you set the focus

you

set t

he fo

cus

The iLab Experiencea blended learning hands-on course concept

Create Your Own LabJuly 5, 2016

your exercise

1 2 3 4 5 6 7 8 9 10 11 12 13

BGPIPv62-3 mini labs

SECAdvanced WL

14

Your ExerciseS2O 1 S2O 2To

pic

Pres

enta

tion

and

Votin

g

DIY

1- Y

our O

wn

Smar

t Dev

ice

DIY

2- Y

our O

wn

Smar

t Spa

ce

Kick

Off,

Min

i Lab

s, IP

v6 -

part

I

Topi

c Pr

esen

tatio

n an

d Vo

ting

Secu

rity

Fund

amen

tals

Adva

nced

Wire

less

Pla

ygro

und

Your

1st

Lec

ture

Revi

ew P

rese

ntat

ion

Fina

l Pre

sent

atio

n, W

rap-

Up

12.4. 19.4. 26.4. 3.5. 10.5. 18.5. 24.5. 31.5. 7.6. (14.6.) 21.6. (28.6.) 5.7. 12.7.

IPv6

- pa

rt II,

Min

i Lab

Lec

ture

s

BGP

Wor

ld-W

ide-

Web

Sec

urity

Hol

es

Your

Exe

rcis

e M

ad B

rain

stor

min

g

Did

actic

s an

d Te

chni

ques

summer term 2016

your exercise

1 2 3 4 5 6 7 8 9 10 11 12 13


SECAdvanced WL

14

Your ExerciseS2O 1 S2O 2To

pic

Votin

g

Topi

c Vo

ting

Your

1st

Lec

ture

Revi

ew P

rese

ntat

ion

Fina

l Pre

sent

atio

n, W

rap-

Up

18.5. 24.5. 7.6. (14.6.) 21.6. (28.6.) 5.7. 12.7.

Did

actic

s an

d Te

chni

ques

summer term 2016

• Week -4: Concept & Topic Madness• Prepare your 2x3 min talks

• Week -3+-2:Topic Voting• Plan the structure and content of your lab, prelab, and lecture.

• Week 1+2: Didactics & Techniques & Preparation• Lecture Preparation (most relevant concepts?)• Prelab Preparation (detailing the lecture content + tools + more)• Practical Part Lab Preparation (no cooking recipe)

• Week 3: Your lecture• Finalise and improve your content.

• Week 4: Review and Get Reviewed• Review other team• Get reviewed by other team

• Week 5: Present the lab and the feedback you got and what to do next• Improve by materialising the feedback

• Week 6: Final presentation (Lecture with lab outlook, highlights)

peer grading

• 2 slide decks for your two topic presentations (each talks one topic!)

• Slide deck lecture (both talk!)

• Ready PreLab, Lab

• Review report

• Slide on review feedback & planned improvements

• Final lecture slides

• Final PreLab, Lab, Peer Grade

Expected Artefactsyo

ur

exer

cise

Marc-Oliver Pahl 2016

7.6.

(14.6.)

21.6.

(28.6.)

5.7.

12.7.

18.5.

10.5.

24.5.

X

X

X

X

X

X

X

you

set t

he fo

cus


Your Final Lecture7(+1) Minutes

Order of Presentations

Team Topic

204 DNS-tunneling

206 SIP - call me maybe

208 Tor vs GFW of China

212 Distributed file systems

202 The Quest of The Mailserver - The One Server to Spam Them All!

201 Routing Policies & Tra�c Shaping

210 TCP/IP Vulnerabilities

203 Multipath TCP

209 OpenSSH: More than a remote shell

207 Firewall Operating Systems: VyOs and IPFire

You make it interesting…

Flickr:nist6dh

iLab2

DNS tunneling

Felix Hartmond, Sven Hertle, Team 204

Motivation

DNS tunneling

WLAN in public places or hotels

Restrictions like only HTTP(S)

But: DNS is often allowed

DNS tunneling allows to use SSH, connect to a VPN, ...

In general it bypasses the firewall

Summary/Learning Goals

The following learning goals are covered in the Lecture PreLab Lab

Overview over DNS x x

Understand DNS tunneling x x x

Blocking DNS tunneling x x

iptables x x

Overview over DNS

Resource record types: A, AAAA, NS, CNAME, TXT, . . .

