ArtsAutosBooksBusinessEducationEntertainmentFamilyFashionFoodGamesGenderHealthHolidaysHomeHubPagesPersonal FinancePetsPoliticsReligionSportsTechnologyTravel

Developing a Secure Virtual IT Lab Environment for Student Use at Dayton College: Sample Master Thesis

Updated on June 10, 2012

Published: January 19, 2012

Revised: January 23, 2012


This paper details the project to design and implement a virtual IT lab environment at Dayton College, a fictitious organization. The need for the project was observed by the author as a consequence of a number of policies and incidents, including Trojan infections of computers in computer labs shared by students involved in different disciplines of study. The benefits to the college of the successful completion of the project will be reduced risk to the systems in the shared labs and the production network. A reduction in operating costs will be an added benefit. The author made the assumption that the college will follow through in certain commitments for cost and resources and that the project will remain a priority.


Executive Summary


.....Project Scope

.....Strategic Information Technology Planning Goals

.....Project Assumptions



..........Formal Project Proposals

..........Recycle Material

..........Short Iterations and Quick Delivery

..........Avoid Extreme Measures

.....Existing Information Security Practices and Purpose

..........Technical Controls

..........Physical Controls

..........Administrative Controls

.....Emerging Threats

..........Proxy Sites


..........Cyber Crime


CHAPTER 3: Implementation Strategy

.....Project Plan

.....Tasks and Schedule

.....Risk Management

..........Qualitative Analysis

..........Quantitative Analysis

..........Incident Response

..........Incident Reporting

..........Risk Review Process

CHAPTER 4: Project Completion and Recommendations

.....Functional Requirements

.....Lab Design

..........Firewall and Router

..........Internal Network



.....Organizational Impact

..........Goals Met


..........Unique User Accounts and Strong Passwords

..........Monitoring Facilities

..........Incident Reporting

..........User Awareness Training

..........Membership in Security Organizations


Research Topics


Appendix A: Dayton College Incident Response Procedure

Appendix B: Acceptable Use Policy

Executive Summary

The purpose of this project; which entails the design and implementation of a Virtual IT Lab Environment for the IT students of Dayton College, is to reduce the risk that the college faces resulting from downloading inappropriate material to the college’ PCs. These downloads combined with an environment of unrestricted web surfing have resulted in frequent Trojan infections and open up the possibility of litigation against the college. Secondary benefits to the college include a reduction in operating costs and providing a safe student lab environment to be used to complete lab assignments and perform experimentation.

This paper presents the planning and implementation in four chapters, beginning with a detailed project description; which includes the project scope, goals, and assumptions. A second chapter focuses on information security governance and practices at the college. This chapter sheds light on the emerging threats facing the college that this project addresses. An implementation strategy is covered in the third chapter complete with the project plan and risk management procedures.

The lab design and road blocks are covered in the fourth chapter. The encountered roadblocks and work-a-rounds are highlighted along with the impact to the organization and recommendations developed as a result of project research.

The conclusion defines the measure for success of the project and presents possible research topics or next steps developed as part of the project post-mortem.

Developing a Secure Virtual IT Lab Environment for Student Use at Dayton College

Dayton College, a fictitious organization, experienced incidents because of a flaw in security policy and network architecture. The incidents involved students downloading inappropriate material to lab computers and a number of resulting Trojan infections. To help eliminate future incidents of this nature an isolated environment for the students is in order. A project was proposed to implement a Virtual IT Lab environment for students pursuing programs in Information Technology (IT). This group of students, with their tech-savvy backgrounds, was identified as the major culprits who take actions leading to the identified types of incidents.

Chapter 1: Project Description

This paper documents the project to design, plan, and implement a virtual lab to be used by students learning fundamental concepts of IT administrative and troubleshooting procedures. This lab will provide the facilities for hands-on learning while isolating the learning systems from the production network of the college. As implied by this brief description of the project, the project applies to an educational institution.

Purpose and Organizational Need

The successful implementation of the virtual lab environment will benefit students by providing the opportunity for real hands-on learning. Currently, the students practice tasks using software simulators; which do not provide the same experience as working on live systems. One of the problems with the current environment is that the IT students share computers with students enrolled in other disciplines, such as Medical Arts. Many of the IT students are fresh out of high school and their maturity levels are at times lacking. Some of these students see the computers that are made available to them as their personal toys and at times leave questionable content behind as remnants of their activities. The virtual lab will provide equipment in a secure environment and help teach students about security policies along with the technical aspects of IT.

