User Tools

Site Tools


lab

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
Next revisionBoth sides next revision
lab [2019/12/04 11:36] ggankhuyaglab [2020/04/20 15:14] ggankhuyag
Line 1: Line 1:
-The security lab has three subsystems that support research and teaching activities at the TU/e Mathematics and Computer Science department.+The security lab has three subsystems that support research and teaching activities at the TU/e Mathematics and Computer Science department. The integration of the subsystems gives students and researchers an opportunity to investigate all kinds of security aspects.
  
  
Line 6: Line 6:
 SOC is a centralized unit that monitors the security state of a computer network. In the lab, the initial scope of the SOC includes two areas to monitor: the IT network of the department (Office); the cyber-physical sensors network of the university (Building/Security). The following figure shows the schematic architecture of the SOC and an overview of the involved systems. SOC is a centralized unit that monitors the security state of a computer network. In the lab, the initial scope of the SOC includes two areas to monitor: the IT network of the department (Office); the cyber-physical sensors network of the university (Building/Security). The following figure shows the schematic architecture of the SOC and an overview of the involved systems.
  
-{{ :labs:soc-overview.png?nolink&500 |}}+{{ :labs:soc-overview.png?nolink&500 |SOC architecure}}
  
-We allow students to conduct interesting experiments using the SOC. For instance, students, as analysts, are assigned to detect and analyze suspicious events or attacks from the network traffic by reconstructing the evidence. +We allow students to conduct interesting experiment activities using the SOC. The activities include followings: 
 +  * In 2IMS20 (Cyberattacks, Crime and Defences course), students, as analysts, are assigned to detect and analyze suspicious events or attacks from the network traffic by reconstructing the evidence.  The attacks were prepared in advance of the class. During the class, we inject the attacks to the monitored infrastructure of the SOC. This raises alerts along with other normal network traffic events. Students must reconstruct potential attacks by finding attack events from alerts. Furthermore, associated information of the attacks, such as victim and attacker IP addresses, has to be discovered by the students.  
 + 
 +{{:labs:student_doing_experiment_with_soc_-_2.jpg?375 }}  
 +{{ :labs:student_doing_experiment_with_soc_-_1.jpg?375}}  
 + 
 + 
 + 
 +====== IoT Lab ====== 
 + 
 +The lab also has a strong IoT component that allows testing new attacks and malware (e.g. for IoT botnet-based bitcoin mining). A board in the lab will allow adding and physically operating on new components. As an example, you find below the first BACnet components schematics. 
 + 
 +{{ :labs:iotlab.png?nolink&500 |}}
  
  
Line 27: Line 39:
  
 {{ :labs:blabschematics.png?nolink&500 |}} {{ :labs:blabschematics.png?nolink&500 |}}
- 
- 
-====== IoT Lab ====== 
- 
-The lab also has a strong IoT component that allows testing new attacks and malware (e.g. for IoT botnet-based bitcoin mining). A board in the lab will allow adding and physically operating on new components. As an example, you find below the first BACnet components schematics. 
- 
-{{ :labs:iotlab.png?nolink&500 |}} 
  
  
lab.txt · Last modified: 2023/06/01 16:56 by ggankhuyag