Technical Generalism

Work-in-progress projects, ideas, how-tos, and rants from a guy in the InfoSec industry

Nova Labs MAL100 Classes: Status

| Comments

The Nova Labs MAL100 class in April was a hit, and there’s one upcoming in May on the 15th that has already filled up all available slots. That’s fantastic, but it’s going to take forever for me to train everybody if I’m doing it at 15 students at a time. I’ve got some work to do for making things available to students whom are remote.

The issues at hand:

  • All the student VMs are on the same virtual network.

    This allows network cross-contamination (one student can generate traffic another student will see), which will lead to confusion. The VMs per student need to be segregated to their own virtual network.

    How to fix: Script up automation of creating new virtual bridges in libvirt.

  • There isn’t really any “network” access to the Windows VM.

    The MITM system is connected to the Nova Labs network, and the Windows VMs are connected to a “malware” virtual network that is also connected to the MITM system. I think I’ll need more advanced connectivity for more complex lab exercises later.

    How to fix: Make dedicated MITM VMs & dedicated “malware” virtual networks per student.

  • I need a way to temporarially grant secure access to people remotely.

    I’m thinking OpenVPN. It’s cross-platform, and I can use x509 certificates that I generate using TinyCA2. I’ll do certificate revocation status checking as described by this guy here.

    How to fix: Set up a Certificate Authority for the lab, and get OpenVPN running.

  • Segregate remote students from each other so they can’t attack each other. I think I can handle this with scripts in OpenVPN, and some network filters in libvirt. I need to “link” an OpenVPN connection to a libvirt virtual network so that one student can’t touch another student’s network.

    How to fix: Research OpenVPN scripting and libvirt network filters.

  • I’m concerned about our internet connection bandwidth at the space.

    I’m sharing out two VNC screens per analyst. The Instructor VM 15 times over, and one dedicated screen per student. That’s a total of 30 concurrent VNC sessions. That’s a lot of bandwidth if all 15 students are remote. I’m considering buying a Linode for just the bandwidth so I can send one VNC stream of the Instructor VM from the space to the Linode, and then have the Linode “broadcast” that to the remote students. The dedicated student VM VNC sessions would still be sent directly from the space to the remote students.

    How to fix: Buy a linode and limit the number of remote students.

  • Work out the kinks in streaming.

    I heard someone say that the best setup for streaming is just the instructor audio, and then a stream of the slide deck. E.g., don’t bother with putting a talking head on screen. I think I like that idea, and I think that makes things easier for UStream.

    The audio in the first class wasn’t that great because I wasn’t mic’d directly. There was a lot of ambient audio in the background. I think I need to bring either a bluetooth hands-free headset, or bring my Playstation USB headset.

    The video cut out on the stream a couple of times - I’m not sure what caused that :(