ASSERT Lab Resources

The ASSERT Lab is a highly configurable collection of workstations and networking equipment, designed to allow simultaneous use of the lab for research projects and class projects. The lab equipment is physically isolated from any external network, but there are several networks available within the lab itself.

The computing platforms available to lab users include approximately 20 user workstations. Four of these machines are designated for computer forensics work, while the remainder are configured primarily for VmWare use.

Forensics Workstations: Four workstations have various types of computer forensics software and hardware installed, including the industry standard Encase software and FastBloc evidence acquisition devices.

General Purpose Workstations: The remaining lab workstations utilize VMware system virtualization software which allows several "virtual" systems to be run concurrently on a single workstation. These virtual machines appear and function just like real systems, and allow students and researchers to have full control over multiple systems simultaneously. The virtual machines created in the lab are stored on a central server which is accessible over a Gigabit ethernet connection, and can be operated from any of the lab workstations. These workstations have several network cards, one of which is connected to the Gigabit network for authentication and virtual machine retrieval, while the others are utilized for virtual machine traffic only.

Networking: The ASSERT Lab features several networks which are completely isolated from any external network. One of these networks provides access to the administrative services offered in the lab, while the others can be easily configured to meet the needs of the current lab users. The lab uses approximately 20 Cisco hardware components, including enterprise level switches and routers which can be configured and controlled by lab users if necessary.

Administrative Services: There are two lab servers which provide various services to lab users, such as authentication, file storage, and virtual machine storage and distribution. These servers allow lab users to logon to the workstations, retrieve their home directories, and access their virtual machine images. Access to these servers is provided via a Gigabit ethernet connection on which general lab traffic is prohibited (e.g. virtual machines may not send or receive traffic on that network) by both policy and technical constraints.

Network Services: Network services, such as DNS, DHCP, mail, web, and time, and the installation and update resources for various programs and operating systems in the lab are provided by a third administrative server which is available on a network which may be accessed by any of the real or virtual systems in the lab. This server is located in a separate subnet, and attacks against that machine or the services it runs are prohibited by both policy and technical constraints.

Printing: Printing from any of the lab machines, real or virtual, is available on the printer located at the front of the lab. Attacks against the printer are prohibited by both policy and technical constraints.

Virtual Machines: The virtual machine server has several pre-built virtual machines, which can be cloned to a user's virtual machine directory. In addition, a user can install and configure any number of custom virtual machines which more effectively meet their needs. Operating systems currently available for installation include versions of windows, linux, BSD, and Solaris. Provided that any relevant licensing conditions are satisfied, additional operating system resources can be added to meet the needs of lab users by making a request to the lab manager.

Software:Many software packages are available for installation in the lab. The general purpose workstations are typically configured with very little software. The primary method for software installation in the lab is to utilize a virtual machine, over which the user has complete control. The complete list of software available in the lab is available on the internal lab web server, but software in the following categories is generally available: Office software, Development software, Database software, Networking software, Honeypot software, IDS software, and Forensics software. Provided that the any relevant licensing conditions are satisfied, additional software packages can be added to to meet the needs of lab users by making a request to the lab manager.