Teaching Computer Security - Education Essay Example

Introduction

Computer Security is has undergone many iterative processes of evaluation and regular updates had been into daily work flow - Teaching Computer Security introduction. The terrorist attack, stealing of information, loss of data and identity theft from the main server database and many more unacceptable criminal activities had led to implementation of Computer Security. Need for computer security arise from the basic requirement of confidentiality and secrecy of information or data over internet/intranet or stand alone computer system. There are many different ways one can exploit the system and get associated data to fulfill intruder’s intention. Intrusion can be deliberate or unintentional, but these come after the security implementation. Intrusion takes place because the X (intruder) is interested in certain information Y (confidential data) where X is not allowed to access that data. Such attempt to access such information is treated as cyber crime. Cyber crime is broader term and uncovers many discussed and non-discussed topics, algorithms, criminal activities, prevention and detection. The most important here that cyber crime investigates is security. Computer security is not some dedicated software/hardware or just hardware or just software. Implementation of cyber security is the proper combination of both (software as well as hardware) with some protocols to be followed and set of access rights assigned according to demand from institute or organization or some individual. Teaching of computer security is more critical JOB than actual implementation. This paper is dedicated to all those who help enhance computer security. This paper provides suggestions and advice that may be useful for others who embark on this adventure. Of course, the ideas presented here build on and complement the work of many others in this area [5, 7, and 11].

Need

essay sample on "Teaching Computer Security"

? We will write a cheap essay sample on "Teaching Computer Security" specifically for you for only $12.90/page

More Education, Computer, Computer security Essay Topics.

How to learn computer Security?

Computer security starts with the ability to understand the basic of computer security, reading some handful of books titled “Basics of Computer Security” is always a good idea to start with. Always target the book with easy readability and easily available resources to understand I.T security. The author suggest Counter Hack [9] as the information compiled in this book is very authentic with clear explanation and easy to read & understand. This book has clear view of how hackers work and how they breach into computer system to steal information and sensitive data of interest. This also includes the wider description of entire, attack summaries, attack flow, attack time. Counter Hack [9] anticipates the new user by dedicating first few chapters, text about Operating systems (UNIX, Windows, and Novel Netware). This is certainly a good practice to receive and revise the information either you are previously know to it or not. “Counter Hack” can easily be compared with the giants of computer security journal, book and magazine such Information Security [12] that thoroughly cover these points & text.

In the world of computer security (CS) there is a saying “Do it to learn it”. This is the undeniable best way to learn security measures. To learn cyber security (computer security) you need to think like cyber criminals, but in positive way. Before doing it always remembers that you are here to learn and not to spoil someone’s life or carrier through cyber crime. Cyber crime is non-bail-able crime and may put you into some serious problem. Always be warned, do well and so shall you get good. It is a art that one architects from iterative learning and doing itself. The problems caused by cyber crime may claim considerable time to diagnose and rectify the root cause of the problem situation (may be small or big). There may be situation of single server and few clients (active/non active) with sometime waiting for their turn to access the network resources, once the allotted time is passed resources are forwarded to other client. This situation can also be exploited it you do something creative and keep the resources with you and access denied signal to remaining clients. Before administrator could rectify the problem area the network is back in action, as administrator neglects it as transient error. This was just a small phenomenon that is common in network.

Beside the above situation and information there are enormous security websites and hackers blog those are dedicated to provide tremendous information worth to try and practice.

There are infinite work places where you can work as security consultant, in I.T MNC’s, Military, Government, Health care, Media and Television, etc. wherever there is information and if it’s critical to protect that information/data the SC is indeed useful. CERT [10] and SANS [8] this will provide up-to-date information on the latest security flaws, attacks, and fixes. This is essential information for those who are responsible for security and often good material for the classroom as well.

If you are unable to locate any proper SC course then the best way to deal with such situation is to access website none other than SANS. It offers wealth of course modules according and completes hierarchy to recent trends in computer security or cyber security.

Help for setting up course?

The information can be collected from the lab manuals created by students while setting up their lab. The presentations and explanation of these manuals is according to the actual implementation and may contribute towards great help. These manuals, PowerPoint presentation and paperwork is one genuine martial for setting up course module. According to myth US Telecom Company was hacked reading such thrown away manuals. Course making is one critical process and should always be correct. But it’s impractical to actually work on each and every concept in LAB and then note it down. In such situation the implementation manuals form friend or tutor’s lab guide may be of great help. Also try and making habit of taking down things right away on paper once observed is good practice to learn and get more help.

