LAW 20310, Fall 2018
These are design plans for a Cybersecurity classroom at Yale Law School in 40 Ashmun (Baker Hall). Scott J. Shapiro and Sean O'Brien are developing the curriculum for Cybersecurity (LAW 20310) in Fall 2018 and will be assisted by Cyber Fellow Laurin Weissinger.
This class is an introduction to cybersecurity, privacy, anonymity, and cryptography via hands-on activities. Students will learn cybersecurity and networking concepts so that they may better engage issues at the policy and regulatory level.
Our design allows for the exploration of cybersecurity, pentesting, and cryptographic concepts within a safe learning environment. It is a scaled-down version of a penetration testing lab, introducing students to simple exercises through a command line interface (CLI). We use interchangeable parts, Open Hardware, Free and Open-Source Software (FOSS), and industry-standard configurations and protocols.
The diagram above and description below refer to the design of one airgapped Local Area Network (LAN). This design can be duplicated as necessary to accommodate more students. Cybersecurity 20310 requires that this design be repeated for four identical LANs, to accomodate 18-20 student devices (and a maximum of 32 devices for potential guests or work outside of the scope of the class).
These are Raspberry Pi mini-computers running the homegrown Quillux GNU/Linux operating system provided by Yale Privacy Lab. Quillux is built from Kali GNU/Linux, an industry-standard security and forensics operating system based upon Debian GNU/Linux.
These devices are connected to the network via Ethernet cable and feature a small OLED screen that displays network (IP) address, physical (MAC) address, and bandwidth information. Students will connect to these devices from a terminal emulator/CLI on their laptop and control them via the Secure Shell (SSH) protocol.
- Raspberry Pi 3 Model B v1.2
- 32 GB SD card
- 0.96" I2C IIC serial 128x64 OLED display
Network traffic will be controlled by a DD-WRT WiFi Router, which will be airgapped (not connected to the Internet or Yale campus network). Student laptops will connect to the WiFi connection provided by the router (SSID "ylscyber") using WPA2 passphrase security.
An 8-port unmanaged ("dumb") switch will be connected to the router and share the network connection to student Raspberry Pi devices via Ethernet cables.
- TP-Link Archer C7 AC1750 router
- TRENDnet TEG-S80G 8-port unmanaged switch
One Raspberry Pi will be connected to the network as a PiRogue, a device configured to intercept and analyze network traffic. This is useful for demonstrations of Man-in-the-Middle (MITM) attacks as well as general analysis of network traffic and auditing of the privacy and security of applications (i.e. detecting "leaky" privacy settings in an app). PiRogue is developed by PiRanhaLysis and connects to PiPrecious for an experimental environment.
When students are first introduced to Tor, we will utilize Tor Browser in library kiosks at the Lillian Goldman Law Library.
For demonstrations of Tor hidden services (.onion), we will utilize FreedomBox servers provided by Yale Privacy Lab. FreedomBox runs on Raspberry Pi and other mini-computers, also using Debian GNU/Linux.
- Raspberry Pi 3 Model B v1.2
- 32 GB SD card
- 0.96" I2C IIC serial 128x64 OLED display
- TP-Link TL-WN722N N150 150Mbps USB WiFi
Students will bring their own laptops to class and will connect to the network via WiFi (SSID "ylscyber") with WPA2 passphrase security.
We will be utilizing a Command Line Interface (CLI) on each laptop. Students will communicate and control Raspberry Pi mini-computers via the Secure Shell (SSH) protocol. The software below was chosen for compatibility and consistency across common desktop operating systems,
- Hyper - Command Line Interface / Terminal Emulator
- Filezilla Client - SSH / SFTP Client
- Atom - Text Editor
- Git for Windows - Includes files that may be required for SSH on Windows
- Our Approach
- Digital Self-Defense
- Classroom Network Diagram
- Command Line Interface (CLI)
- Raspberry Pi Assembly
- Command Line Basics
- Controlling Your Raspberry Pi via SSH
- Client/Server Model
- The Filesystem Tree
- Edit a File
- Admin / Root Access
- The Kernel
- Userspace
- Processes
- Rootkits
- Permissions as a Structural Design for Security
- Creating Users and Groups
- Principle of Least Privilege
- Sandboxing & Isolation
- Privilege Escalation Attacks
- IP Address, Physical Address
- Networking Models & Protocols (OSI Model)
- Internet Infrastructure
- Request/Response via the Web
- Distributed Denial-of-Service (DDoS)
- Domain Names
- DNS Poisoning
- Changing Your Pi's Network Identification
- Ports & Firewalls
- Man-in-the-Middle Attacks (MITM)
- Obfuscation & Hashes
- Public/Private Keys
- HTTP Encryption (SSL/TLS)
- E-mail Encryption (PGP/GPG)
- Weaknesses
- Data as a Toxic Asset
- What is InfoSec?
- Confidentiality
- Integrity
- Availability
- Onion Routing (Tor)
- Censorship Circumvention
- Tor Config on FreedomBox
- Sharing Files Anonymously
- Cryptomarkets
- Cryptocurrency & Transactions
- Ransomware
- Fraud & Phishing
- Data Breaches
- Challenges for Attack Attribution
- Trusted Software Distribution
- Software Verification
- Hardware Assurance
- Free & Open-Source Software
- Static Analysis
- Cross-Site Scripting (XSS)
- SQL Injection Attacks
- Delivering Payloads
- Metasploit Framework
- Using Metasploit
- Risks and Vulnerabilities
- Zero Day Attacks
- Attack Scenarios
- Mitigation
- Operational Security (OPSEC)