ABSTRACT
With funding from NSF the Department has set up a stand alone lab for students to learn penetration testing techniques(attack), to harden their networks against these attacks (defense) , and also to gather enough evidence to through careful logging and audit controls to convict a hacker (convict). Linux RedHat 7.1 was used and all the machines were set up as standalone servers in three different subdomains, with 2 perimeter routers and 2 firewalls to allow experimentation with various configurations. In all over 50 software tools were downloaded and tested. Students were screened and asked to sign a disclaimer. They should also have been required to have networking experience. An initial mistake was to run a very minimal server with no services and practically no users. This was not realistic. It made it quick to rebuild systems but much harder to attack.The attacks need to be carefully planned and structured in a specific sequence one at a time, otherwise it becomes very difficult to follow what is going on.
- CERT Coordination Center: Information Security for Technical Staff: Networked Systems Survivability Program. Sponsored by the US. Dept. of Defense. Pittaburgh: Carnegie Mellon University, 2001. 47-49.Google Scholar
- Cybersecurity Education and Research Center for Western Pennsylvania, West Virginia and Ohio. NSF-Grant-01-11:Federal Cyber Service: Scholarships for Service: Capacity building-Institutional Development Track.Google Scholar
- McClure, Stuart, Joel Scambray, and George Kurtz. Hacking Linux Exposed: Network Security Secrets and Solutions, Boston: Osborne/McGraw Hill, 2001. Google ScholarDigital Library
- Schafer, Joseph et al. The Iwar range: A Laboratory for Undergraduate Information Assurance Education. Journal of Computing in Small Colleges. 16: 4. May (2001), 223-232. Google ScholarDigital Library
- Wenstrom, Michael. Managing Cisco Network Security. Indianapolis, IN: CISCO Press, 2001. Google ScholarDigital Library
- Building a cyberwar lab: lessons learned: teaching cybersecurity principles to undergraduates
Recommendations
Building a cyberwar lab: lessons learned: teaching cybersecurity principles to undergraduates
Inroads: paving the way towards excellence in computing educationWith funding from NSF the Department has set up a stand alone lab for students to learn penetration testing techniques(attack), to harden their networks against these attacks (defense) , and also to gather enough evidence to through careful logging and ...
Comments