Developing a Secure Virtual IT Lab Environment for Student Use at Dayton College: Sample Master Thesis

Published: January 19, 2012

Revised: January 23, 2012


Abstract

This paper details the project to design and implement a virtual IT lab environment at Dayton College, a fictitious organization. The need for the project was observed by the author as a consequence of a number of policies and incidents, including Trojan infections of computers in computer labs shared by students involved in different disciplines of study. The benefits to the college of the successful completion of the project will be reduced risk to the systems in the shared labs and the production network. A reduction in operating costs will be an added benefit. The author made the assumption that the college will follow through in certain commitments for cost and resources and that the project will remain a priority.

Contents

Executive Summary

CHAPTER 1: PROJECT DESCRIPTION

.....Project Scope

.....Strategic Information Technology Planning Goals

.....Project Assumptions


CHAPTER 2: INFORMATION SECURITY GOVERNANCE AND PRACTICES

.....Governance

..........Formal Project Proposals

..........Recycle Material

..........Short Iterations and Quick Delivery

..........Avoid Extreme Measures

.....Existing Information Security Practices and Purpose

..........Technical Controls

..........Physical Controls

..........Administrative Controls

.....Emerging Threats

..........Proxy Sites

..........Malware

..........Cyber Crime

.....Countermeasures


CHAPTER 3: Implementation Strategy

.....Project Plan

.....Tasks and Schedule

.....Risk Management

..........Qualitative Analysis

..........Quantitative Analysis

..........Incident Response

..........Incident Reporting

..........Risk Review Process


CHAPTER 4: Project Completion and Recommendations

.....Functional Requirements

.....Lab Design

..........Firewall and Router

..........Internal Network

..........DMZ

..........Internet

.....Organizational Impact

..........Goals Met

.....Recommendations

..........Unique User Accounts and Strong Passwords

..........Monitoring Facilities

..........Incident Reporting

..........User Awareness Training

..........Membership in Security Organizations

Conclusion

Research Topics

References

Appendix A: Dayton College Incident Response Procedure

Appendix B: Acceptable Use Policy

Executive Summary

The purpose of this project; which entails the design and implementation of a Virtual IT Lab Environment for the IT students of Dayton College, is to reduce the risk that the college faces resulting from downloading inappropriate material to the college’ PCs. These downloads combined with an environment of unrestricted web surfing have resulted in frequent Trojan infections and open up the possibility of litigation against the college. Secondary benefits to the college include a reduction in operating costs and providing a safe student lab environment to be used to complete lab assignments and perform experimentation.

This paper presents the planning and implementation in four chapters, beginning with a detailed project description; which includes the project scope, goals, and assumptions. A second chapter focuses on information security governance and practices at the college. This chapter sheds light on the emerging threats facing the college that this project addresses. An implementation strategy is covered in the third chapter complete with the project plan and risk management procedures.

The lab design and road blocks are covered in the fourth chapter. The encountered roadblocks and work-a-rounds are highlighted along with the impact to the organization and recommendations developed as a result of project research.

The conclusion defines the measure for success of the project and presents possible research topics or next steps developed as part of the project post-mortem.

Developing a Secure Virtual IT Lab Environment for Student Use at Dayton College

Dayton College, a fictitious organization, experienced incidents because of a flaw in security policy and network architecture. The incidents involved students downloading inappropriate material to lab computers and a number of resulting Trojan infections. To help eliminate future incidents of this nature an isolated environment for the students is in order. A project was proposed to implement a Virtual IT Lab environment for students pursuing programs in Information Technology (IT). This group of students, with their tech-savvy backgrounds, was identified as the major culprits who take actions leading to the identified types of incidents.

Chapter 1: Project Description

This paper documents the project to design, plan, and implement a virtual lab to be used by students learning fundamental concepts of IT administrative and troubleshooting procedures. This lab will provide the facilities for hands-on learning while isolating the learning systems from the production network of the college. As implied by this brief description of the project, the project applies to an educational institution.

Purpose and Organizational Need

The successful implementation of the virtual lab environment will benefit students by providing the opportunity for real hands-on learning. Currently, the students practice tasks using software simulators; which do not provide the same experience as working on live systems. One of the problems with the current environment is that the IT students share computers with students enrolled in other disciplines, such as Medical Arts. Many of the IT students are fresh out of high school and their maturity levels are at times lacking. Some of these students see the computers that are made available to them as their personal toys and at times leave questionable content behind as remnants of their activities. The virtual lab will provide equipment in a secure environment and help teach students about security policies along with the technical aspects of IT.

Another problem that the project addresses is that of reducing costs. Currently the simulators are provided to the students and the associated costs are absorbed as part of the student’s tuition. The virtual IT lab environment would lower the necessity for the simulators and help reduce that cost.

