for the benefit of the public interest and endeavor to make the world safer and more secure.



Alex Keller
Stanford | Engineering
Information Technology
axkeller () stanford edu<mailto:axkeller () stanford edu>
(650)736-6421

From: The EDUCAUSE Security Community Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Dan Wasson
Sent: Friday, February 28, 2020 5:42 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Lab for Cybersecurity Program

We are in the same place of starting a Cyber Security program.  Does anyone use or have a Code of Ethics or some other 
agreement that students must sign that states they will only use the learning and technology as it is intended, and not 
to probe the Institution?  Any examples would be appreciated.

Dan


Dan Wasson
Director Systems & LAN Management
Northwestern Michigan College
231-995-1164
dwasson () nmc edu<mailto:dwasson () nmc edu>

Don't be a scam victim - NMC and other reputable organizations will never use email to request that you reply with your 
password, social security number or confidential personal information.


On Thu, Feb 27, 2020 at 5:30 PM King, Ronald A. <raking () nsu edu<mailto:raking () nsu edu>> wrote:

1.       Is your lab 100% isolated from the rest of the campus and internet?

Yes, but we have two. One with Internet access and one without. Each is in an isolated physical location. The one with 
Internet access is behind a dedicated firewall. These are all lab computers used for academic purposes and are 
physically connected to switches behind the firewall. They allow remote work, so, we open SSH and a few other ports 
based on their needs. The other lab is completely isolated. They us it for malware testing and dev. We don’t want it to 
connect to anything.



2.      Do the students just use the computers for the testing or do you have VM’s that they can connect into on those 
machines?
Yes. We have dedicated workstation class systems running VMs as needed for students. They also have a dedicated Data 
Center with significant cluster of servers. It is used for various types of tech, such as Hadoop, VMware, and 
Openstack. As part of the programs some systems are made available remotely. Since they are physically separate from 
our enterprise network, we don’t really worry too much.



3.      Amount of ram used on the physical PC’s and on a teacher computer if different from student PC’s. 32GB for 
desktop minimum.

The Cyber School understood the risks to the enterprise network, so, we partnered together to get it done this way.

Hope this helps.
Ron

Ronald King
Director of Technical Services and OIT Security

Office of Information Technology
(757) 823-2916 (Office)
raking () nsu edu<mailto:raking () nsu edu>
www.nsu.edu<http://www.nsu.edu/>
@NSUCISO (Twitter)
[NSU_logo_horiz_tag_4c - Smaller]

From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>> On Behalf Of DERUSSO, VINCENT
Sent: Wednesday, February 26, 2020 10:54 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] Lab for Cybersecurity Program

Our Computer Science department now has a new Cybersecurity program and has come to us about setting up a lab for them 
to do hands on testing.  From my research, I’ve found a couple of articles on possible solutions but none go into much 
details.  I was wondering if anyone has setup a Cybersecurity Lab that might be willing to answer some of these 
questions and provide any additional advise/gotchas to watch out for while we look into this.


1.       Is your lab 100% isolated from the rest of the campus and internet?

a.      If yes, do you have any computer in the room that has internet access?

b.      If no, explain how you have it segregated?

2.      Do the students just use the computers for the testing or do you have VM’s that they can connect into on those 
machines?

a.      If VM’s, do you allow those VM’s to be accessed remotely or do they need to be physically in that lab to use 
those VM’s?

b.      What software/hardware are you using to host those VM’s and is that hardware physically in that room or in 
another room but on the same network as the lab computers?

3.      Amount of ram used on the physical PC’s and on a teacher computer if different from student PC’s.

Any other information that will help us build out this lab would be greatly appreciated as well.  Thank you for your 
time.

[Vince DeRusso, MBA - Sr. Network Administrator - Communications Systems | 432 Western Ave. Albany, NY 12203 | o: 
518.458.5414 | strose.edu]
This communication may contain confidential information that is otherwise protected from disclosure. If you received 
this communication in error, please contact me immediately and destroy the material in its entirety.



**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community