research-article

Network reconnaissance, attack, and defense laboratories for an introductory cyber-security course

Authors:

Sarah StandardAuthors Info & Claims

ACMSE '13: Proceedings of the 51st annual ACM Southeast Conference

Article No.: 29, Pages 1 - 6

https://doi.org/10.1145/2498328.2500077

Published: 04 April 2013 Publication History

Get Access

Abstract

Cyber security is an area where much curriculum development is taking place, and it is important that such efforts be shared. In this work we describe three lab exercises developed at the United States Naval Academy for use in our fundamentals of cyber-security course, a course required of all freshmen. The hands-on lab activities reinforce ideas presented in classroom discussions about basic network reconnaissance, attack, and defense. A class of approximately twenty students is divided into two teams. Each team's network has its own workstation, name server, and gateway router, and a webserver. Students each have an individual host machine on their own network. In the reconnaissance lab students attempt to discover the opponent network's topology, services and software, as well as guess account names and potential passwords. The information is then used in the succeeding attack lab, where denial of service attacks, injection attacks, and other remote exploits are conducted. During the defense lab, students harden their systems by managing accounts and passwords in both Unix and Windows systems, encrypting confidential files, defending against HTML injection attacks, configuring a firewall, shutting down unnecessary services, removing unnecessary software, and patching known vulnerabilities; all while maintaining a prescribed set of services. All three labs are conducted using virtual machines (VMs) in a virtual. Detailed instructor notes, lab instructions, student check sheets, grading sheets, and supporting software were developed for these labs. In this paper we discuss our experiences with these labs, assessment and evaluation material, and lessons learned. The insights that we have gained will prove useful to those thinking about implementing or refining labs in a cyber-security course, or perhaps even for other types of labs.

References

[1]

President's Cyberspace Policy Review: Assuring a Trusted and Resilient Information and Communications Infrastructure, May 2009. DOI=http://www.whitehouse.gov/assets/documents/Cyberspace_Policy_Review_final.pdf.

Google Scholar

[2]

Jabbour, K. and Older S. 2010. A Learning Community for Developing Cyber-Security Leaders. The Advanced Course in Engineering on Cyber Security. DOI=http://www.cis.syr.edu/~sueo/papers/ace-wecs.pdf.

Google Scholar

[3]

Anon. 2011. Information Assurance Internship. DOI=http://iainternship.com/images/IA_Internship_Flyer_9132011.pdf.

Google Scholar

[4]

Department of Computer Science, University of Maryland. 2012. CMSC 498L/ENEE 459L, Cybersecurity Lab. DOI=http://www.cs.umd.edu/class/fall2012/cmsc498L/.

Google Scholar

[5]

School of Computing, Department of Information Technology, University of South Alabama. 2012. DOI=https://paws.usouthal.edu/prod/bwckctlg.p_display_courses.

Google Scholar

[6]

Office of the Dean, United States Military Academy, West Point, New York. DOI=http://www.dean.usma.edu/sebpublic/curriccat/static/index.htm.

Google Scholar

[7]

Brown, C., et al. 2012. Anatomy, Dissection, and Mechanics of an Introductory Cyber-Security Class's Curriculum at the United States Naval Academy. In ASEE Computers in Education Journal, 3(3):63--80

Google Scholar

Cited By

View all

Yackley J(2024)Active Learning for Introductory Cybersecurity2024 IEEE Frontiers in Education Conference (FIE)10.1109/FIE61694.2024.10893058(1-9)Online publication date: 13-Oct-2024
https://doi.org/10.1109/FIE61694.2024.10893058
Srivastava M(2021)An Introduction to Network Security AttacksInventive Systems and Control10.1007/978-981-16-1395-1_37(505-515)Online publication date: 8-Jun-2021
https://doi.org/10.1007/978-981-16-1395-1_37
Cao PAjwa I(2016)Enhancing Computational Science Curriculum at Liberal Arts InstitutionsProcedia Computer Science10.1016/j.procs.2016.05.51080:C(1940-1946)Online publication date: 1-Jun-2016
https://dl.acm.org/doi/10.1016/j.procs.2016.05.510

Index Terms

Network reconnaissance, attack, and defense laboratories for an introductory cyber-security course
1. General and reference
  1. Cross-computing tools and techniques
    1. Evaluation
2. Social and professional topics
  1. Professional topics
    1. Computing education
    2. Management of computing and information systems
      1. Software management
        Software selection and adaptation

Recommendations

Network reconnaissance, attack, and defense laboratories for an introductory cyber-security course

Cyber-security is an area in which much curriculum development is taking place; it is important that such efforts be evaluated and shared. We describe three laboratories developed at the United States Naval Academy (USNA) for use in its fundamentals of ...
Developing and implementing an institution-wide introductory cyber-security course in record time
ACMSE '12: Proceedings of the 50th annual ACM Southeast Conference

In spring 2011, the United States Naval Academy decided that, beginning in fall 2011, all first-year students would be required to take an introductory core course in the technical foundations of cyber security. This decision triggered our attempt to set ...
Anatomy, dissection, and mechanics of an introductory cyber-security course's curriculum at the United States naval academy
ITiCSE '12: Proceedings of the 17th ACM annual conference on Innovation and technology in computer science education

Due to the high priority of cyber-security education, the United States Naval Academy rapidly developed and implemented a new cyber-security course that is required for all of its first-year students. During the fall semester in 2011, half of the ...

Comments

Information & Contributors

Information

Published In

ACMSE '13: Proceedings of the 51st annual ACM Southeast Conference

April 2013

224 pages

ISBN:9781450319010

DOI:10.1145/2498328

General Chair:
Ashraf Saad
Armstrong Atlantic State University

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 04 April 2013

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ACM SE'13

Sponsor:

ACM SE'13: ACM Southeast Regional 2013

April 4 - 6, 2013

Georgia, Savannah

Acceptance Rates

Overall Acceptance Rate 502 of 1,023 submissions, 49%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
430
Total Downloads

Downloads (Last 12 months)20
Downloads (Last 6 weeks)3

Reflects downloads up to 02 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Yackley J(2024)Active Learning for Introductory Cybersecurity2024 IEEE Frontiers in Education Conference (FIE)10.1109/FIE61694.2024.10893058(1-9)Online publication date: 13-Oct-2024
https://doi.org/10.1109/FIE61694.2024.10893058
Srivastava M(2021)An Introduction to Network Security AttacksInventive Systems and Control10.1007/978-981-16-1395-1_37(505-515)Online publication date: 8-Jun-2021
https://doi.org/10.1007/978-981-16-1395-1_37
Cao PAjwa I(2016)Enhancing Computational Science Curriculum at Liberal Arts InstitutionsProcedia Computer Science10.1016/j.procs.2016.05.51080:C(1940-1946)Online publication date: 1-Jun-2016
https://dl.acm.org/doi/10.1016/j.procs.2016.05.510

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Abstract

References

Cited By

Index Terms

Recommendations