ITSEED: Hands-on Laboratories for IT Security Education
Xinli Wang*, Yan Bai** and Guy C. Hembroff*
* Michigan Technological University, ** University of Washington Tacoma
Introduction
It has been commonly acknowledged that the benefits
of hands-on activities for the education of computing
security are threefold:
• Expose students to real-world challenges;
• Help students consolidate knowledge and gain indepth understanding of the materials presented in
class lectures;
• Assist students to be well prepared for their
careers in industry.
However, there were not many hands-on exercises
publically available.
Motivated by the need for education-oriented and well
developed hands-on exercises for undergraduate
education of information technology (IT) security, we
have developed a collection of instructional hands-on
lab assignments that can be used to help teach security
courses or courses with a security component in IT.
Out labs cover a wide spectrum of principles, ideas and
technologies along with well-developed tools in the
open-source domain.
• Lab descriptions are publicly accessible from our
web page (www.ece.mtu.edu/~xinlwang/itseed/).
• All of the labs have been tested in a virtual
environment and used in our security courses.
• Feedbacks from the students are positive.
Our experience is presented in this poster presentation.
Methods
Results
Layered and
modular
design for lab
development.
Four Layers:
•
Goals and
Objectives
•
Technologies
•
Tools
•
Effects
• Labs were developed and
implemented in Linux systems.
• Software tools were from open
source domain.
• Appropriate instructions were
given to facilitate conducting
the hands-on activities.
• Labs were implemented and
tested in a virtual environment.
• Labs were used in security
classes and refined according
to feedbacks.
The lab is a valuable part of this course
Contacts:
Xinli Wang: xinlwang@mtu.edu
Yan Bai: yanb@uw.edu
Guy C. Hembroff: hembroff@mtu.edu
Web: http://www.ece.mtu.edu/~xinlwang/itseed/
Twelve labs have been developed and tested.
Topics include:
• Computer Security: evasion and
defense; capability and system
hardening; password cracking;
SELinux;
• Network Security: IDS-Snort;
penetration test; PKI; VPN; MitM
attack;
• Cryptography: cryptosystems;
operation modes;
• Application Security: Web server
security.
• Twelve hands-on assignments have been
developed to enhance the security
component in undergraduate IT education.
• Software tools in open-source domain are
used to implement these labs.
• Labs have been tested in virtual
environments and used in security courses
at junior and senior levels.
• Lab descriptions can be downloaded from
our web page (www.ece.mtu.edu/~xinlwang/itseed).
• These assignments have been evaluated by
students and the data shows they are
efficient and effective to help them gain
hands-on experience and a better
understanding of the materials presented in
class lectures.
• A majority of the surveyed students
developed a greater interest in the course
and acknowledged that the labs were a
valuable part of the course.
The level of my interest in this lab
The effectiveness and efficiency of the labs
were evaluated by students. More than 105
responses were collected during the period
of 2014 spring to 2015 spring. Feedback
was highly positive.
• Effectiveness and efficiency of
the labs were evaluated by
students.
Approximate time spent for this lab
References:
1. Xinli Wang, Yan Bai and Guy C. Hembroff. Handson Exercises for IT Security Education, SIGITE’15,
2015.
• Lab descriptions are publicly
accessible from our web page.
• Answer keys are available
upon request.
Conclusions
2. SEED Project: www.cis.syr.edu/~wedu/seed/
The time I spent for this lab is worthwhile
3. W. Du and R. Wang. SEED: A suite of instructional
laboratories for computer security education.
JERIC, 2008