The Proceedings of the Information Systems Education Conference 2006: §3722    Home    Papers/Indices    prev (§3713)    Next (§3723)
Sat, Nov 4, 4:30 - 4:55, Bordeaux     Paper (refereed)
Recommended Citation: Powell, V J H, R S Johnson, and J C Turchek.  Virtual Laboratory Intrusion Detection Experience for Information Systems Professionals.  In The Proceedings of the Information Systems Education Conference 2006, v 23 (Dallas): §3722. ISSN: 1542-7382. (A later version appears in Information Systems Education Journal 5(5). ISSN: 1545-679X.)
CDpic

Virtual Laboratory Intrusion Detection Experience for Information Systems Professionals

thumb
Refereed12 pages
Valerie J. H. Powell    [a1] [a2]
Department of Computer and Information Systems
Robert Morris University    [u1] [u2]
Moon Township, Pennsylvania, USA    [c1] [c2]

Randall S. Johnson    [a1] [a2]
Technical Services, Information Systems
Robert Morris University    [u1] [u2]
Moon Township, Pennsylvania, USA    [c1] [c2]

John C. Turchek    [a1] [a2]
Department of Computer and Information Systems
Robert Morris University    [u1] [u2]
Moon Township, Pennsylvania, USA    [c1] [c2]

This paper describes how to design and implement an intrusion detection module that may be implemented in various courses taught in an information system curriculum and covers the industry-standard Snort Open Source intrusion detection system (IDS). This paper proposes that virtualization offers three significant instructional advantages in delivering a rich IDS experience: (1) server independence giving each student control of an IDS configuration, (2) a unique IP address on the “virtual” network for each server so that students are able to work in teams, including in distance learning situations, and (3) demonstration of centralized logging as typically deployed in production networks by configuring each virtual machine to send log messages to the instructor’s virtual machine. Students then can generate, observe, log, and analyze various types of network traffic between their virtual servers in a safe, ethical manner. Documentation of commands and results is included.

Keywords: intrusion detection, virtualization, information security

Read this refereed paper in Adobe Portable Document (PDF) format. (12 pages, 1869 K bytes)
Preview this refereed paper in Plain Text (TXT) format. (32 K bytes)

CDpic
Comments and corrections to
webmaster@isedj.org