1 / 56

Computer Security: A Special E-Learning Challenge

Computer Security: A Special E-Learning Challenge . Robert Bruen Springfield Technical Community College. Outline. Brief Introduction to Digital Security Teaching & Curriculum Teaching Security On-Line Virtual Machines. Digital Security. Security in the digital universe is complicated

brilliant
Télécharger la présentation

Computer Security: A Special E-Learning Challenge

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Computer Security: A Special E-Learning Challenge Robert Bruen Springfield Technical Community College

  2. Outline • Brief Introduction to Digital Security • Teaching & Curriculum • Teaching Security On-Line • Virtual Machines MCO Conference on E-Learning

  3. Digital Security • Security in the digital universe is complicated • It affects everything • What part of “everything” didn’t you get? • Networks, computers, information, knowledge, identity, crime, science, intellectual property, entertainment, automobiles, cargo containers, money... MCO Conference on E-Learning

  4. Basic Concepts • What does “Secure” mean? • Lots of things to lots of people. • In the digital universe: • Confidentiality • Integrity • Availability MCO Conference on E-Learning

  5. Basic Concepts cont. • Authorization • Authentication • Something you: • Are; Have; Know • Audits • Access Controls MCO Conference on E-Learning

  6. Technical • Intrusion Detection (Network & Host) • Secure Programming (Buffer Overflow) • Architecture (Firewalls, DMZ, Bastion Hosts, Sensors, Honeypots) • Vulnerability Assessment • Penetration Testing • SNMP • XSS MCO Conference on E-Learning

  7. Technical cont. • Encryption, PKI, VPN, SSL, TLS • Biometrics • Steganography • Threat Analysis • DoS, DDoS • Spoofing MCO Conference on E-Learning

  8. Technical cont • DNS Cache Poisoning • Virus • Worm • Phish • Pharm • Spam MCO Conference on E-Learning

  9. Security Summary • Technical • Complex • Broad scope • Steep entry requirements • Continuous evolution • Not just about the hackers in the news MCO Conference on E-Learning

  10. Teaching Security • Curriculum • Real Experiences • Issues MCO Conference on E-Learning

  11. Curriculum • We teach how to break into computers • Lots of background necessary • Tools: Open Source Software • Focus: Business vs. Computer Science MCO Conference on E-Learning

  12. Syllabus Examples Technical • Keyloggers • Securing user accounts • Modifying permissions • Scanning systems • Analyzing log files • Installing Intrusion Detection Software MCO Conference on E-Learning

  13. Syllabus Examples Business • Risk Analysis • Asset valuation • Budgeting for Security Operation • Cost of Spam • Product Evaluation/Comparison • Disaster Recovery Planning MCO Conference on E-Learning

  14. Real Experiences • Babson College • Merrimack College • Empire State College • Springfield Technical CC MCO Conference on E-Learning

  15. Babson College • Business School, Math & Science Division • Taught Java, Web Development • Introduced first security course • Extremely popular: novelty, hacking, jobs • Demanding workload: papers, exams, group projects, challenges, presentations • Wide range of choices for student projects MCO Conference on E-Learning

  16. Course Work • Provided a machine for attack • Username & password not provided • Not really difficult to guess • Interesting distribution of knowledge MCO Conference on E-Learning

  17. Projects • Credit card fraud • Hacking software • Terrorism & Technology • Network Security Financials • Peer-to-Peer Networks • Firewalls – Product Comparison • Virtual Private Network setup MCO Conference on E-Learning

  18. Merrimack College • Taught Networks, Web Design, Business Software Apps • Taught security course two semesters • Extreme for the environment MCO Conference on E-Learning

  19. Merrimack - Coursework • Similar requirements to Babson • Computer Science students also signed up. No equivalent course in CS • Interesting mix of Business & CS • Similar production by students • I provided a target machine MCO Conference on E-Learning

