Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
A Virtual Computer Lab As Learning Environment For Networking and Security Courses Jens Haag*, Stefan Karsch Cologne University of Applied Sciences, Germany *Work has been done as a PhD student of the Open Universiteit, The Netherlands Harald Vranken, Marko van Eekelen** Open Universiteit, Netherlands **Marko van Eekelen is also affiliated with Radboud University Nijmegen, The Netherlands Agenda Introduction Previous research subjects Virtualization Collaboration Current research subject: Course Advisory Human Course Advisor Electronic Course Advisor Conclusion and Outlook 02.10.2012 A Virtual Computer Lab As Learning Environment 2 Learning Scenario Teaching networking and security of computer systems and networks (IT Security) Basics (e.g. network configuration, routing) Advanced content (e.g. security management and measurements, firewalls) Students learn the theoretical background in lessons from textbooks Knowledge is illustrated, deepened and anchored by carrying out practical exercises (hands-on) 02.10.2012 Teaching e.g. IT Security Theoretical Background A Virtual Computer Lab As Learning Environment Practical Exercises 3 Example Exercise I Example exercise: Setup, configure and secure a network Server, which provides services Router with firewall Client Students can gather several practical experiences Configuring the network interfaces and the routing/NAT Providing and using internet services, e.g. HTTP, SSH, FTP Adding security measures, e.g. configuring the firewall Attacks („Hacking“), e.g. Buffer Overflows Requires a “safe playground” 02.10.2012 A Virtual Computer Lab As Learning Environment 4 Computer Lab At the university: Room containing computer systems Network isolated from the outside world (Internet) Group work is possible Supported by at least one (human) course advisor Students work with super-user rights After a session, reinstalling the operating system may be necessary Not suited for distance learning Significant administration effort necessary Usually closed in the evening hours and on weekends 02.10.2012 A Virtual Computer Lab As Learning Environment 5 Virtual Computer Lab General idea: Move the lab to the students Computer Lab nested in a virtual environment Stand-alone environment, composed of two virtualization layers Layer : Between Host machine and Virtual host machine Based on free virtualization software (e.g. VMware player, Oracle VirtualBox) Typically runs on almost all student computers Layer : Between Virtual host machine and highly resource efficient scalable UML virtual machine Based on Netkit, applies User Mode Linux (UML) Multiple virtual hosts and isolated, virtual network(s) 02.10.2012 A Virtual Computer Lab As Learning Environment UML virtual machines in virtual network Virtual host machine Host machine 6 Using the Virtual Computer Lab Isolated, secured software environment Provided to the students on a DVD Can easily install and run on students own computer (Virtual) Hardware setup for the example exercise I Start the environment Issue 3 commands Three virtual hosts Network interfaces in separated broadcast domains 02.10.2012 vstart server --eth0=netA vstart router --eth0=netA --eth1=netB vstart client --eth0=netB A Virtual Computer Lab As Learning Environment 7 Principles When designing a computer lab that fits into the education system, we have to deal with at least three principles Students should have the possibility to work in a computer lab whenever and wherever they want Students should have the possibility to work together even if they are distant from each other Students should be able to get support while working in the computer lab 02.10.2012 A Virtual Computer Lab As Learning Environment 8 Collaboration I Distant students have the impression of being connected within an Ethernet LAN Connected virtual networks behave like a single broadcast domain Transparent connection on OSI-layer 2 (Data Link Layer) Implementation Extracting and injecting network data on virtual network level (Ghost Host) Sending and receiving the extracted network data (Remote Bridge) 02.10.2012 A Virtual Computer Lab As Learning Environment 9 Collaboration II Further improvement: Central Authority Goals Optimized organization and management when students work together Reduced administration effort for students on their PCs Virtual Lab with Central Authority (CA) The CA is typically hosted at the university Each student can connect one or more virtual networks to the CA in one session Additional session can be opened and closed on demand 02.10.2012 A Virtual Computer Lab As Learning Environment 10 Current research subject: Course Advisory Challenges Moving the lab to the students cuts the course advisor(s) from the students Complex scenarios could not be verified in a timely manner Questions How can students get feedback/support while working on exercises? How can course advisor(s) verify/rate student’s work? Approach In advance known exercises should have a predictable network setup An “Electronic Course Advisor” will compare the requirements based on an exercise with student’s progress while working on an exercise Students/Advisor(s) can fetch the progress and a final result 02.10.2012 A Virtual Computer Lab As Learning Environment 11 Example Exercise II Network example exercise: “Setup and configure a scenario with at least three hosts (client, router, server). Client and server should be located within different subnets. The client should be able to intercommunicate with the server by using the intermediate router.” 