DNS tunneling

Idea

Embed data in DNS packets

DNS packets sent as usual to authoritative name server

Requires modification on cient and server side

Implementation

Special software as DNS server for specific subdomain

Di↵erent resource record types possible

Blocking DNS tunneling

Detection techniques 1

DPI: block specific resource record types

Log the message sizes, implement quota

Number of hostnames per domain

Entropy of hostnames (encoded names have higher entropy)

Orphan DNS requests

1Detecting DNS Tunneling, Greg Farnham, SANS Institute

Teaser practical part


Team Topic

204 DNS-tunneling







203 Multipath TCP



SIP – call me maybe

team 206 (fk, hs)

In a nutshell

Protocol for (multimedia) sessions (= async. data exchange)Usage:

Voice/Video over IPother applications possible

WidespreadIETF alternative to H.232

Learning goals

Lecture

even more motivationSIP – a short introduction

PreLab

recap lecture contentRTFM

Lab

use the headsetsbuild telephony infrastructurewiretapping

Voice over IP (VoIP) entities

Several application layer protocols handle di�erent aspects:Session Initiation Protocol (SIP):

Controls the lifecycle of communication sessionstext-based, syntax similar to HTTP/1.1

Session Description Protocol (SDP):Controls multimedia streaming transmissionspayload of the SIP protocol

Real-time Transport Protocol (RTP):Transfers realtime multimedia streaming payload

Note:Can be used independently from each other

Terminology

server/client – as usual: a server listens for requests, a clientinitiates communication

IMPORTANT: Many endpoints are both!

user agent (UA) – communication endpoint (client, server orboth)registrar – participant that keeps track of the state ofassociated user agentsproxy (server) – server & client, routes messagesSIP URLs like: sip:username@host, e.g.sip:[email protected]

Use Case #1: Registration

A registrar tracks the status of an endpointTo let the registrar know that the UA is connected and able toaccept callsThe registrar is in most cases a PBX system that routes calls

Simple process:

UA sends a REGISTER requestRegistrar responds with a status code: e.g. 200 (successful),401 (unauthorized)

Use Case #2: Place a call

INVITE

200 OK

ACK

BYE

200 OK

Figure 1: A basic message exchange

Content of the lab

Get to know software phonesEstablish a sessionPlay cool musicCreate your own PBX

Figure 2: . . . and he said it’ll be fun . . .


Team Topic

204 DNS-tunneling







203 Multipath TCP



cre

ate

your

ow

n e

xerc

ise

Tor vs great Firewall of China

Jakob Traxler, Albert Stark

1

What will you learn?

2

The Following Learning Goals are Covered in the

Lecture

PreLab

Lab

Understand Tor and what it does for you X X

Learn the di!erent operation modes of Tor X X X

Con%gure and use Tor on a PC X X

Build and circumvent a simple censorship setup X X

Rebuild the great Firewall of China X X

Fight the censorship

Censorship caused by the Chinese government

– only Chinanet is available

Twitter → Weibo

Facebook →RenRen

YouTube → YouKou

3

2013 Tiananmen Square Attack

● Eye-Witness at the attack

● Cameras seized by the secret police

● No mention in media

● After 3 days only „some disturbance“

4

Great Firewall of China

5

● Centralized instance to block

● Very little technical details are known for sure

● Only two state controlled providers

● China Unicom

● Cernet (Educational and less restrictive)

Arms race with the GFC

6

• Globally announced Tor nodes ✓

• Hidden tor node/bridge ✓

• Obfuscation (obfs2&obfs3) ✓/⨯

• Shared Secret (obfs4) ⨯

False positives damage the system!

