Developing and Delivering Hands-On Information Assurance Exercises: Experiences with the Cyber Defense Lab at UMBC

Thumbnail Image

Files

ShermanWestpoint2004.pdf (164.65 KB)

Links to Files

https://ieeexplore.ieee.org/document/1437823

Permanent Link

https://doi.org/10.1109/IAW.2004.1437823
 http://hdl.handle.net/11603/12937

Collections

UMBC Center for Information Security and Assurance (CISA)
UMBC Computer Science and Electrical Engineering Department
UMBC Faculty Collection

Author/Creator

Author/Creator ORCID

Date

2005-06-10

Type of Work

conference proceedings and papers preprints
Text

Department

Program

Citation of Original Publication

Alan T. Sherman, Brian O. Roberts, William E. Byrd, Matthew R. Baker, John Simmons, Developing and Delivering Hands-On Information Assurance Exercises: Experiences with the Cyber Defense Lab at UMBC, Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004., DOI: 10.1109/IAW.2004.1437823

Rights

This item is likely protected under Title 17 of the U.S. Copyright Law. Unless on a Creative Commons license, for uses protected by Copyright Law, contact the copyright holder or the author.
©2004 IEEE

Subjects

buffer overflow
computer security education
cyber defense exercises
information assurance education
password security
scanning vulnerabilities
UMBC Cyber Defense Lab
wired equivalent privacy (WEP)

Abstract

In summer 2003, we developed four new hands-on information assurance educational exercises for use in the UMBC undergraduate and graduate curricula. Exercise topics comprise buffer overflow attacks, vulnerability scanning, password security and policy, and flaws in the Wired Equivalent Privacy (WEP) protocol. During each exercise, each student carries out structured activities using a laptop from a mobile cart that can be rolled into any classroom. These dedicated, isolated machines permit a student to make mistakes safely, even while acting as the system administrator, without adversely affecting any other user. Each exercise is organized in a modular fashion to facilitate varied use for different courses, levels, and available time. Our experiences delivering these exercises show that practical hands-on activities motivate students and enhance learning. In this paper we describe our exercises and share lessons learned, including the importance of careful planning, ethical considerations, the rapid obsolescence of tools, and the difficulty of including exercises in already busy courses.