Executive Summary: The [in]secure laboratory aims to serve as a platform in which students, professors and researchers have access to a network with vulnerable equipment (PCs, servers, network equipment or others) in order to develop skills related to information security from both an offensive and defensive standpoint, allowing them to fully characterize a variety of common cyberattacks and ultimately learn how to better defend against them. The laboratory will allow continuous access to students at any time and from anywhere.
The proposed design raises the possibility of providing access to said laboratory to all CEDIA members, but it also allows each member to integrate new vulnerable equipment into the network from their premises, so that all become collaborators in the continuous improvement of the same. In its initial stage, a network will be implemented that includes at least 30 vulnerable computers that allow the analysis of different common attack methods, each of which will have a respective associated work manual, and several alternatives that can make this project self-sustaining will be proposed. through the dissemination of results to the industry or other academies interested in providing highly practical courses on information security. Additionally, possibilities of expanding the project in various directions that allow the development of future research work will be indicated.
General Objective: Implement a laboratory that has sufficient infrastructure to carry out practices using real cases of information security, which allows promoting development and research in this area of knowledge in the country.
Specific objectives:
- Design a flexible network scheme for the implementation of the laboratory in a distributed and scalable manner in the facilities of the universities involved in the project.
- Implement the necessary infrastructure to create a pilot that incorporates one of the universities involved in the project using virtualization platforms.
- Implement vulnerable virtual servers that will be distributed between the CEDIA network and 1 of the pilot institutions, and serve as a basis for security practices.
- Develop a web interface that allows platform users to restore a virtual machine to its initial vulnerable state, in case of being modified.
- Generate instructions for each vulnerable server implemented, to be used by the instructors of each university.
Participating Institutions:
ESPOL, UTPL, EPN.
Participants:
Project manager Georges Benjamin Flament Jordan
- Georges Benjamin Flament Jordan
- Adriana Elisa Collaguazo Jaramillo
- Danilo Ruben Jaramillo Hurtado
- Daniel Alejandro Guaman Colonel
- Julia Alexandra Pineda
- Karla Alexandra Romero González
- Jhonattan Barriga Andrade
- Roberto Andrade Paredes
Awarded budget: $40720
Project status: Closed early.