Selecting the right packets

7

• Reduce the need to probe connections

• Distinguish between certain ciphers to detect Tor

• Probe if not sure:

– Con%g for obfs3:

• Obfs3 203.0.113.254:47802

– Try to connect to it

• It responds with Tor → it‘s a bridge

• Other or no response → everything ok

Active Probing

8

TLS connection

Tor handshake

Tor handshake

The Wiring

9

Local Tor Net

Links & More

10

• Examining How the Great Firewall Discovers Hidden Circumvention Servers: https://nymity.ch/active-probing/

• Behind the Great Firewall of China: http://www.ted.com/talks/michael_anti_behind_the_great_%rewall_of_china?language=en

• German news coverage on attack: http://www.augsburger-allgemeine.de/augsburg/Augsburger-Schueler-entgehen-Attentat-in-Peking-id27565842.html

• PC Icon made by SimpleIcon from Iaticon.com (CC 3.0 BY)

• Spy icon made by Freepik from Iaticon.com (FBL)

• Block logo made by Icomon from Iaticon.com (CC 3.0 BY)

• Tor Logo by the Tor Foundation (CC 3.0 BY) – registered trademark


Team Topic

204 DNS-tunneling







203 Multipath TCP



creat

e you

r own

exerc

ise

DISTRIBUTED FILE SYSTEMSLorenz Stadler, Wangyang Ye – Team 212

1

Motivation• For what do you need a distributed File system?

2

Problem•High amount of data•Many users

•Example: Web 2.0

Requirements(for file storage)• Scalability•Reliability•Easy access•Easy management

Solution•Multiple storage servers•Distributed file system

Summary/ Learning Goals

3

The Following Learning Goals are Covered in the Lecture PreLab LabUnderstand how a distributed file system works X XUnderstand the advantages, eg. reliability X X XLearn about different distributed file systems XLearn about the DFS “XtreemFS” and how to use it X XSetup a DFS with multiple servers and clients XAdministrate the DFS(add nodes, see how it reacts to a failure of one file server)

X

What is a distributed file System?• Typically: clients, a

Master(directory) server, multiple storage servers

• Name convention and mapping scheme

4Image: http://www.zib.de/features/fairness-and-load-distributed-file-systems

Features and advantages of DFSs: Replication

• Eliminate single point of failure ÆImproved reliability and availability

• Files stored multiple times on different storage servers• Read: increased performance and scalability (load

balancing)• Write: Block file access and write to master server

5Images: http://www.xtreemfs.org/how_replication_works.php

Reliability•Availability•Resistance to failing

components

Features and advantages of DFSs: Scalability

• Add or remove storage servers (horizontal scaling)

• Increase storage capacity• Support more client

connections• Improve performance

6Image: http://www.xtreemfs.org/all_features.php

Scalability• The system can

accomodate increasedusage

• The system canaccomodate an increaseddataset

• The system ismaintainable

Different DFSsLocally managed ↔ Remote access

Access: POSIX / FUSE / HTTP (REST) / FTP / …Different use cases: Databases, Web Server, NAS, …

Fault tolerance, Speed, Supported OSs, Licence, Security

7

• Locally managed• POSIX compatible• FUSE• Fault tolerance• Linux (Mac OS and Windows clients)• BSD License

Teaser Practical Part

8

Client Client

Directory ServiceMetadata ServerStorage Server

Storage Server

Storage Server

PC3

PC2

PC1All PCs are in the

same network

• Setup a DFS• With multiple

storage servers• Experience the

coolest featuresof DFSs

PC5

PC4


Team Topic

204 DNS-tunneling







203 Multipath TCP



creat

e you

r own

exerc

ise

THE QUEST OF THE MAIL SERVERSebastian Vogl & Patrick Werneck - 202

1

Motivation• E-mails are widely used!• Old messaging service (1971).• Learn how to attack and defend.• We already operate our own server.

2

Summary/ Learning Goals

3

The Following Learning Goals are Covered in the Lecture PreLab LabUnderstand what happens between the servers X XHow to attack the mailing network/ server (X) X XHow to defend your own server X X XHow are e-mails structured X XConfigure your own mailing network X

Important Terms• MUA – Mail User Agent• MDA – Mail Delivery Agent• MTA – Mail Transfer Agent