  20. Empire State College • Distance education • Will cover later MCO Conference on E-Learning

  21. Springfield TechnicalCommunity College • Teach Linux and networks • Offers an Associate Degree with a security concentration option • Three courses required • First course is closer to industry certifications than my other courses MCO Conference on E-Learning

  22. STCC • My first lab • Will be even better next year • Students’ range was broader than the four year schools (prep, capability) • Students Similar to Distance Ed college MCO Conference on E-Learning

  23. Issues • Fear – Teaching kids to hack! • Fears come true every time • Handling problems MCO Conference on E-Learning

  24. Fear • A dean contacted me when she discovered that there was a hacking component to the course. MCO Conference on E-Learning

  25. Fears Realized • One student ran a password cracker against the faculty server. Shut it down for several hours. • In general, there is a certain amount of immature behavior when students get some power. • A mistake I made was exploited by a student to discover other student passwords. MCO Conference on E-Learning

  26. Not My fault • A DHCP server was shutdown from my lab. The IT people blamed my students. Turned out it was bug in Microsoft’s server software which had an undocumented response. MCO Conference on E-Learning

  27. Handling Problems • Dean was satisfied when she learned from the public course web site that I required several ethical issue papers. • The student who shutdown the faculty server was confronted – successfully. • The student who exploited my mistake was praised in class. Every one changed their password. I fixed my mistake. MCO Conference on E-Learning

  28. Handling Problems cont. • The DHCP server issue forced IT to discover the bug and upgrade. • Contracts to be signed by students • Criminal background checks • All of this confirmed my belief that security needs to be taught differently from most other courses. MCO Conference on E-Learning

  29. E-Learning • Real Experiences • Special Issues • Proposed Solution MCO Conference on E-Learning

  30. Real Experiences • Empire State College (SUNY) • Security course (3 semesters) • Computer Forensics ( 1 semester) • Networks (2 semesters) MCO Conference on E-Learning

  31. Environment • Lotus Notes, not Blackboard • Superior support – Library & media • Long history • Rich, rigid structure • Modules, not weekly topics MCO Conference on E-Learning

  32. MCO Conference on E-Learning

  33. MCO Conference on E-Learning

  34. MCO Conference on E-Learning

  35. MCO Conference on E-Learning

  36. MCO Conference on E-Learning

  37. MCO Conference on E-Learning

  38. MCO Conference on E-Learning

  39. Issues • No lab arrangement • Global student body • Working adults, single parents, etc • Unexpected = Norm • Florida hurricane • Student soldiers went to Middle East MCO Conference on E-Learning

  40. Limitations • No lab • No lab assignments • No hands-on • No controls • Technical aspects severely limited MCO Conference on E-Learning

  41. Positive Outcomes • Papers – same as In-Class • Group Projects – mostly same • Discussions – better than In-Class • Students support each other better MCO Conference on E-Learning

  42. Standard Security Teaching Options • Lectures / Distance Ed • Severely Limited • Simulations / Scenarios • Inflexible, costly to create & update • Standard computer lab • Event leakage; maintenance issues • Isolated lab • Expensive, single use MCO Conference on E-Learning

  43. Proposed Solution • On campus lab will use VMWare on individual computers • Distance Lab will use VMWare on one shared computer MCO Conference on E-Learning

  44. Virtual Machines • It’s all pretend anyway • VirtualPC/Virtual Server – All Microsoft • User Mode Linux – All Linux • VMWare – Vendor independent • XEN – Researcher software • Others under development MCO Conference on E-Learning

  45. VM Basics • Host operating system on hardware • VM software runs as an application • Guest operating systems run on top • Each guest thinks it owns the hardware MCO Conference on E-Learning

  46. Virtual Machines Guest Guest Guest Guest VMWare Operating system Hardware MCO Conference on E-Learning

  47. MCO Conference on E-Learning

  48. MCO Conference on E-Learning

  49. MCO Conference on E-Learning

  50. MCO Conference on E-Learning

More Related