Skip to content

Introduction

Jump to bottom
Gaetano Perrone edited this page Dec 14, 2019 · 1 revision

DSP and Network Security

Network Security is everywhere: financial services, policy, social networks. The importance of Network Security is linked with the large diffusion of Internet. Today also small devices are remotely connected! And IoT is a current problem about Network Security. What is Network Security? A common definition of security in general is given by the ACI “triad” of security:

  • Availability: The property of a system or a system resource being accessible and usable upon demand by an authorized system entity, according to performance specifications for the system; i.e., a system is available if it provides services according to the system design whenever users request them.

  • Confidentiality: The property that information is not made available or disclosed to unauthorized individuals, entities, or processes [i.e., to any unauthorized system entity].

  • Integrity: The quality that a system has when it can perform its intended function in a unimpaired manner, free from deliberate or inadvertent unauthorized manipulation.

In Network security context ACI triad is applied to network environments: confidentiality can be obtained by using advanced protocols that cypher data to avoid eavesdropping. Integrity of data can be preserved by forcing input sanitification in critical services as SQL server. Availability can be obtained by design, through component replication, by avoiding programming errors such buffer overflows, off-by-one errors and by using advanced compiler options such as ASLR, stack not executable. Network security involves complex network infrastructures, so a precise methodology is needed to locate all possible vulnerabilities. A common vulnerability assessment approach follows all typical hacker steps:

  • Footprinting: the art of gathering informations;

  • Network scanning and enumeration: to search vulnerable services on target network;

  • Exploit: to have internal network access by exploiting found vulnerabilities in a target-network host;

  • Post-exploit: to attack other target-network hosts, to do privilege escalation, to install RAT and backdoors, to fully compromise the network.

To support these operations many tools have been developed. Docker offers a flexible way to have all these services installed in own PC through lightweight containers. This is a great innovation that is linked with modern microservices architectures and with modern agile development processes that use CI approaches: a Docker image that exposes a network security service can be pushed in a public registry and can be updated on local PCs by simply pulling it. Docker Security Playground takes advantages of this and provides network security tools that can be used in its virtual labs.

Virtualization is an amazing way to optimize resources and to have different environments on a single machine. Its main goals are:

  • resource optimization;

  • load balancing;

  • high availability;

  • isolation of different environments.

A classification of virtualization technologies will be discussed later.

Where is the correlation between Network Security and Virtualization? For network security researchers, the virtualization is an essential way to generate network infrastructures.

It’s essential to have a platform:

  • to learn network security basics;

  • to simulate different network security scenarios by avoiding legal issus;

  • to test new vulnerabilities without breaking real network infrastructures

  • to study viruses, worms, and all threats that could potentially destroy a real environment.

  • to limit training and experiment costs.

A real infrastructure would be very expensive and without virtualization to reproduce multiple different scenarios would be impossible.

Many of showed operations (scanning, exploit) are illegals, so the main difficulty that arises when you’d like to learn about network security is to learn without falling in trouble with law. To solve this problem, many virtual network security labs have been developed by security teams; these environment offers a remote infrastructure that uses classical virtualization approaches to simulate vulnerable networks. Anyway, these solutions doesn’t take advantage of Docker flexibility. Docker Security Playground offers a way to do this. The smallness of Docker images allows to run all labs on user PC without any remote infrastructure to use: the user only needs Docker and git to synchronize with DockerLabs and he’ll have a full managment labs platform to experiment with network security.

A full support lab security platform is not only useful to penetration testers, but also to many professional figures, such as testers, developers, administrators. Docker Security Playground offers a platform to every professional figure that want to learn about network security problems, vulnerabilities, tools.

Docker technology allows to create a microservices-based platform composed of labs that are developed by using an IaC approach.

IaC is a modern approach that allows you to configure and manage infrastructures through code, without the need to manage complex physical hardware configurations or to use interactive tools. This approach make it easily to manage servers’ replication and configuration changes, by reducing the risk of configuration errors. In our context IaC is a flexible way to configure advanced network vulnerable infrastructures.

Docker Security Playground use docker-compose, a technology that allows to define complex network infrastructures by simply writing a file. Docker Security Playground also uses an image standard called Docker Image Wrapper that simplifies the automation of some operations.

Microservices are an architectural pattern that allows to build modular and scalable applications by decoupling all the functionalities in a set of loosely coupled, collaborating services. This approach enhance modularity, scalability and makes it easier to manage complex applications.

Through Docker technology it’s possible to have lightweight services on own PC without the cost of a full virtualization, so Docker Security Playground takes advantages of this feature to provide users a full microservices-based framework for the implementation of attack scenarios in virtualized network infrastructures: labs designers can create their advanced network labs by using image created by other users (image designers). Students can use these labs to learn each phase of a vulnerability assessment.

In summary, Docker Security Playground is a platform that provides:

  • A Docker-Compose managment platform to start and stop labs;

  • A GUI to create new labs by an drag-and-dropping interface that generates docker-compose files;

  • Docker Image Wrapper, a standard for docker images, that helps the DSP application to understand docker-images functionalities and other aspects such as exposed ports, description, etc. ;

  • A set of Docker Vulnerable Images and Docker Tools Images that can be used to create new labs;

  • A repository of labs, that will be daily updated by labs designer.

What now?

Go to Network Security Overview

Do you know what is Virtualization ?

Clone this wiki locally