I will be teaching my introduction to computer security course again next semester and one of the things that I like to do is give students hands-on experience with offensive techniques. Since our IP range is off by one digit from a relatively large number of .navy.mil sites, I would like to make sure that they are contained in a non-breakable jail.

Until now, I had set the lab up to have students SSH in to a step stone server. From there, they connected out to a BackTrack platform that did not have a default gateway set. Even if students would attempt to break out of the lab network, the step stone platform had firewall rules set up not to allow outbound traffic.

As a result, it consisted of a fairly robust environment.

AttackPlatform.png

However, there were a few disadvantages.

Due to capacity limitations, the entire class shared one instance of BackTrack. All students have root access to that box, and it usually doesn't take long before they find out that the shell history and artifacts downloaded by fellow students are interesting. As a result of my architectural choices, it is also kind-of tricky to remove artifacts from the lab environment.

So, this year, I'm going to try it a bit differently.

Instead of using an SSH bastion host, I'm going to give all students a bootable USB drive with an openvpn client installled. The client will connect to the bastion host and will not allow split tunneling. As a result, while booted from the USB drive, students will ONLY be able to access the security lab. In the lab, I'll provide a file server (Samba or NFS, most likely) on which I load the tools that might be useful to them. That way, the tools are not accessible to anyone, but those who are VPN'ed in.

File transfer to retrieve artifacts can be easily achieved by inserting a second USB drive into the PC from which they are booting.