Project Scope

The scope of the project will encompass the planning, design work, and steps necessary to implement the lab in a functional state. The lab will continue to evolve so not all functionality will be implemented as a result of this project but will continue with future projects. This project is not intended to solve all the security issues of the college.

Strategic Information Technology Planning Goals

The strategic planning goals for the project are to provide an isolated learning environment for the students, to reduce risk to the college, and lower operating costs. Students have no facilities for hands-on training at the present time and this environment conflicts with the published description of the program that the students are pursuing. This conflict could result in serious consequences to the college in the event of an accreditation audit.The most serious consequence would be the loss of accreditation and the loss of financial aid funding. The college is accredited through the Accrediting Commission of Career Schools and Colleges (ACCSC).

ACCSC assesses the effectiveness of an institution’s educational programs by evaluating the infrastructure that supports the delivery of programs as well as educational outcomes, including student achievement. Outcomes demonstrate the effectiveness of educational programs including favorable completion and job placement rates, state licensing examinations and success with employer and student satisfaction. (Accrediting Commission of Career Schools and Colleges, 2010)

Significance and Benefit to Dayton College

The significance and benefit from this project arise from first reducing the risk to the college in the following three areas:

  • Loss of accreditation resulting from a conflict with the college’s program description and the actual learning environment
  • Loss of financial aid funding for students following a loss of accreditation
  • Legal liability resulting from inappropriate content delivered via the Internet

Following the reduction in risk, the college will also benefit from a reduction in the program costs associated with delivering training. Finally, the college will benefit from a versatile lab environment in which students can investigate operational issues associated with various technology platforms including Microsoft Windows and Linux. Alternative uses of technology may also be explored.

Project Assumptions

The assumptions made for this project are that the college will decide to continue the project through to completion following a comprehensive risk analysis and cost benefit analysis. Following approval, the assumption is made that the college will abide by the commitment to supply the needed resources and that other priorities will not override the need for the lab. Space is at a premium as more and more students enroll and more areas are converted into lecture rooms. The assumption is made that the benefit of the lab will override arising needs that may seek to occupy the space.

References

Accrediting Commission of Career Schools and Colleges. (2010). The Accreditation Process.Available from http://www.accsc.org

Broadstairs, K. (2000). 01-2-2 Quantifying Risk. In K. Broadstairs, R. King, & D. O'Conor (Eds.), Risk Management (p. 39). GBR: Scitech Educational.

Dragoon, A. (2003). Governance: Deciding factors. CIO. Retrieved February 18, 2010 from http://www.cio.com/article/29619/Governance_Deciding_Factors?page=1

Eckert, J. W., & Schitka, M. J. (2006). The hacker culture. Linux+ Guide to Linux Certification (2nd Ed.) (pp. 17-18). Boston, MA: Course Technology

GAO. (1998). Executive guide: Information security management--learning from leading organizations: AIMD-98-68. GAO Reports, 1., Government Accounting Office

Georgia Institute of Technoloogy. (2008). Emerging cyber threats for 2009. CU360 , 34 (21), 4-5.

ISO 17799 Portol. (2007). What is ISO 17799? Available from http://17799.denialinfo.com/index.htm

Moteff, J. (2004). Computer Security: A Summary of Selected Federal Laws, ExecutiveOrders,and Presidential Directives. Library of Congress, Congressional Research Service

Panel on Confidentiality Issues Arising from the Integration of Remotely Sensed and SelfIdentifying, & National Research Council. (2007). Putting people on the map: Protecting Confidentiality with linked social-spatial data. Washington, DC: National Academies Press.

Rainer, R., Snyder, C., & Carr, H. (1991). Risk Analysis for information technology. Journal of Management Information Systems , 8 (1), 134-135.

Schiller, C. (2007). Botnets. Network and Systems Professionals Association. Available from http://www.naspa.com/

Schniederjans, ,. M. (2004). Information Technology: Decision-Making Methodology (p. 140).Singapore: World Scientific Publishing Company.

Spammer-X. (2004). Inside the SPAM Cartel: Trade Secrets from the Dark Side. Rockland, MA: Syngress Publishing

Treviano, L. K., & Weaver, G. R. (2003). Managing Ethics in Organizations : A Social ScientificPerspective on Business Ethics. Palo Alto, CA: Stanford University Press.

U.S. Senate. (2009). Safe Internet act: S 1047 IS. Library of Congress.

More by this Author


Comments

No comments yet.

    Sign in or sign up and post using a HubPages Network account.

    0 of 8192 characters used
    Post Comment

    No HTML is allowed in comments, but URLs will be hyperlinked. Comments are not for promoting your articles or other sites.


    Click to Rate This Article
    working