Security Lab
Mission
The mission of the IT Security Laboratory is divided into 3 major areas:
-
Test computer hardware and software for security vulnerabilities, and to identify existing vulnerabilities.
-
Provide a testing facility for cooperative multidisciplinary research.
-
Provide active Cyber Intrusion and Incident monitoring handling support to the University.
Testing Computer Hardware and Software
The lab scans the University network daily
IT Security Lab Testing: A crucial task for the IT Security Lab is in testing computer hardware and software for security vulnerabilities. To help with this, the lab is equipped with state of the art freeware software and commercial tools.
The lab also scans the University network daily to determine the types of servers connected to the network.
Providing a Testing Facility
Teaching Hospital for Research Support: Facilities are available in the lab for graduate student research in any aspect of cybersecurity. The lab provides an environment for experiments to be run in live or controlled conditions, with configurations to allow students to observe, “treat,” and immunize systems in a real-world setting.
The virtualization software (VMWARE) allows researchers to create virtual networks permitting students to observe and defend against live attacks without compromising real systems. Students working in the lab created the IT Audit Toolkit, consisting of virtual machines configured with various vulnerabilities and an auditor system running Backtrack. Students in an advanced undergraduate course and a graduate-level course (ECE 4560 and ECE 5984) used the IT Audit Toolkit CD to run the virtual systems on their laptops, gaining experience in network offense and dense.
Students also designed, built, and are maintaining an SQL database of vulnerabilities discovered by the scanners. Currently, there are three graduate research assistants working in the lab. Graduate students have published 5 papers at various international and national academic and research conferences in 2008- 2009.
Any student, regardless of major, interested in doing cybersecurity research is eligible to use the lab facilities.
Cyber Intrusion and Incident Monitoring
Cybersecurity Operations Center: The Lab manages a suite of servers that monitor the University networks in real time for inbound and outbound attacks and probes. It provides detailed, up-to-date information on possible intrusions, and provides a toolset for the user community in doing self-evaluations on machines and traffic at the departmental level. It uses a combination of freeware and commercial vulnerability scanning tools
Forensic Support: The lab has facilities to perform basic forensic analysis of disk drives and other storage media. These tasks are performed at the request of University Legal Counsel and Internal Audit.
Know your System