Security in Tele-Lab — Protecting an online virtual lab for security training

Abstract

The rapid burst of Internet usage and the corresponding growth of security risks and online attacks for the everyday user or the enterprise employee have emerged the terms Awareness Creation and Information Security Culture. Nevertheless, security education widely has remained an academic issue. Teaching system or network security on the basis of practical experience inherits a great challenge for the teaching environment, which is traditionally solved using a computer laboratory at a university campus. The Tele-Lab project offers a system for hands-on IT security training within a remote virtual lab environment — over the web, accessible by everyone. Such a system is inherently exposed to various security threats, since it has to provide full access to virtual machines running attack tools for potentially malicious users. The paper at hand introduces usage, management and operation of Tele-Lab as well as its architecture. Furthermore, this work focuses on possible attacks, the challenges when securing such a system, and shows how to set up an infrastructure that ensures the main security objectives identified as authentication, authorisation and availability.