Volume 5
Volume 5, Number 5 |
May 3, 2007 |
Abstract: This paper describes how to design and implement an intrusion detection module that may be implemented in various courses taught in an information system curriculum and covers the industry-standard Snort Open Source intrusion detection system (IDS). This paper proposes that virtualization offers three significant instructional advantages in delivering a rich IDS experience: (1) server independence giving each student control of an IDS configuration, (2) a unique IP address on the “virtual” network for each server so that students are able to work in teams, including in distance learning situations, and (3) demonstration of centralized logging as typically deployed in production networks by configuring each virtual machine to send log messages to the instructor’s virtual machine. Students then can generate, observe, log, and analyze various types of network traffic between their virtual servers in a safe, ethical manner. Documentation of commands and results is included.
Keywords: intrusion detection, virtualization, information security
Download this issue: ISEDJ.5(5).Harvey.pdf (Adobe PDF, 14 pages, 1926 K bytes)
Preview the contents: Harvey.txt (ASCII txt, 32 K bytes)
Recommended Citation: Harvey, Johnson, and Turchek (2007). Virtual Laboratory Intrusion Detection Experience for Information Systems Professionals. Information Systems Education Journal, 5 (5). http://isedj.org/5/5/. ISSN: 1545-679X. (A preliminary version appears in The Proceedings of ISECON 2006: §3722. ISSN: 1542-7382.)