4

(E)SMTP • Used for sending emails• No authentication and encryption• ESMTP introduces additional commands for

this

5

SPAM Prevention• DKIM – DomainKeys Identified Mail

– Cryptographic authentication of domains• SPF – Sender Policy Framework

– Specify who is allowed to send mails• DNSBL – DNS-based Blackhole List

– Block imcomming emails from listed IPs

6


7


Team Topic

204 DNS-tunneling







203 Multipath TCP



iLab2

Routing Policies &Tra�c Shaping

Team 201: Moritz Sichert, Lars Wustrich

Motivation

Routing Policies

Multiple routes to a destination available

Using available paths e�ciently

Tra�c Shaping

Limit bandwidth

Prioritize certain tra�c, e.g. SSH over HTTP

Lecture Overview

Routing Policies

Using connections e�cientlyApplying Routing Policies

Tra�c Shaping

Limiting BandwidthPrioritizing Tra�c


Routing Policies: Use connectionts e�ciently

Multiple paths to destination available

Using routing policies enables you to

ensure Quality of Service.do load balancing over multiple connections.do source based path selection.

Applying Routing Policies

Tra�c Shaping: Limiting Bandwidth

Router

Internal NetworkInternet

eth0egress

ingresseth1

egress

ingress

Tra�c Shaping: Prioritizing Tra�c

Ingress Packets1 2

32 2 2

2 22 2 2 2 22 22 2 2 2

1 1

1 1 13

1

2

3

1

112

Traffic Shaper

Egress Packets

Priorities


Cisco 1LangsamMitUns

eth0: fd00:17ab:c1::ff:1/64eth4: fd00:17ab:e::ff:1/64

Cisco 2TU-Mobile

eth0: fd00:17ab:c2::ff:1/64eth4: fd00:17ab:e::ff:2/64

eth0: fd00:17ab:e::2/64

PC2

eth0: fd00:17ab:e::3/64

PC3

eth0: fd00:17ab:feed::ff:1/64eth1: fd00:17ab:c1::1/64eth2: fd00:17ab:c2::1/64

PC1

eth0: fd00:17ab:feed::4/64

PC4


PC5


PC6

512 Kbit/s down128 Kbit/s up

10 Mbit/s down10 Mbit/s up

CompanyNetwork

ExternalNetwork


Team Topic

204 DNS-tunneling







203 Multipath TCP



create

your

own

exerc

iseTCP/IP VulnerabilitiesStefan Reitmayer, Martin Sigl

1.

2.

a.

b.

3.

4.

•

•

•Source:https://www.mitnicksecurity.com/S=0/about/kevin-mitnick-worlds-most-famous-hacker-biography

•

••

•••

•

Client ServerCTL=<SYN>, SEQ=<x>

CTL=<SYN,ACK>

SEQ=<y>, ACK=<x+1>

CTL=<ACK>SEQ=<x+1>, ACK=<y+1>DATA...

–•––

Victim Host

Attacker

Spoofed Host

Trusted Relationship

l. DoS Attack (server’s login port)

2. Guess Sequence Number (fixed sequence number step)6. Finished

4. Send SYN/ACK packet

3. SYN packet5. ACK packet

•

•

Alf Bob

Eve

DATA seq=x

DATA seq=y

DATA seq=z

INJECTED DATAseq=z

Alf

Eve

Bob

Tools: hping3, netcat, tcpdump, telnet


Team Topic

204 DNS-tunneling







203 Multipath TCP



crea

te yo

ur ow

n ex

ercise

MULTIPATH TCPOliver Scheit, Jörg Wiedemann

1

Multipath-TCP: combining multiple connections

• Modern devices have multiple networkadapters– Use all of them to increase performance– Increases reliability in case one adapter fails

• Learn how MPTCP handles the connection(s)• Learn what is required for this proposed

standard to work2

Your learning goals

3

The Following Learning Goals are Covered in the Lecture PreLab LabUnderstand the MPTC protocol X XUnderstand why using MPTCP is beneficial X X XUnderstand the structure of a MPTCP packet X X XUnderstand when MPTCP fails X XSetup a MPTCP-ready client and server XObserve the MPTCP protocol in action X

Development of MPTCP• Previous approaches for aggregating links

– PTCP-2002– M/TCP– MTCP

• MPTCP Group was started in Oct. 2009, first RFC (6824) in Jan. 2013

• Real World applications– MPTCP is already implemented in iOS7– Telekom offer “magentaHybrid”

4

Goals of MPTCP• MPTCP as an evolution of TCP has to support all applications

as TCP• Header Information: MPTCP uses the reserved option field

'30' of TCP• TCP: Transport Layer (Layer 4 in OSI Model)• No additional Hardware required• software solution

