The proposed DCSL is not only to support the module-based curricular model and the new security courses at UHCL/UHD, but to demonstrate the feasibility of having a multiple-site distributed security lab that is insulated from the campus networks. A main objective of an insulated-but-connected distributed lab is to provide a safe and easy to configure network platform for students and faculty to implement hands-on projects and research experimentations.

Figure 1 depicts a high-level set-up of the cross-campus distributed Lab, which has 3 main extensions from the ISIS Lab: (1) The DCSL will have Internet connectivity via DSL (Digital Subscriber Line) connections without going through the campus backbone. This separation will facilitate students and faculty to perform distributed experiments without intruding the campus network. (2) The DCSL will comprise two local labs respectively in UHCL and UHD. The DSL connectivity will allow the two labs to be remotely connected to form a distributed platform, which is desirable for experimentations involving enterprise network security, such as VPN (Virtual Private Networks) and SOHO (Small Office Home Office). (3) Wireless networks will be part of the DCSL. Wireless local area networks (WLANs) and mobile networks are needed to study wireless security. The wireless LANs will be compliant to the IEEE 802.11a standard, different from the existing campus WLANs, which is 802.11b compliant.

Figure 2 depicts a high-level configuration of the DCSL for network security experiments [6]. It consists of four test beds: (a) a local area network (LAN) to simulate a corporate or campus network with integrated firewall, VPN server, and authentication servers; (b) a wireless LAN, which is composed of several access points and wireless clients; (c) another LAN to simulate a remote site; and (d) remote connections through the Internet, which simulate a home office or access over a mobile network. Seven vulnerability points (VP A through G) have been identified and are marked in the figure. Each of the VPs represents a potential point of attack.

The proposed lab at UHCL will contain two heterogeneous networks, one consisting of Windows desktops, laptops and servers, and the other consisting of Linux machines. The networks will be supported by a Cisco router, a switch, and four wireless access points. All the desktops and laptops are equipped with a WLAN adapter to enable communications with the access points. In addition, the laptops will be equipped with mobile WWAN (wireless wide area network) adapters, which will allow the laptops to be used in studying mobile data communications, such as GSM (Global System for Mobile Communication), GPRS (General Packet Radio Service), CMDA (Code Division Multiple Access), and mobile protocols, such as WAP (Wireless Application Protocols), WTLS (Wireless Transport Layer Security), etc. The lab will also contain network security servers, including a firewall, a VPN server, and a Radius server. The lab at UHD is similar to the UHCL lab, except that its size is smaller.