1 / 27

Challenges and Solutions for Cybersecurity Education in Liberal Arts Colleges

Explore the challenges faced by predominantly undergraduate liberal arts institutions in providing cybersecurity education and discover solutions using GENI and multidisciplinary approaches.

stronga
Télécharger la présentation

Challenges and Solutions for Cybersecurity Education in Liberal Arts Colleges

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. GENI, Cybersecurity, and Liberal Arts Xenia Mountrouidou (Prof. X)

  2. Outline • Motivation • Courses& labs • Challenges • Suggestions • Conclusions

  3. Challenges • Predominantly undergraduate institutions have limited resources • Experiential learning in cybersecurity requires sanitized labs and large investments

  4. Solution • GENI! • Multidisciplinary curriculum: general education courses combined with experiential learning

  5. Cybersecurity & Liberal Arts Colleges • Limited faculty • Classes in cyber security every two-three years • General education is mandatory for all students • Humanities • Social sciences • Foreign Languages • Quantitative reasoning & logic • Science

  6. Necessity leads to innovation Cyber Paths: Broadening the Path to the STEM Profession through Cybersecurity Learning

  7. General education undergraduate courses • CS150 - Science Using Computation, Wofford College • Mostly freshmen • Satisfies the general education requirement of quantitative reasoning • 20 students max • First Year Experience – Chasing ghosts in the wires, College of Charleston • Only freshmen • Satisfies requirement for general education • 20 students max

  8. GENI & Freshmen • CS 150 - Wofford: three hour lab on Denial of Service • FYE - CofC: two hours in class lab and homework, IT Components, Traffic analysis • Developed our own “getting started” guide • Windows • Mac • Several iterations of the lab • Putty/terminal • GENI desktop

  9. Distributed Denial of Service Lab Module • Pre-installed topology • ping - verification • iperf - performance • Hping3 - DoS • Hypothesis testing

  10. Pilot Survey • Conducted at Wofford College. • Cohort: • 15 students • Self-assessment of CS knowledge: 40% novice; 40% intermediate; 20% advanced • Pilot Questionnaire: • I have a better understanding of CS. • I understand how information is transmitted through the internet. • I understand the basics of computer attacks and computer network attacks. • I understand how computer and network attacks can harm me and my organization. • I am considering to take another CS course.

  11. Results

  12. Comments Q: What did you like best about the GENI lab and why? • I liked the opportunity to take part in a live experiment with real computers. • Doing to the denial of service attack was really cool. • I liked that we did a real world issue in a safe and controlled environment. • Working with terminal and the command line • I feel like the GENI lab was a good opportunity to learn about computer network attacks first hand, because the experiment was a real attack on a real network. • I like that it showed how the networks work from several perspectives and how attacks can happen • I liked best learning about the network attacks and being able to replicate it ourselves. • It was cool to see how flooding a computer actually works rather than it just happens. • I liked how we were able to simulate a real attack. This really puts it into prospective on how hackers can do this to anyone. • I liked how there were images showing you what was happening. • I liked being able to control remote networks through the terminal. It was interesting because it gave me a better idea of the basic / behind-the-scenes of how operating a computer works.

  13. Comments Q: What did you like least about the GENI lab. • I did not like how repetitive it was, and how some things took a very long time to do. • I think that my least favorite thing about GENI was trying to get GENI to work. • The GENI infrastructure seemed to be unstable and difficult to work with at times. It's also hard to have a complete understanding of how to perform the lab without already having an understanding in computer science. Q: Please give any suggestions to improve the GENI lab. • Introduce the types of cyber attacks prior to the lab. • Maybe doing it once before with the entire class on the projector to give us a heads up on what we are doing and to also see if we are doing it right. Then, let the groups run the tests multiple times. • Before the lab and working with GENI have a day where you go over the basics of the command line and terminal

  14. Other undergraduate courses Cryptography and Network Security • Junior/Senior level • Maximum 25 students • In house labs: • Traffic analysis • SDN • Snort IDS installation • Create custom snort alert

  15. Intrusion Detection Systems and Mitigation Attacker Server Spoofed Client Goals: • Install Snort IDS on monitor machine • Duplicate all traffic to monitor • Create a custom alert for Snort IDS • Use mitigation script • Drop malicious traffic Send Spoofed SYN Send SYN-ACK Resend SYN-ACK

  16. Covert Channel Communication Lab Module Goals • Multiplex regular and covert storage channel traffic • Analyze traffic to detect covert communication • Split signal to make covert communication stealth

  17. Students Cybersecurity Capstone Projects & Undergraduate Research

  18. Resources that we have used • Train the TA • GENI Summer Workshops • GENI Wiki • GENI google groups • UNC GENI Education

  19. Student Challenges Student comments: • Difficult to download and use keys and make personal machine work • GENI concept not well understood • Command line • Time limit 

  20. Instructor Challenges • Time consuming topology reservations • GENI desktop reservation • Need to have backups! Machines die… • New GENI accounts – follow the instructions, always make sure you have the latest info

  21. Benefits • Expected • Real experimentation • Excitement • Better understanding of concepts • Realized • First class is a throw away… • Excitement was achieved • Need to measure more! • Learning goals accomplished? • Is it better to use GENI or local VMs?

  22. If I were to start over… • Update instructions sooner • Spend time planning • Explain in class what is GENI • Not use putty/terminal with freshmen non-CS majors • Plan early, revise often!

  23. Suggestions • Courses • Data analytics • Malware analysis • Network Forensics • Pen testing  • Tools • Remote desktop • Organic IP & other traffic visualization tools

  24. Conclusions • Cybersecurity workforce can be diversified with liberal arts students • Experiential cybersecurity learning does not have to be expensive • Realistic experiential learning attracts students to cybersecurity

  25. Questions? Thank you!

  26. GENI Cyber Modules & courses • http://blogs.cofc.edu/cyberpaths/modules/ • http://mountrouidoux.people.cofc.edu/FYE_CySec/index.html • http://mountrouidoux.people.cofc.edu/CSIS490/index.html

More Related