270 likes | 283 Views
Explore the challenges faced by predominantly undergraduate liberal arts institutions in providing cybersecurity education and discover solutions using GENI and multidisciplinary approaches.
E N D
GENI, Cybersecurity, and Liberal Arts Xenia Mountrouidou (Prof. X)
Outline • Motivation • Courses& labs • Challenges • Suggestions • Conclusions
Challenges • Predominantly undergraduate institutions have limited resources • Experiential learning in cybersecurity requires sanitized labs and large investments
Solution • GENI! • Multidisciplinary curriculum: general education courses combined with experiential learning
Cybersecurity & Liberal Arts Colleges • Limited faculty • Classes in cyber security every two-three years • General education is mandatory for all students • Humanities • Social sciences • Foreign Languages • Quantitative reasoning & logic • Science
Necessity leads to innovation Cyber Paths: Broadening the Path to the STEM Profession through Cybersecurity Learning
General education undergraduate courses • CS150 - Science Using Computation, Wofford College • Mostly freshmen • Satisfies the general education requirement of quantitative reasoning • 20 students max • First Year Experience – Chasing ghosts in the wires, College of Charleston • Only freshmen • Satisfies requirement for general education • 20 students max
GENI & Freshmen • CS 150 - Wofford: three hour lab on Denial of Service • FYE - CofC: two hours in class lab and homework, IT Components, Traffic analysis • Developed our own “getting started” guide • Windows • Mac • Several iterations of the lab • Putty/terminal • GENI desktop
Distributed Denial of Service Lab Module • Pre-installed topology • ping - verification • iperf - performance • Hping3 - DoS • Hypothesis testing
Pilot Survey • Conducted at Wofford College. • Cohort: • 15 students • Self-assessment of CS knowledge: 40% novice; 40% intermediate; 20% advanced • Pilot Questionnaire: • I have a better understanding of CS. • I understand how information is transmitted through the internet. • I understand the basics of computer attacks and computer network attacks. • I understand how computer and network attacks can harm me and my organization. • I am considering to take another CS course.
Comments Q: What did you like best about the GENI lab and why? • I liked the opportunity to take part in a live experiment with real computers. • Doing to the denial of service attack was really cool. • I liked that we did a real world issue in a safe and controlled environment. • Working with terminal and the command line • I feel like the GENI lab was a good opportunity to learn about computer network attacks first hand, because the experiment was a real attack on a real network. • I like that it showed how the networks work from several perspectives and how attacks can happen • I liked best learning about the network attacks and being able to replicate it ourselves. • It was cool to see how flooding a computer actually works rather than it just happens. • I liked how we were able to simulate a real attack. This really puts it into prospective on how hackers can do this to anyone. • I liked how there were images showing you what was happening. • I liked being able to control remote networks through the terminal. It was interesting because it gave me a better idea of the basic / behind-the-scenes of how operating a computer works.
Comments Q: What did you like least about the GENI lab. • I did not like how repetitive it was, and how some things took a very long time to do. • I think that my least favorite thing about GENI was trying to get GENI to work. • The GENI infrastructure seemed to be unstable and difficult to work with at times. It's also hard to have a complete understanding of how to perform the lab without already having an understanding in computer science. Q: Please give any suggestions to improve the GENI lab. • Introduce the types of cyber attacks prior to the lab. • Maybe doing it once before with the entire class on the projector to give us a heads up on what we are doing and to also see if we are doing it right. Then, let the groups run the tests multiple times. • Before the lab and working with GENI have a day where you go over the basics of the command line and terminal
Other undergraduate courses Cryptography and Network Security • Junior/Senior level • Maximum 25 students • In house labs: • Traffic analysis • SDN • Snort IDS installation • Create custom snort alert
Intrusion Detection Systems and Mitigation Attacker Server Spoofed Client Goals: • Install Snort IDS on monitor machine • Duplicate all traffic to monitor • Create a custom alert for Snort IDS • Use mitigation script • Drop malicious traffic Send Spoofed SYN Send SYN-ACK Resend SYN-ACK
Covert Channel Communication Lab Module Goals • Multiplex regular and covert storage channel traffic • Analyze traffic to detect covert communication • Split signal to make covert communication stealth
Students Cybersecurity Capstone Projects & Undergraduate Research
Resources that we have used • Train the TA • GENI Summer Workshops • GENI Wiki • GENI google groups • UNC GENI Education
Student Challenges Student comments: • Difficult to download and use keys and make personal machine work • GENI concept not well understood • Command line • Time limit
Instructor Challenges • Time consuming topology reservations • GENI desktop reservation • Need to have backups! Machines die… • New GENI accounts – follow the instructions, always make sure you have the latest info
Benefits • Expected • Real experimentation • Excitement • Better understanding of concepts • Realized • First class is a throw away… • Excitement was achieved • Need to measure more! • Learning goals accomplished? • Is it better to use GENI or local VMs?
If I were to start over… • Update instructions sooner • Spend time planning • Explain in class what is GENI • Not use putty/terminal with freshmen non-CS majors • Plan early, revise often!
Suggestions • Courses • Data analytics • Malware analysis • Network Forensics • Pen testing • Tools • Remote desktop • Organic IP & other traffic visualization tools
Conclusions • Cybersecurity workforce can be diversified with liberal arts students • Experiential cybersecurity learning does not have to be expensive • Realistic experiential learning attracts students to cybersecurity
Questions? Thank you!
GENI Cyber Modules & courses • http://blogs.cofc.edu/cyberpaths/modules/ • http://mountrouidoux.people.cofc.edu/FYE_CySec/index.html • http://mountrouidoux.people.cofc.edu/CSIS490/index.html