The "IT Security" laboratory is implemented as a sealed-off environment in which safety-critical experiments and practical exercises can be carried out without connections to the HFT network or computers on the Internet (and thus without affecting these external networks). For example, practical experiments can be conducted with attack tools and malicious software. In addition, this laboratory allows the practical testing and refinement of security technologies or countermeasures developed within the framework of research projects.
A simple example of an unwanted side effect would be the unintentional "paralysis" of a production server due to a typo in the IP destination address during practical exercises on denial of service attacks (e.g. SYN flooding). A large number of similar (or even more complicated) cases in the areas of network security/Internet security/Web security are conceivable. In general, manual errors, configuration errors and the like cannot be excluded, so that the external network must be proactively protected. The undesirable effects mentioned can sometimes also be legally problematic (see for example §303a STGB "Computersabotage").
VMWare ESX Server" is used as virtualization software. This software enables a flexible, short-term configuration of different, quite complex scenarios and the associated virtual network configurations. Students log in to a pre-configured virtual environment where they can experiment without fear of side effects on the outside world (HFT network and Internet).
The laboratory is used in a variety of practical exercises in teaching. Teaching in the bachelor's programs in Computer Science, Business Informatics and Information Logistics enables students to apply and deepen concepts of IT security learned in theory in practical exercises in order to gain concrete experience with current threats and countermeasures.