– Should run everywhere where TCP runs

5

TCP Sequence

6

MPTCP Sequence

7


8


Team Topic

204 DNS-tunneling







203 Multipath TCP



iLab2 – Your own exercise

OpenSSH: More than a remote shell

Stefan Huber and Alexander Kurtz (Team 209)

July 12, 2016

Motivation

1 SSH is already installed. You might as well use it!æ You can replace a lot of potentially insecure software with it!

2 SSH is already installed. You should really know how to use it!

3 SSH is secure per default, all the annoying details have sane default values!æ Use a current version of OpenSSH!æ That’s it, your system is secure™!

Summary / Learning Goals

The following learning goals are covered in the Lecture PreLab Lab

(A-)symmetric cryptography, key exchange, etc. (x)

Basic configuration incl. common misconceptions X X

How to secure an “Internet-facing” SSH server X X

Introduction to the tools used commonly with OpenSSH X X

Relevant threat-models to consider when configuring X X

How (not to) restrict e�ective user capabilities X X

Using some of the more advanced features of OpenSSH X

Introduction

1 The SSH protocol provides Integrity, Authenticity and Confidentiality.æ It’s based on solid Public/Private Key Cryptography. That’s it.

2 OpenSSH provides both a client and server implementing this protocol.æ It provides a remote shell, but also a bunch of other services.

3 The configuration happens in simple text files in /etc/ssh/ and ~/.ssh/.æ No XML. No X.509. Promise.

Basic configuration

ssh_config(5) and sshd_config(5)!

Password vs. key authentication? Key authentication!

root access? Yes!

User- and group matching: Match directive!

Server authenticity: Public key comparison!

Just don’t do the “Top 20 OpenSSH Server Best Security Practices”1

1http://www.cyberciti.biz/tips/linux-unix-bsd-openssh-server-best-practices.html

Features / Preview

Besides getting a shell on a remote machine, you can (and will!) do this:

Forward TCP ports and UNIX sockets

Use the OpenSSH server as a proxy server for (almost) any application

Provide a secure file-server with full user isolation

Build a Layer-2/3 VPN without any additional software

No need for. . .

. . . understanding complex file formats (the SSH keys are just plain text files)

. . . a direct TCP connection between client and server

. . . setting up public keys manually (either use TOFU or SSHFP)

. . . allowing users any shell access

</OpenSSH lecture>

Any questions?

Thanks, we were great!


Team Topic

204 DNS-tunneling







203 Multipath TCP



cre

ate

your

ow

n e

xerc

ise

Firewall Operating Systems:

VyOS and IPFire

Florian Barta, Alexander Mildner

1

Motivation

Why do we need Firewalls ?

=> Protect Networks from unauthorized access

=> Enable access policies for traffic filtering/monitoring

Goals of this Lab:

• Steps to setup your own Open Source based Firewall using a Virtual

machine (virtualbox)

• Configuring policies and Services like apache webserver

• Compare and evaluate the two presented solutions

2

What Will Your Students Learn?

3

The Following Learning Goals are Covered in the Lecture PreLab Lab

Learn the capabilities of VyOS and IPFire X X

Configuring a VM using Virtualbox and the OS images X X

Setting up System/networking configurations X X X

Configuring Firewall rules X

Evaluate the two approaches X

VyOS• Community fork of Vyatta Core (Linux based Network OS)

• Based on Debian Linux

• Software based Routing, Firewalling (netfilter), VPN

• Includes Routing Protocols: BGP, OSPF, RIP

• Supports IPv6 Tunneling, NAT, QoS, monitoring, VLANs

• Cisco IOS/JUNOS like management console

• Runs on x86 Hardware and several virtual platforms

4

IPFire

5

• Open Source Firewall

• Firewall (Zones)

• Webinterface (Easy Configuration)

• VPN

• Many other functions

Lab

6

• Setting up both firewalls

• Testing the setup (Ping, Webserver, DNS)

• Comparing both firewall OSes

Lab Setup

7

VyOs IPFire

Client 1Client 2

External Test client

Test Accesses to different services from the external

Client to the firewalled Clients

Switch

Company NW 1 Company NW 2

Lab - Steps• Setup the VMs on PC1 and PC4 using virtualbox

• Installing the Firewall OSes and Configuring Traffic routing through the

VM

• Configuring the Company networks (IPv6 and IPv4)

• Setup web servers

• Setup the Firewall Policies

• Access and test configurations (ICMP, HTTP)

• Compare and evaluate the Firewall systems

8

cre

ate

your

ow

n e

xerc

ise

Thank You !

