20 likes | 200 Views
Teaching Information Assurance through Case Studies and Hands-on Experiences Xiaohong Yuan, Li Yang, Bill Chu, Kenneth Williams North Carolina A&T State University University of North Carolina at Charlotte University of Tennessee at Chattanooga. Security Management
E N D
Teaching Information Assurance through Case Studies and Hands-on Experiences Xiaohong Yuan, Li Yang, Bill Chu, Kenneth Williams North Carolina A&T State University University of North Carolina at Charlotte University of Tennessee at Chattanooga • Security Management • Case studies on areas of security management • Risk management • Incident response planning • Disaster recovery planning • Security policy • Physical security • Each case study includes case learning objectives, case description and case discussion questions which were mapped into Bloom's Taxonomy • URL: http://williams.comp.ncat.edu/IA_visualization_labs/Case%20Studies/index.html • Attack/Defense • Buffer overflow lab • Provide students with hands on experience in stack overflows. They willcraft an input file that will cause the victim program to execute arbitrary code • Wireless network attacks lab • Demonstrate wireless network concepts or methods including wardriving, eavesdropping, WEP key cracking/decryption, Man in the Middle, ARP cache poisoning, MAC spoofing and defense techniques forsome of the attacks. • URL: http://williams.comp.ncat.edu/IA_visualization_labs/index.html • Network Security Visualizations • Packet Sniffer • Key Management: Kerberos Protocol • Wireless Network attacks • Eavesdropping • Evil Twin • Man in the middle • ARP cache poisoning • ARP request replay • SYN flooding attack • URL: http://williams.comp.ncat.edu/IA_visualization_labs/security_visual_tools/VisTools.html • Contact Information • Xiaohong Yuan, xhyuan@ncat.edu • Li Yang, Li-Yang@utc.edu • Bill Chu, billchu@uncc.edu • Kenneth Williams, williams@ncat.edu • Huiming Yu, cshmyu@ncat.edu • Joseph Kizza, Joseph-Kizza@utc.edu • Kathy Winters, Kathy-Winters@utc.edu • Acknowledgement • This project is sponsored by NSF Scholarship for Service Program (Award No.: DUE-1129413, 1129444, and 1129355) from 2011 to 2013 • Cryptography • Hands-on labs that allows students to • experience cryptographic algorithms and mechanisms • increase awareness of possible threats and attacks to various cryptographic techniques, such as linear attack to S-box, short-message attack to RSA cipher. • Case studies that train students to • adapt cryptography solutions to emerging areas, such as virtualization, healthcare, and mobile computing areas. • URL: http://teaching-ia.appspot.com/labs • Access Control • Hands-on labs of access control using commercial databases (Oracle): • Discretionary access control (DAC) • Trojan Horse attach to DAC • Role-based access control (RBAC) • Mandatory access control (MAC) • Virtual private database • Auditing • Data masking • URL: http://teaching-ia.appspot.com/labs • Manual available • Web Security • Hands-on Labs on • web application vulnerability assessment • secure web application development • URL: http://teaching-ia.appspot.com/labs