Note: The CoPS Lab does not exist any more - this is an archive of the old web site, hosted by the UNCG SPAN Lab.
CoPS Lab UNT
 
 
Basic Info
    » Home
    » About
    » People
    » News

Technical Info
    » Facilities
    » Projects
    » Publications
    » Classes

Facilities

The CoPS Lab provides a safe environment for experimenting with potentially dangerous software, allowing lab users to experiment with worms, viruses, and other malware. The computers in the lab are divided into two sets: the "external machines" (all on the left side of the room as you enter the lab) and the "wild side" (all on the right side of the room). There are also some remote machines (in a machine room upstairs) that are wired into the "wild side" of the lab, and can be accessed via ssh or other remote access procedures. The following diagram illustrates the 14 systems that are regularly up and available for use, and the logical connections within the CoPS lab:

All lab machines share a common file server which hosts home directories for all CoPS lab users. Therefore, your own files can be accessed from any of the CoPS lab machines.

External Machines

Each external machine is a 2 GHz Pentium IV's with plenty of memory and disk space and a connection out to the Internet, so can be used for downloading files (software, documentation, etc.) into your CoPS account. You can also log in to the external machines from anywhere on the Internet, giving you access to the CoPS lab and your files from remote locations. If you have a system with an X-Windows server (or are accessing the systems from one of the UNT general access labs that supports this) you can run graphical/GUI programs remotely as well.

The external machines are not for experimentation. The OS is a stable Linux installation, which should not be modified with in any way except by the lab administrators (the root password is not publicly known, so you'd have to break into the machines to do that; needless to say, this is against lab rules). Many tools exist on the lab server for security experimentation, such as port scanners and vulnerability scanners. Use of these tools from an external machine to scan hosts on the Internet that you do not have permission to scan will result in immediate and permanent revocation of your CoPS account.

"Wild Side" Machines

The internal, or "wild side" machines are connected together and to the lab server in a local area network, but are separated from the outside world with a draconian firewall. With one exception (see below) no network traffic can go between the internal wild side network and the outside world. And in particular, no traffic initiated from the wild side will leave this side of the network, so there is no way for active network traffic to get out of the wild side. It is possible to move files into and out of the wild side machines by going through your home directory (for example, to bring a file in, first download it to your account using an external machine, and then it will be accessible from the wild side machines). Be careful that dangerous software (such as virus-infected executables) are not carelessly brought out of the lab this way!

The one exception to the rule of no traffic out of the wild side has to do with remote ssh logins: If you first log in to one of the external machines, you can then use ssh to log in to any of the wild side machines. Thus, the only traffic that is allowed into or out of the wild side is traffic that's part of an established ssh session, initiated from one of the CoPS lab external machines. This one loophole is for convenience, so that people can use the private network remotely. If you're clever, it's not too hard to figure out ways to subvert the basic security goal of "no traffic out of the wild side," but this would have to be an intentional act --- if you do this, you can expect to have your CoPS Lab account revoked, and this "convenience" may have to disappear for all lab users.

The machines in the lab are all 2 GHz Pentium IV's, just like the external machines, and the remote machines are a mix of 600 MHz Pentium III's and 500 MHz Celeron's, but are more than sufficient for most tasks you'd like to do remotely --- including setting up "virtual machines" and running user-mode Linux!

All users have access to superuser/administrator privileges on the wild side machines (the password is posted in the lab) except the remote wild1 machine (which serves a special purpose and I don't want to run the risk of it being accidentally misconfigured), and the machines are completely open to experimentation. The Linux install on the first partition of these machines is stable, so if at all possible do major experiments that change system setting on other partitions. At some point we will have a procedure for reserving partitions on these machines for individual projects so that long-term experiments can be performed.

While available for whatever sort of dastardly experiments you want to run, please clean up after your own work! In other words, make sure that the machines are returned to a usable and somewhat stable state before leaving the lab. If a machine is trashed beyond incremental repair, there are "kickstart" floppies in the lab that will put a fresh and stable installation on the machines -- just put in the floppy, reboot, and everything will install automatically from the network. If you mess up a remote machine, it may not be possible for you to fix it, so you'll need to email the lab director immediately so that the machine can be repaired.

Miscellaneous machines

There are various other machines available for use that are not kept up in the typical lab setup. There are two loose Pentium-based machines that two networks card each, so that you can experiment with setting them up as firewalls, network sniffers, or whatever else you would like to do. There are also two Sun workstations if you want to try a different platform. Finally, there's a rack-mountable set of 5 Pentium-based systems that we use for various projects.

Accounts, Storage Space, Privacy

Each machine has three areas in which they can store files:
  • Your home directory is the main place for storing files that are important for you to keep. There is a quota on your home directory (the default seeing is a 300MB quota for each user), so you can't store huge amounts of data, but it is backed up every night to give some protection against machine failures.

  • The scratch area is a publicly-writable directory located at /scratch and available from all machines. There are no quotas on this filesystem, but it is shared by all users so please be considerate of others. If /scratch starts filling up, and it contains mostly files from one particular user, you might be asked to clear out some space.

  • The local scratch area is publicly-writable, but local to each machine and not shared. It is structured similarly to the shared scratch area, but is located at /lscratch. If you have large temporary files you need to store, and want a more efficient place than going across the network to access /scratch on the server, then this is the place to use. Also note that since the networked file system doesn't recognize the root user as root (on purpose), if you need any temporary storage for large files as the root user, then /lscratch is the place to use.

Privacy Warning: The files are shared from the file server using standard NFS, which does not do any user-level authentication. NFS trusts all remote machines to do user-level authentication, and since all users on the "Wild Side" know the root password they can masquerade as anyone they like. This means that there is no privacy for your files and you should consider them readable by anyone with access to the lab. However, I will also stress that while it is possible for anyone to read anyone else's files, it is not acceptable to do so. Former U.S. Secretary of State Stimson once said "Gentlemen to not read each others' mail"; for the CoPS lab we update this to be gender-neutral and applicable here: Gentlepeople(?) to not browse each others' home directories.

Software

There's a wide variety of free and proprietary software available in the lab. The file server also contains mirrors of many major software distributions, some of which are more up to date than others. Currently loaded are two Linux distributions (RedHat and Debian), FreeBSD, OpenBSD, NetBSD, GNU Hurd, EROS, as well as many supplements (such as SELinux) and individual software packages of a security-related nature (such as dsniff, nessus, etc.). The software can be accessed from anywhere on the UNT campus, but is restricted to UNT to save off-campus bandwidth. Some software (such as the RedHat distributions) are set up to allow network-based OS installs from anywhere on campus.

All Microsoft OSes and development tools are also available due to our MSDN subscription, but in a much more restricted form since they are not freely-distributable. If you want to use Microsoft software, please use the CDs in the lab (or request a CD from the lab director if you can't find what you need) -- it is against lab rules to take these CDs out of the lab or to electronically transmit the software out of the lab.

CD Burners

All machines in the lab have CD burners, and you can use them for whatever responsible and legal reasons you would like. You must supply your own CDs; however, if it is for general lab use, and the CD will remain in the lab, you can ask for blank media from the lab director.

Getting an account and using the facilities

To get an account in the CoPS Lab, you must talk to the director and explain what projects you would like to work on that would use the security lab, and you must fill out an account request form and agree to all the rules listed on that form.