ITSEED: Hands-on Laboratories for IT Security Education Xinli Wang*, Yan Bai** and Guy C. Hembroff* * Michigan Technological University, ** University of Washington Tacoma Introduction It has been commonly acknowledged that the benefits of hands-on activities for the education of computing security are threefold: • Expose students to real-world challenges; • Help students consolidate knowledge and gain indepth understanding of the materials presented in class lectures; • Assist students to be well prepared for their careers in industry. However, there were not many hands-on exercises publically available. Motivated by the need for education-oriented and well developed hands-on exercises for undergraduate education of information technology (IT) security, we have developed a collection of instructional hands-on lab assignments that can be used to help teach security courses or courses with a security component in IT. Out labs cover a wide spectrum of principles, ideas and technologies along with well-developed tools in the open-source domain. • Lab descriptions are publicly accessible from our web page (www.ece.mtu.edu/~xinlwang/itseed/). • All of the labs have been tested in a virtual environment and used in our security courses. • Feedbacks from the students are positive. Our experience is presented in this poster presentation. Methods Results Layered and modular design for lab development. Four Layers: • Goals and Objectives • Technologies • Tools • Effects • Labs were developed and implemented in Linux systems. • Software tools were from open source domain. • Appropriate instructions were given to facilitate conducting the hands-on activities. • Labs were implemented and tested in a virtual environment. • Labs were used in security classes and refined according to feedbacks. The lab is a valuable part of this course Contacts: Xinli Wang: xinlwang@mtu.edu Yan Bai: yanb@uw.edu Guy C. Hembroff: hembroff@mtu.edu Web: http://www.ece.mtu.edu/~xinlwang/itseed/ Twelve labs have been developed and tested. Topics include: • Computer Security: evasion and defense; capability and system hardening; password cracking; SELinux; • Network Security: IDS-Snort; penetration test; PKI; VPN; MitM attack; • Cryptography: cryptosystems; operation modes; • Application Security: Web server security. • Twelve hands-on assignments have been developed to enhance the security component in undergraduate IT education. • Software tools in open-source domain are used to implement these labs. • Labs have been tested in virtual environments and used in security courses at junior and senior levels. • Lab descriptions can be downloaded from our web page (www.ece.mtu.edu/~xinlwang/itseed). • These assignments have been evaluated by students and the data shows they are efficient and effective to help them gain hands-on experience and a better understanding of the materials presented in class lectures. • A majority of the surveyed students developed a greater interest in the course and acknowledged that the labs were a valuable part of the course. The level of my interest in this lab The effectiveness and efficiency of the labs were evaluated by students. More than 105 responses were collected during the period of 2014 spring to 2015 spring. Feedback was highly positive. • Effectiveness and efficiency of the labs were evaluated by students. Approximate time spent for this lab References: 1. Xinli Wang, Yan Bai and Guy C. Hembroff. Handson Exercises for IT Security Education, SIGITE’15, 2015. • Lab descriptions are publicly accessible from our web page. • Answer keys are available upon request. Conclusions 2. SEED Project: www.cis.syr.edu/~wedu/seed/ The time I spent for this lab is worthwhile 3. W. Du and R. Wang. SEED: A suite of instructional laboratories for computer security education. JERIC, 2008