Developing and Delivering Hands-On Information Assurance Exercises: Experiences with the Cyber Defense Lab at UMBC
Loading...
Links to Files
Author/Creator ORCID
Date
2005-06-10
Type of Work
Department
Program
Citation of Original Publication
Alan T. Sherman, Brian O. Roberts, William E. Byrd, Matthew R. Baker, John Simmons, Developing and Delivering Hands-On Information Assurance Exercises: Experiences with the Cyber Defense Lab at UMBC, Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004., DOI: 10.1109/IAW.2004.1437823
Rights
This item is likely protected under Title 17 of the U.S. Copyright Law. Unless on a Creative Commons license, for uses protected by Copyright Law, contact the copyright holder or the author.
©2004 IEEE
©2004 IEEE
Abstract
In summer 2003, we developed four new hands-on information
assurance educational exercises for use in the UMBC
undergraduate and graduate curricula. Exercise topics comprise
buffer overflow attacks, vulnerability scanning, password
security and policy, and flaws in the Wired Equivalent
Privacy (WEP) protocol. During each exercise, each student
carries out structured activities using a laptop from a
mobile cart that can be rolled into any classroom. These
dedicated, isolated machines permit a student to make mistakes
safely, even while acting as the system administrator,
without adversely affecting any other user. Each exercise
is organized in a modular fashion to facilitate varied use
for different courses, levels, and available time. Our experiences
delivering these exercises show that practical hands-on
activities motivate students and enhance learning. In this
paper we describe our exercises and share lessons learned,
including the importance of careful planning, ethical considerations,
the rapid obsolescence of tools, and the difficulty
of including exercises in already busy courses.