Computer Security Education and Outreach Judy O. Lantaca Intern, Naval Postgraduate School, Monterey, CA 93943 Dr. Mark Gondree, Research Associate Professor, Computer Security Laboratory Abstract Results The U.S. is facing a severe shortage in computer security professionals [1]. Dr. Gondree and Dr. Peterson are developing teaching tools and informal games to stimulate interest and promote literacy in this area. This project was to design a web site for educational outreach, related to projects for teaching computer security using informal games. It used WordPress, a popular content management system deployed on virtual infrastructure. The site will provide forums, events, a board game, and a complementary online card creator. The site allows teachers and researchers to work together for novel curriculum development. By completion of the internship, the major web aspects have been implemented on the test site. The next step is to deploy the site to the public. The work during the internship involved heavy use of four programs, that were new to the intern: WordPress, Dropbox, KeePass, and Evernote (Fig 3). Each of these programs played a significant role in the design, collaboration, and deployment of the web site. They are useful tool belt addons for interns in and out of the Computer Science field. (a) (c) (b) (d) Figure 3. (a) WordPress is a Content Management System, used to create and manage web pages. (b) Evernote was used as for our online lab notebook, for collecting resources. (c) Dropbox was used to backup and share materials, between mentor and intern. (d) KeePass was used to store very long administrative passwords, conveniently. Introduction After establishing access to WordPress on DreamHost, the team was able to get together and discuss what was most important to have on a website dealing with computer security outreach and what add-ons would make it more interesting. Figure 1. To the left we have Dr. Gondree giving a brief lecture to intern Judy about web pages on the board. Since there were no pre-determined requirements for the website, a team meeting was required to brainstorm and filter out various options (Fig 2). Some of the web page ideas are as follow: • A News Feed • An Events List • Social Media Links • Flickr Gallery Page • Easy Spam Control • Contact Page • Link to d0x3d Page • An Events Calendar • Discussion Forum • WP Analytics • and more… Figure 2. The image above is of a brainstorming session between Dr. Gondree, Dr. Peterson and Judy Lantaca to determine what, and how, information should be displayed on the test site. With a multitude of reading, editing, and installing needed to be done, running one computer was inefficient. Two computers (and three monitors) were used to facilitate multitasking (Fig 4). The desktop was where to bulk of the internship was done, whereas the laptop was used for weekly/individual meetings, presentations, and other work. Dozens of different themes and plugins [3] were tested to see which best matched the purpose of the website and also which was easiest to manage. For example, in order to gain feedback on if the webpage is effectively grabbing people’s attention, an automated web analytics program was installed to determine if new/different people are viewing the web page (Fig 6). Figure 6. The image above is of a graph made by the web analytics program that was installed to allow administrators to see when and how many users view the web page on certain days and how many visits were from unique IP addresses. Each page on the network is designed so that they are very simple to navigate. Since the webpage is designed to be open to the public for computer outreach, it is helpful to see where this site is being used the most so that administrators can work on it being more worldwide friendly (Fig 7). Figure 4. Configuration, notation, and visualization are the three best rules to follow to make work flow smoothly. (Configure the site, take notes to backtrack, and get new ideas from the display). Once learning how to establish and manage a website with general features was accomplished, such as news posts and galleries, the next task was to learn how to manage a network of sites [2] whose posts/events/pages could be linked to one another and get the test sites running (Fig 5). Figure 5. Top Left: A screenshot of the homepage of the tabletopsecurity test page. Top Right: A screenshot of the administrative side to WordPress where one would edit the website they are making. Conclusions Developing an educational website using WordPress is possible, but took longer than assumed. Not all themes and plugins will work with one another and so some PHP and HTML knowledge is required to work with the code and have plugins run accordingly. Also legal documentation for websites, such as privacy policies, are needed to be researched and written so that no legal complications can arise. By completion of the internship, the major web aspects have been implemented correctly on the test site and so the next step is to have the actual site be deployed. The final network of sites will be equipped with not only the most qualified plugins but also the most customizable so that there are more options for future changes. This website is the framework for the future website that for computer security outreach and education. Figure 9. Dr. Gondree and Salinas middle school students, playing an educational computer security game, d0x3d. Literature cited [1] Booz Allen Hamilton. Cyber IN-security: Strengthening the federal cyber security workforce, Whitepaper, July 2009. [2] “Codex: Create a Network.” WordPress. http://codex.wordpress.org/Create_A_Network, June 2012. [3] “Codex: Theme Development.” WordPress. http://codex.wordpress.org/Theme_Development, June 2012. Figure 7. In addition to the web analytic program that was installed that pulled information onto a graph, another feature was added which gathers the IP addresses and marks their location on a map enabling administrators to see the different locations world-wide where users are accessing the site, the darker the green the more visitors there are in that area. To advertise the web site, a plugin was added that connected information on the page to different social media networks, so that users can easily share what they find interesting to friends/family (Fig 8). Figure 8. The image at the top is a ‘Share Bar’ which is found under every post/event so that users can share/like the post that they are viewing. The bottom image is of the ‘Visit Us’ links that direct users to general pages, for example, if this project had a Facebook page it would direct them there. Acknowledgments Thanks to mentors Dr. Mark Gondree and Dr. Zachary Peterson. Alison Kerr, Cassandra Martin, Andy Newton Pat McNeill, Joe Welch, and Kelly Locke. This Internship was funded by Strengthening Transfer Pathways, a Title V STEM Grant. For further information Please contact judylantaca@yahoo.com or mgondree@nps.edu. Display of the test site can be found on test.tabletopsecurity.com until Sept 22nd.