Re: Teaching security using malware

["Menne, Michael S" <michael.menne () MNSU EDU>]

Should we allow this to happen on premise using some sort of virtual environment or only allow it to be done in cloud 
instances?

     *   This shouldn’t be a YES/NO question.  It should be a YES/HOW question.
     *   For our campus, we have one classroom dedicated to this.  It’s on the local network, but the instructor runs a 
script that flips the entire classroom network over to a private VLAN that has no routing.  It may have internet 
access, but there is no internal access to/from the VLAN.
Should there be anything special about the computers that are used to connect to the virtual environment? (Separate 
domain, separate vlan, extra security software, only allow certain ports open, etc.)

  *   See above on the VLAN flip.
  *   The computers that are used have a virtual hypervisor installed. The machines themselves revert to a steady state 
(including the virtual machine disk file) every time they reboot. If they don’t reboot during the day, they reboot 
every night for maintenance.  They may reboot after a period of inactivity as well. I don’t remember that part of it.
We are going to be asking if/how this affects our Cybersecurity Insurance.  Has anyone had their insurance affected by 
doing these types of courses/training?

  *   Our insurance is carried through our state system office. I’ve never inquired.  As long as you can show 
mitigating controls, I wouldn’t think it would affect your insurance. I don’t think insurance looks that deeply at the 
institution’s course programming.

Michael Menne, CISSP
Chief Information Security Officer
IT Solutions Information Security
Minnesota State University, Mankato
Phone:  (507) 389-5705
Cell: (507) 405-0717
https://mankato.mnsu.edu/cyberaware

[signature_129034257]

Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended 
recipient(s) and may contain confidential and privileged information.  Any unauthorized review, use, disclosure or 
distribution is prohibited.  If you are not the intended recipient, please contact the sender by reply e-mail and 
destroy all copies of the original message.




From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Matt Hall 
<matthew.hall () CHEMEKETA EDU>
Reply-To: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU>
Date: Wednesday, December 16, 2020 at 3:29 PM
To: "SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] Teaching security using malware

Listserv,

For those schools that are teaching security classes that involve utilizing malware, how are you setting up your 
environment?

Some specific questions that came up during internal IT conversations are:
·  Should we allow this to happen on premise using some sort of virtual environment or only allow it to be done in 
cloud instances?
·  Should there be anything special about the computers that are used to connect to the virtual environment? (Seperate 
domain, seperate vlan, extra security software, only allow certain ports open, etc)
·  We are going to be asking if/how this affects our Cybersecurity Insurance.  Has anyone had their insurance affected 
by doing these types of courses/training?

Matthew Hall
Information Security Analyst
Chemeketa Community College
Phone: (503) 584-7586
Email: Matthew.Hall () chemeketa edu<mailto:Matthew.Hall () chemeketa edu>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Cmichael.menne%40MNSU.EDU%7Ca8aa2ba2fe0542ca9e1608d8a209b14a%7C5011c7c60ab446ab9ef4fae74a921a7f%7C0%7C0%7C637437509803924606%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=Eewd1rjMLphkPFsJMF5VtoBZe3AW%2FjD9XCc9q9ZYhag%3D&reserved=0>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community