02.10.2012 A Virtual Computer Lab As Learning Environment 12 Possible Solution for Exercise II Student’s tasks Create the virtual environment Configure the hosts Verify the routing behavior # Create the required hosts and networks vstart client --eth0=subnet1 vstart router --eth0=subnet1 --eth1=subnet2 vstart server --eth0=subnet2 Netkit for the virtual environment # Configure the client ifconfig eth0 192.168.1.2 up route add default gw 192.168.1.1 Standard Linux/Unix commands for the configuration # Configure the router ifconfig eth0 192.168.1.1 up ifconfig eth1 192.168.2.1 up Feedback? Verify? # Configure the server ifconfig eth0 192.168.2.2 up route add default gw 192.168.2.1 02.10.2012 A Virtual Computer Lab As Learning Environment 13 Human Course Advisor Human course advisor can guide students in several ways by asking, checking or discussing questions How should the final setup look like? Do we have appropriate IP addresses? Can the client and the server intercommunicate? Finally, the course advisor will check the setup to verify that the student’s work fulfills the requirements of the exercise Do we have at least three hosts? (Verified by e.g. counting open terminals) Does the routing work? (Verified by e.g. ping, traceroute) Can we use the course advisors expert knowledge in a software program? 02.10.2012 A Virtual Computer Lab As Learning Environment 14 Electronic Course Advisor I Major parts of the course advisors knowledge could be represented as rules. Rule to determine routing behavior within a network: “Routing occurs if an OSI layer 3 IP transmission of a network packet between two hosts is based on more than one OSI layer 2 transmissions”. When working on networking exercises, network packets will occur. They can be constantly accessed, observed and stored into a database by a new computer program called Electronic Course Advisor (ECA). The ECA also continuously applies rules represented by SQL queries and outputs the results 02.10.2012 A Virtual Computer Lab As Learning Environment 15 Electronic Course Advisor II Architecture of the ECA interacting with a student and Netkit 02.10.2012 A Virtual Computer Lab As Learning Environment 16 Modeled Knowledge SQL query to detect routing // Subquery (3) SELECT CASE WHEN COUNT(HOPS) = 0 THEN 'NO' ELSE 'YES' END AS ROUTING_DETECTED FROM ( // Subquery (2) SELECT IPv4_SOURCE, IPv4_DESTINATION, COUNT(SOURCE) as HOPS FROM ( // Subquery (1) SELECT IPv4_SOURCE, SOURCE, IPv4_DESTINATION FROM ETHERNET WHERE IPv4_SOURCE NOTNULL AND IPv4_DESTINATION NOTNULL GROUP BY SOURCE, IPv4_SOURCE, DESTINATION, IPv4_DESTINATION // Closing Subquery (2) ) GROUP BY IPv4_SOURCE, IPv4_DESTINATION // Closing Subquery (3) ) WHERE HOPS > 1; Additional queries can detect hosts, networks… 02.10.2012 A Virtual Computer Lab As Learning Environment 17 Guiding Example ECA output Student’s input vstart client --eth0=subnet1 02.10.2012 A Virtual Computer Lab As Learning Environment 18 Guiding Example ECA output Student’s input vstart router --eth0=subnet1 --eth1=subnet2 vstart server --eth0=subnet1 02.10.2012 A Virtual Computer Lab As Learning Environment 19 Guiding Example ECA output Student’s input client: ifconfig eth0 192.168.1.2 up client: route add default gw 192.168.1.1 02.10.2012 A Virtual Computer Lab As Learning Environment 20 Guiding Example ECA output Student’s input router: router: server: server: 02.10.2012 ifconfig eth0 192.168.1.1 up ifconfig eth1 192.168.2.1 up ifconfig eth0 192.168.2.2 up route add default gw 192.168.2.1 A Virtual Computer Lab As Learning Environment 21 Guiding Example ECA output Student’s input client: ping -c 1 192.168.2.2 02.10.2012 A Virtual Computer Lab As Learning Environment 22 Guiding Example ECA output Student successfully solved the exercise 02.10.2012 A Virtual Computer Lab As Learning Environment 23 Conclusion A real world networking exercise from a physical lab can be transferred to a setting in a virtual lab. Real world course advisor’s expert knowledge can be modeled as (SQL) rules. An Electronic Course Advisor can prove the correctness of a students solution offer guidance and support to the students Future tasks Transform more typical exercises (to find out about limitations) Deal with situations where students make mistakes Find a proper and efficient way to model exercises and knowledge 02.10.2012 A Virtual Computer Lab As Learning Environment 24 Outlook Current ECA prototype was improved by replacing the SQL database part with a logic reasoner prolog. Prolog is well suited to logic and artificial intelligence programming. Creating an exercise for the ECA requires telling the computer less the “how” than the “what”. Knowledge base consists of facts: Characteristics, relations and rules Exercise configuration file includes question(s), prolog will search the knowledge base with the goal of “satisfying” this question(s). Simplifies the process when creating or customizing exercises. WS2012/13: Course advisor @FHK will use the ECA to verify student’s setup 02.10.2012 A Virtual Computer Lab As Learning Environment 25 Thank your for your attention! Please ask your questions… E-Mail: [email protected] 02.10.2012 A Virtual Computer Lab As Learning Environment 26