Re: Lab for Cybersecurity Program

[Kevin Cheek <kcheek () UMICH EDU>]

We have asked a small number of students to sign the attached document when
we've given them access to our systems and/or data.

We also have researchers that regularly interact with systems across the
internet. The ZMap paper from 2013 <https://zmap.io/paper.pdf> included
some advice for researchers:

1. Coordinate closely with local network admins to reduce risks and handle
inquiries.
2. Verify that scans will not overwhelm the local network or upstream
provider.
3. Signal the benign nature of the scans in web pages and DNS entries of
the source addresses.
4. Clearly explain the purpose and scope of the scans in all
communications.
5. Provide a simple means of opting out, and honor requests promptly.
6. Conduct scans no larger or more frequent than is necessary for research
objectives.
7. Spread scan traffic over time or source addresses when feasible.

These days, we still work with those same groups to establish things like:

1. Appropriate whois abuse contact information for the subnets that will be
the source of the research network traffic
2. KBs for our help desk so that queries/complaints can be routed
appropriately to the researchers
3. Email groups for the abuse contacts so that our SOC/IR team can maintain
awareness of abuse complaints and ensure that the university is represented
responsibly when researchers respond to complaints
4. Network traffic bypass/exclusion groups for network security and network
monitoring systems & devices (avoiding false alarms and reducing negative
operational impact on things like IPS, Zeek, etc.)


On Fri, Feb 28, 2020 at 2:20 PM Alex Keller <axkeller () stanford edu> wrote:

> City College of San Francisco has an awesome Cyber Security program and
> student club:
> https://cybersecurityclub.github.io/cyber-club/
>
> with a pretty comprehensive Code of Conduct:
>
>
> https://docs.google.com/document/d/1YfbzKi7IMfqTGocB571zqRlPKgwoRGeQzHKRGJuBrT0/edit
>
> While neither official nor all encompassing, I use some version of these
> talking points to preface workshops and alike…
>
> *Code of Conduct*
>
>
>
> ·         Be lawful. Ignorance of the law is not a valid defense.
>
> ·         Be honorable.
>
> ·         Be respectful.
>
> ·         Protect yourself and your institution at all times.
>
> ·         Practice coordinated and responsible disclosure.
>
> ·         Demonstrate intentional and accountable use of technology.
>
> ·         Apply yourself for the benefit of the public interest and
> endeavor to make the world safer and more secure.
>
>
>
>
>
> Alex Keller
>
> Stanford | Engineering
>
> Information Technology
>
> axkeller () stanford edu
>
> (650)736-6421
>
>
>
> *From:* The EDUCAUSE Security Community Group Listserv [mailto:
> SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Dan Wasson
> *Sent:* Friday, February 28, 2020 5:42 AM
> *To:* SECURITY () LISTSERV EDUCAUSE EDU
> *Subject:* Re: [SECURITY] Lab for Cybersecurity Program
>
>
>
> We are in the same place of starting a Cyber Security program.  Does
> anyone use or have a Code of Ethics or some other agreement that students
> must sign that states they will only use the learning and technology as it
> is intended, and not to probe the Institution?  Any examples would be
> appreciated.
>
>
>
> Dan
>
>
>
>
>
> *Dan Wasson*
>
> *Director Systems & LAN Management*
>
> *Northwestern Michigan College*
>
> *231-995-1164*
>
> *dwasson () nmc edu* <dwasson () nmc edu>
>
>
>
> *Don't be a scam victim** - NMC and other reputable organizations will
> never use email to request that you reply with your password, social
> security number or confidential personal information.*
>
>
>
>
>
> On Thu, Feb 27, 2020 at 5:30 PM King, Ronald A. <raking () nsu edu> wrote:
>
> 1.       Is your lab 100% isolated from the rest of the campus and
> internet?
>
> Yes, but we have two. One with Internet access and one without. Each is in
> an isolated physical location. The one with Internet access is behind a
> dedicated firewall. These are all lab computers used for academic purposes
> and are physically connected to switches behind the firewall. They allow
> remote work, so, we open SSH and a few other ports based on their needs.
> The other lab is completely isolated. They us it for malware testing and
> dev. We don’t want it to connect to anything.
>
>
>
> 2.      Do the students just use the computers for the testing or do you
> have VM’s that they can connect into on those machines?
>
> Yes. We have dedicated workstation class systems running VMs as needed for
> students. They also have a dedicated Data Center with significant cluster
> of servers. It is used for various types of tech, such as Hadoop, VMware,
> and Openstack. As part of the programs some systems are made available
> remotely. Since they are physically separate from our enterprise network,
> we don’t really worry too much.
>
>
>
> 3.      Amount of ram used on the physical PC’s and on a teacher computer
> if different from student PC’s. 32GB for desktop minimum.
>
>
>
> The Cyber School understood the risks to the enterprise network, so, we
> partnered together to get it done this way.
>
>
>
> Hope this helps.
>
> Ron
>
>
>
> *Ronald King*
>
> *Director of Technical Services and OIT Security*
>
>
>
> *Office of Information Technology*
>
> (757) 823-2916 (Office)
>
> raking () nsu edu
>
> www.nsu.edu
>
> @NSUCISO (Twitter)
>
> [image: NSU_logo_horiz_tag_4c - Smaller]
>
>
>
> *From:* The EDUCAUSE Security Community Group Listserv <
> SECURITY () LISTSERV EDUCAUSE EDU> *On Behalf Of *DERUSSO, VINCENT
> *Sent:* Wednesday, February 26, 2020 10:54 AM
> *To:* SECURITY () LISTSERV EDUCAUSE EDU
> *Subject:* [SECURITY] Lab for Cybersecurity Program
>
>
>
> Our Computer Science department now has a new Cybersecurity program and
> has come to us about setting up a lab for them to do hands on testing.
> From my research, I’ve found a couple of articles on possible solutions but
> none go into much details.  I was wondering if anyone has setup a
> Cybersecurity Lab that might be willing to answer some of these questions
> and provide any additional advise/gotchas to watch out for while we look
> into this.
>
>
>
> 1.       Is your lab 100% isolated from the rest of the campus and
> internet?
>
> a.      If yes, do you have any computer in the room that has internet
> access?
>
> b.      If no, explain how you have it segregated?
>
> 2.      Do the students just use the computers for the testing or do you
> have VM’s that they can connect into on those machines?
>
> a.      If VM’s, do you allow those VM’s to be accessed remotely or do
> they need to be physically in that lab to use those VM’s?
>
> b.      What software/hardware are you using to host those VM’s and is
> that hardware physically in that room or in another room but on the same
> network as the lab computers?
>
> 3.      Amount of ram used on the physical PC’s and on a teacher computer
> if different from student PC’s.
>
>
>
> Any other information that will help us build out this lab would be
> greatly appreciated as well.  Thank you for your time.
>
>
>
> [image: Vince DeRusso, MBA - Sr. Network Administrator - Communications
> Systems | 432 Western Ave. Albany, NY 12203 | o: 518.458.5414 | strose.edu]
>
> *This communication may contain confidential information that is otherwise
> protected from disclosure. If you received this communication in error,
> please contact me immediately and destroy the material in its entirety.*
>
>
>
>
>
> **********
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
>
> **********
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
>
> **********
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
>
> **********
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Attachment: IA Code of Conduct Agreement.pdf
Description: