Name
Abstract | ||
|---|---|---|
Nowadays, many academic institutions are including ethical hacking in their information security and Computer Science programs. Information security students need to experiment common ethical hacking techniques in order to be able to implement the appropriate security solutions. This will allow them to more efficiently protect the confidentiality, integrity, and availability of computer systems and assets.This paper presents a case study of the implementation of comprehensive ethical hacking handson lab exercises, which are fundamental to security education. The exercises are about three common Denial of Service (DoS) attacks, namely, the Land, the TCP (transmission control protocol) SYN (synchronization) flood, and the Teardrop attacks. DoS attacks are important topics for security courses teaching ethical hacking and intrusion detection techniques. The paper discusses also common defense techniques for detecting DoS attacks, including Intrusion Detection Systems (IDS) and Software tools. Snort tool is used as the IDS defense solution during the hands-on lab exercises. The learning objective of the hands-on lab exercises is for students to learn how to implement and detect the DoS attacks in an isolated network laboratory environment.Adding ethical hacking to an information security curriculum raises a variety of ethical and legal issues. Some students will use the acquired offensive hands-on skills in inappropriate and sometimes illegal ways. Hence, students may threaten their careers, hurt others, and put their institution's entire information security program at risk. Also, schools and educators may be held liable for the actions of their students. To contribute to improving the chances of having a successful and problem free information security programs that teach ethical hacking techniques, the paper lists a number of steps that should be taken by schools and educators to ensure that students are responsible for their actions and educate students on the consequences of any misconduct.The impact of offering the exercises on the students' performance in terms of achieving the course outcomes is also discussed. The course assessment results show that the offered hands-on lab exercises allowed students to better anatomize the attacks and assimilate the concepts learned from the lecture. The students have learned better with the exercises which had a positive effect on their performance.An anonymous questionnaire was administered to students who participated in the hands-on lab exercises to measure their satisfaction level and collect their feedback regarding the discussed hands-on lab exercises. The results of the questionnaire showed that more than 85% of the students who answered the questionnaire believed the exercises to be useful and helped them better understand the underlying theoretical concepts associated with DoS attacks. |
Year | DOI | Venue |
|---|---|---|
2013 | 10.28945/1920 | JOURNAL OF INFORMATION TECHNOLOGY EDUCATION-INNOVATIONS IN PRACTICE |
Keywords | DocType | Volume |
Information security curriculum, DoS attacks, Hands-on lab exercises, Ethical hacking, Schools and educators liability | Journal | 12 |
ISSN | Citations | PageRank |
2165-3151 | 1 | 0.38 |
References | Authors | |
8 | 2 | |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Zouheir Trabelsi | 1 | 136 | 27.78 |
| Walid Ibrahim | 2 | 106 | 18.65 |