Another problem that the project addresses is that of reducing costs. Currently the simulators are provided to the students and the associated costs are absorbed as part of the student’s tuition. The virtual IT lab environment would lower the necessity for the simulators and help reduce that cost.

Project Scope

The scope of the project will encompass the planning, design work, and steps necessary to implement the lab in a functional state. The lab will continue to evolve so not all functionality will be implemented as a result of this project but will continue with future projects. This project is not intended to solve all the security issues of the college.

Strategic Information Technology Planning Goals

The strategic planning goals for the project are to provide an isolated learning environment for the students, to reduce risk to the college, and lower operating costs. Students have no facilities for hands-on training at the present time and this environment conflicts with the published description of the program that the students are pursuing. This conflict could result in serious consequences to the college in the event of an accreditation audit.The most serious consequence would be the loss of accreditation and the loss of financial aid funding. The college is accredited through the Accrediting Commission of Career Schools and Colleges (ACCSC).

ACCSC assesses the effectiveness of an institution’s educational programs by evaluating the infrastructure that supports the delivery of programs as well as educational outcomes, including student achievement. Outcomes demonstrate the effectiveness of educational programs including favorable completion and job placement rates, state licensing examinations and success with employer and student satisfaction. (Accrediting Commission of Career Schools and Colleges, 2010)

Significance and Benefit to Dayton College

The significance and benefit from this project arise from first reducing the risk to the college in the following three areas:

  • Loss of accreditation resulting from a conflict with the college’s program description and the actual learning environment
  • Loss of financial aid funding for students following a loss of accreditation
  • Legal liability resulting from inappropriate content delivered via the Internet

Following the reduction in risk, the college will also benefit from a reduction in the program costs associated with delivering training. Finally, the college will benefit from a versatile lab environment in which students can investigate operational issues associated with various technology platforms including Microsoft Windows and Linux. Alternative uses of technology may also be explored.

Project Assumptions

The assumptions made for this project are that the college will decide to continue the project through to completion following a comprehensive risk analysis and cost benefit analysis. Following approval, the assumption is made that the college will abide by the commitment to supply the needed resources and that other priorities will not override the need for the lab. Space is at a premium as more and more students enroll and more areas are converted into lecture rooms. The assumption is made that the benefit of the lab will override arising needs that may seek to occupy the space.


Accrediting Commission of Career Schools and Colleges. (2010). The Accreditation Process.Available from

Broadstairs, K. (2000). 01-2-2 Quantifying Risk. In K. Broadstairs, R. King, & D. O'Conor (Eds.), Risk Management (p. 39). GBR: Scitech Educational.

Dragoon, A. (2003). Governance: Deciding factors. CIO. Retrieved February 18, 2010 from

Eckert, J. W., & Schitka, M. J. (2006). The hacker culture. Linux+ Guide to Linux Certification (2nd Ed.) (pp. 17-18). Boston, MA: Course Technology

GAO. (1998). Executive guide: Information security management--learning from leading organizations: AIMD-98-68. GAO Reports, 1., Government Accounting Office

Georgia Institute of Technoloogy. (2008). Emerging cyber threats for 2009. CU360 , 34 (21), 4-5.

ISO 17799 Portol. (2007). What is ISO 17799? Available from

Moteff, J. (2004). Computer Security: A Summary of Selected Federal Laws, ExecutiveOrders,and Presidential Directives. Library of Congress, Congressional Research Service

Panel on Confidentiality Issues Arising from the Integration of Remotely Sensed and SelfIdentifying, & National Research Council. (2007). Putting people on the map: Protecting Confidentiality with linked social-spatial data. Washington, DC: National Academies Press.

Rainer, R., Snyder, C., & Carr, H. (1991). Risk Analysis for information technology. Journal of Management Information Systems , 8 (1), 134-135.

Schiller, C. (2007). Botnets. Network and Systems Professionals Association. Available from

Schniederjans, ,. M. (2004). Information Technology: Decision-Making Methodology (p. 140).Singapore: World Scientific Publishing Company.

