Educause Security Discussion mailing list archives
Re: Lab for Cybersecurity Program
From: Kevin Cheek <kcheek () UMICH EDU>
Date: Tue, 3 Mar 2020 12:51:05 -0500
We have asked a small number of students to sign the attached document when we've given them access to our systems and/or data. We also have researchers that regularly interact with systems across the internet. The ZMap paper from 2013 <https://zmap.io/paper.pdf> included some advice for researchers: 1. Coordinate closely with local network admins to reduce risks and handle inquiries. 2. Verify that scans will not overwhelm the local network or upstream provider. 3. Signal the benign nature of the scans in web pages and DNS entries of the source addresses. 4. Clearly explain the purpose and scope of the scans in all communications. 5. Provide a simple means of opting out, and honor requests promptly. 6. Conduct scans no larger or more frequent than is necessary for research objectives. 7. Spread scan traffic over time or source addresses when feasible. These days, we still work with those same groups to establish things like: 1. Appropriate whois abuse contact information for the subnets that will be the source of the research network traffic 2. KBs for our help desk so that queries/complaints can be routed appropriately to the researchers 3. Email groups for the abuse contacts so that our SOC/IR team can maintain awareness of abuse complaints and ensure that the university is represented responsibly when researchers respond to complaints 4. Network traffic bypass/exclusion groups for network security and network monitoring systems & devices (avoiding false alarms and reducing negative operational impact on things like IPS, Zeek, etc.) On Fri, Feb 28, 2020 at 2:20 PM Alex Keller <axkeller () stanford edu> wrote:
City College of San Francisco has an awesome Cyber Security program and student club: https://cybersecurityclub.github.io/cyber-club/ with a pretty comprehensive Code of Conduct: https://docs.google.com/document/d/1YfbzKi7IMfqTGocB571zqRlPKgwoRGeQzHKRGJuBrT0/edit While neither official nor all encompassing, I use some version of these talking points to preface workshops and alike… *Code of Conduct* · Be lawful. Ignorance of the law is not a valid defense. · Be honorable. · Be respectful. · Protect yourself and your institution at all times. · Practice coordinated and responsible disclosure. · Demonstrate intentional and accountable use of technology. · Apply yourself for the benefit of the public interest and endeavor to make the world safer and more secure. Alex Keller Stanford | Engineering Information Technology axkeller () stanford edu (650)736-6421 *From:* The EDUCAUSE Security Community Group Listserv [mailto: SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Dan Wasson *Sent:* Friday, February 28, 2020 5:42 AM *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* Re: [SECURITY] Lab for Cybersecurity Program We are in the same place of starting a Cyber Security program. Does anyone use or have a Code of Ethics or some other agreement that students must sign that states they will only use the learning and technology as it is intended, and not to probe the Institution? Any examples would be appreciated. Dan *Dan Wasson* *Director Systems & LAN Management* *Northwestern Michigan College* *231-995-1164* *dwasson () nmc edu* <dwasson () nmc edu> *Don't be a scam victim** - NMC and other reputable organizations will never use email to request that you reply with your password, social security number or confidential personal information.* On Thu, Feb 27, 2020 at 5:30 PM King, Ronald A. <raking () nsu edu> wrote: 1. Is your lab 100% isolated from the rest of the campus and internet? Yes, but we have two. One with Internet access and one without. Each is in an isolated physical location. The one with Internet access is behind a dedicated firewall. These are all lab computers used for academic purposes and are physically connected to switches behind the firewall. They allow remote work, so, we open SSH and a few other ports based on their needs. The other lab is completely isolated. They us it for malware testing and dev. We don’t want it to connect to anything. 2. Do the students just use the computers for the testing or do you have VM’s that they can connect into on those machines? Yes. We have dedicated workstation class systems running VMs as needed for students. They also have a dedicated Data Center with significant cluster of servers. It is used for various types of tech, such as Hadoop, VMware, and Openstack. As part of the programs some systems are made available remotely. Since they are physically separate from our enterprise network, we don’t really worry too much. 3. Amount of ram used on the physical PC’s and on a teacher computer if different from student PC’s. 32GB for desktop minimum. The Cyber School understood the risks to the enterprise network, so, we partnered together to get it done this way. Hope this helps. Ron *Ronald King* *Director of Technical Services and OIT Security* *Office of Information Technology* (757) 823-2916 (Office) raking () nsu edu www.nsu.edu @NSUCISO (Twitter) [image: NSU_logo_horiz_tag_4c - Smaller] *From:* The EDUCAUSE Security Community Group Listserv < SECURITY () LISTSERV EDUCAUSE EDU> *On Behalf Of *DERUSSO, VINCENT *Sent:* Wednesday, February 26, 2020 10:54 AM *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* [SECURITY] Lab for Cybersecurity Program Our Computer Science department now has a new Cybersecurity program and has come to us about setting up a lab for them to do hands on testing. From my research, I’ve found a couple of articles on possible solutions but none go into much details. I was wondering if anyone has setup a Cybersecurity Lab that might be willing to answer some of these questions and provide any additional advise/gotchas to watch out for while we look into this. 1. Is your lab 100% isolated from the rest of the campus and internet? a. If yes, do you have any computer in the room that has internet access? b. If no, explain how you have it segregated? 2. Do the students just use the computers for the testing or do you have VM’s that they can connect into on those machines? a. If VM’s, do you allow those VM’s to be accessed remotely or do they need to be physically in that lab to use those VM’s? b. What software/hardware are you using to host those VM’s and is that hardware physically in that room or in another room but on the same network as the lab computers? 3. Amount of ram used on the physical PC’s and on a teacher computer if different from student PC’s. Any other information that will help us build out this lab would be greatly appreciated as well. Thank you for your time. [image: Vince DeRusso, MBA - Sr. Network Administrator - Communications Systems | 432 Western Ave. Albany, NY 12203 | o: 518.458.5414 | strose.edu] *This communication may contain confidential information that is otherwise protected from disclosure. If you received this communication in error, please contact me immediately and destroy the material in its entirety.* ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Attachment:
IA Code of Conduct Agreement.pdf
Description:
Current thread:
- Lab for Cybersecurity Program DERUSSO, VINCENT (Feb 26)
- Re: Lab for Cybersecurity Program Barton, Robert W. (Feb 26)
- Re: Lab for Cybersecurity Program Menne, Michael S (Feb 26)
- Re: Lab for Cybersecurity Program King, Ronald A. (Feb 27)
- Re: Lab for Cybersecurity Program Dan Wasson (Feb 28)
- Re: Lab for Cybersecurity Program randy (Feb 28)
- Re: Lab for Cybersecurity Program Alex Keller (Feb 28)
- Re: Lab for Cybersecurity Program Kevin Cheek (Mar 03)
- Re: Lab for Cybersecurity Program Dan Wasson (Feb 28)