{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

The CyberDefense Laboratory

The CyberDefense Laboratory - Proceedings of the 2006 IEEE...

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
Abstract — We developed a two-semester curriculum for undergraduate information security education. In the first semester students are provided with the necessary background in cryptography and cryptographic protocols, network security threats and defense mechanisms, as well as an overview of various security models. In the second semester, a set of laboratory-based modules provides the students with hands-on experience in implementing several of the security mechanisms they have learned so far. These modules cover topics such as host discovery and scanning, security assessment, perimeter security, secure communication, and web security. The students finally engage in an attack-defense exercise through which they gain more insight into the vulnerabilities of existing platforms, and thus mitigate them. A dedicated laboratory has been established for this purpose. The setup of the laboratory and the pedagogical modules are described in this paper. Index Terms —Information Security Education, Network Security Laboratory. I. I NTRODUCTION As the complexity of existing computing systems increases, so does the need to train more students on how to secure these systems. Therefore, higher education institutions have recently invested in the design and development of new information security courses. Students are introduced to the goals of a secure computing system, the threats that it encounters, and the security mechanisms that help achieve these goals. However, such courses will not be effective unless the students are given the chance to implement many of the mechanisms they learn, or even develop new ones on their own. We designed our undergraduate security education curriculum as a two-phase process: a theory building phase, followed by a skill building phase. We believe that such split will provide the students with much of the concepts they need before they can successfully complete the laboratory exercises of the second phase. The students are expected to have taken courses in Operating Systems and Computer Networking as prerequisites to the first phase course. For the first phase, we designed a three-credit-hour course which covers the following fundamental topics: o An overview of the goals of system security and the Manuscript received March 22, 2006. This work was supported in part by the Institute for Infrastructure and Information Assurance at JMU. Mohamed S. Aboutabl is with the Department of Computer Science, James Madison University, Harrisonburg, VA 22807 USA (phone: 540-568-7589; e- mail: [email protected]). services that provide confidentiality, integrity, and availability . Students learn the correlation of services and the attacks they guard against, as well as the classification of the latter into active and passive ones.
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 2
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}