And have fun with the lab :)

9

Well done :)

Flickr:nist6dh

you

set t

he fo

cus


Wrap-Up

1 2 3 4 5 6 7 8 9 10 11 12 13


SECAdvanced WL

14

Your ExerciseS2O 1 S2O 2

Your Mini Lab Selection…

1 2 3 4 5 6 7 8 9 10 11 12 13


SECAdvanced WL

14


The topic descriptions are online.

The most selected 2-3 will be done as mini labs this year.

You will get a mail on how to choose.

Deadline is Friday night.

1 2 3 4 5 6 7 8 9 10 11 12 13


SECAdvanced WL

14


1 2 3 4 5 6 7 8 9 10 11 12 13


SECAdvanced WL

14


Black Box

1 2 3 4 5 6 7 8 9 10 11 12 13


SECAdvanced WL

14


Discover the diverse expertise in your class ;)

Your exercise madness

1 2 3 4 5 6 7 8 9 10 11 12 13


SECAdvanced WL

14


around 2016-05-18 16h00 Security Talk

1 2 3 4 5 6 7 8 9 10 11 12 13


SECAdvanced WL

14


Discover the diverse expertise in your class ;)

Your exercise topic voting

1 2 3 4 5 6 7 8 9 10 11 12 13


SECAdvanced WL

14


1 2 3 4 5 6 7 8 9 10 11 12 13


SECAdvanced WL

14


P2P Measurements

1 2 3 4 5 6 7 8 9 10 11 12 13


SECAdvanced WL

14


your exercise

1 2 3 4 5 6 7 8 9 10 11 12 13


SECAdvanced WL

14


Statistics

BGPIPv6-1IPv6-2

adv WLAN(2w)

DIY1DIY2

2016ss

wwwSEC

poisoning networks

WPS

10h

8h

16h

765747 63,5 60 78,5 97

28,5 27

Reported Difficulty/ Interest/ Length

Time Reported PreLab/ Lab

Feedback Fachschaft

5 Minutes

Free Isle Status

• Is it worth going to the lab room?

• BUT:

• Privacy implications…

• How critical is it for you to know that others can see if your isle is occupied or not?

What will you learn?• The content:

• Become a network master

• Become a debug pro

• Work in a team

• Act in a multicultural environment

• Read, write, and speak English

• Focus on a specific topic and master it

• Build hardware

• Create your own course. Learn how to:

• Communicate (written and orally) and teach technical content

• Collect and give constructive feedback

• …

interactivity

Multiple-Choice Results

Ranking in the Group

Discussion with OthersCredits

Correction Comments

Discussion at the Lecture

Exam Feedback

Exam Mark

Multiple-Choice Results

Feedback

Interaction Lab Credits

Discussion at the Lecture

Oral Exam Impression

S e l f - L e a r n i n g S u p p o r t

F e e d b a c k t o t h e T e a c h e r s

Feedback is important to

encourage the learners to

continue learning. It is a main mean for

motivation. Feedback is

important for the teachers as well as it helps them to adapt to the

needs of the current student

group. The student feedback

is continuously used to improve

the exercises.

great fun with you!

16

Bachelorthesis

MasterthesisIDP

Seminar

Lectures

Student Assistant

iLab2 Jobs

•iLab2 Tutor

•WWW Security improvements

Offers mop• Virtual iLab Isle (-> Moritz).

• MOOC 4 Masters about Networking (GRNVS).

• A massive open online course you could help creating.

• Labsystem Central GIT Repo.

• Better managing labs.

• Improving DS2OS

• Security, Caching, Use Cases, Demos, iLab2

s2o.net.in.tum.de

http://s2o.net.in.tum.de































































Flickr:nist6dh

all the best for you!

16

you set the focus

you set the focus

Documents

Transcript of you set the focus