Spammer-X. (2004). Inside the SPAM Cartel: Trade Secrets from the Dark Side. Rockland, MA: Syngress Publishing

Treviano, L. K., & Weaver, G. R. (2003). Managing Ethics in Organizations : A Social ScientificPerspective on Business Ethics. Palo Alto, CA: Stanford University Press.

U.S. Senate. (2009). Safe Internet act: S 1047 IS. Library of Congress.


    0 of 8192 characters used
    Post Comment

    No comments yet.


    This website uses cookies

    As a user in the EEA, your approval is needed on a few things. To provide a better website experience, uses cookies (and other similar technologies) and may collect, process, and share personal data. Please choose which areas of our service you consent to our doing so.

    For more information on managing or withdrawing consents and how we handle data, visit our Privacy Policy at:

    Show Details
    HubPages Device IDThis is used to identify particular browsers or devices when the access the service, and is used for security reasons.
    LoginThis is necessary to sign in to the HubPages Service.
    Google RecaptchaThis is used to prevent bots and spam. (Privacy Policy)
    AkismetThis is used to detect comment spam. (Privacy Policy)
    HubPages Google AnalyticsThis is used to provide data on traffic to our website, all personally identifyable data is anonymized. (Privacy Policy)
    HubPages Traffic PixelThis is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized.
    Amazon Web ServicesThis is a cloud services platform that we used to host our service. (Privacy Policy)
    CloudflareThis is a cloud CDN service that we use to efficiently deliver files required for our service to operate such as javascript, cascading style sheets, images, and videos. (Privacy Policy)
    Google Hosted LibrariesJavascript software libraries such as jQuery are loaded at endpoints on the or domains, for performance and efficiency reasons. (Privacy Policy)
    Google Custom SearchThis is feature allows you to search the site. (Privacy Policy)
    Google MapsSome articles have Google Maps embedded in them. (Privacy Policy)
    Google ChartsThis is used to display charts and graphs on articles and the author center. (Privacy Policy)
    Google AdSense Host APIThis service allows you to sign up for or associate a Google AdSense account with HubPages, so that you can earn money from ads on your articles. No data is shared unless you engage with this feature. (Privacy Policy)
    Google YouTubeSome articles have YouTube videos embedded in them. (Privacy Policy)
    VimeoSome articles have Vimeo videos embedded in them. (Privacy Policy)
    PaypalThis is used for a registered author who enrolls in the HubPages Earnings program and requests to be paid via PayPal. No data is shared with Paypal unless you engage with this feature. (Privacy Policy)
    Facebook LoginYou can use this to streamline signing up for, or signing in to your Hubpages account. No data is shared with Facebook unless you engage with this feature. (Privacy Policy)
    MavenThis supports the Maven widget and search functionality. (Privacy Policy)
    Google AdSenseThis is an ad network. (Privacy Policy)
    Google DoubleClickGoogle provides ad serving technology and runs an ad network. (Privacy Policy)
    Index ExchangeThis is an ad network. (Privacy Policy)
    SovrnThis is an ad network. (Privacy Policy)
    Facebook AdsThis is an ad network. (Privacy Policy)
    Amazon Unified Ad MarketplaceThis is an ad network. (Privacy Policy)
    AppNexusThis is an ad network. (Privacy Policy)
    OpenxThis is an ad network. (Privacy Policy)
    Rubicon ProjectThis is an ad network. (Privacy Policy)
    TripleLiftThis is an ad network. (Privacy Policy)
    Say MediaWe partner with Say Media to deliver ad campaigns on our sites. (Privacy Policy)
    Remarketing PixelsWe may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites.
    Conversion Tracking PixelsWe may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisement has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service.
    Author Google AnalyticsThis is used to provide traffic data and reports to the authors of articles on the HubPages Service. (Privacy Policy)
    ComscoreComScore is a media measurement and analytics company providing marketing data and analytics to enterprises, media and advertising agencies, and publishers. Non-consent will result in ComScore only processing obfuscated personal data. (Privacy Policy)
    Amazon Tracking PixelSome articles display amazon products as part of the Amazon Affiliate program, this pixel provides traffic statistics for those products (Privacy Policy)