Computer Security Ethics

Security (computer security) course has good chance to reveal and put forward the professional ethics about cyber security. The class might discuss and put light on ACM Code of Ethics[1] which might provide good basics for discussion. The course module for the security lab practicals must be prepared and compiled well in advance. The lab must consist of all those resources as discussed in manual and must accommodate considerable terms and definitions to be taught. You can setup the entire lab isolated to University lab or campus or do give this sort of idea to campus administrator well in advance before you could try some of the security and hacking tactics on to the secured network. Most of the time permission is granted and is know about the activity so no charge is set on if any suspicious activity is found. Warning on regular basic about the hazards of the malicious activates and punishments for it is to be circulated among the practicing.

Laboratory, Equipments and Software’s

CIS department had recently just replaced some of its workstation (PC’s) and high performance server computers. Some of the old workstation was used and to set up a small computer security lab, to be fortunate enough everything worked well and lab was ready to for work. Some of these workstations had Linux installed, while the others had various versions of Windows. In a few cases the operating systems were not patched for the latest security flaws in order to make labs using these flaws possible. These computers were plugged into a locally available hub in order to provide a dedicated LAN (802.11 b) for the more realistic computer lab experience. Choice of hub instead of switch makes it possible to examine packets with sniffer software.

Linux Laboratory

Since most of newcomers and students are unaware of Linux and its command prompt. Linux lab can be was used to educate them from grassroots level making them aware about certain commands of Linux used for networking (ipconfig, netstat, ping, tracert). This might prove to be completely new experience for them as the Login is based on user authentication and they might find Linux to be very interesting. They more learned and revel about the strict access rights in Linux, and discovered that Linux functions much different than that of windows operating system. Permissions level was the critical part that can be taught in Linux Laboratory.

Reconnaissance Lab

This is useful to exploit the geographical separation between labs and physical distances. Students can practice the InterNIC centralized registry service[6]. This is somewhat the lower version of wiretapping. The header information can be revealed and if intruder situated outside the secured network, but do has access to network can exploit the session.

Scanning Lab

Scanning lab is the one to practice some serious stuff all around the network. This involves the scanning of the server on network for some vulnerabilities and port opened in order to use them to access some resource. As the configured network had one serve attached to it, this was possible. Some of the insecure services like FTP and Telnet could be easily accompanied by Network-pointer software to give pictorial representation and 3D view of ongoing network traffic. The less secure service such as source and destination header can be easily accessed and learned. As the network is properly configured then NESSUS software could be easily used to scan some of its designed entities step by step as lab practice progress to advance level. This simple network could also train students for crashing windows version and try their hands on password guess attack for Linux systems. The reporting technique we discussed could be very helpful here, ask students to scan systems on network and note down all the viewable and accessible threats inside the network. Once inside the network there are infinite possibilities opened for you to practice. Remember “Do it, to know it”. The inside practice could make you to stand tall in future to protect from outside threats.

Lab on Password cracking and Web Attacks

This lab can be used for cracking the software John Ripper on Linux system with the help of shadow files, already available with you through previous hacking lessons learned in Lab. This again would report to the problem for many students that how secure the Linux system could be, as it would be hard to access shadow-files with system having strong password, sometime password guess attack might work, but mostly fails if password is strongly configured. The lab includes the directory migration, insertion of bad data into CGI script.

Network Attack Lab

Here in this lab students can also practice and run Buffer overflow attack and to target and shoot back  Xterm, which in turn directly gives root access to server. After making inside a server, one can practice to make shell in backdoor after accessing inetd.conf. The EtherPeek packet sniffer can be used to see the details of telnet, ftp and SMTP sessions, while students can note what is transmitted as plain text. A few web attacks can be also tried which shows the potential danger of placing a copy of cmd.exe where a web user could access it via IIS. Finally, Windows privilege escalation exploit GetAD. It only works if remote registry access is turned on, but is quite effective if this door has been left open. Once local System access has been attended, students can run pwdump to show that they could obtain password hashes.

Denial of Service Lab

In this lab students can use PortSentry to automatically block an IP address from which port scanning of their computer is been done. PortSentry works by putting the scanner’s IP address in the /etc/hosts.deny file. This denies that IP address access to any services launched by TCP wrappers (tcpd). The lab also can be used to show students that an attacker could port scan their system using spoofed source addresses, thus denying access to the system for legitimate users at those spoofed addresses. SYN flood attack against a Linux system. You can practice the script on the Linux system that use iptables to block packets having the source MAC address of the attacker. Students can then evaluate the effectiveness of this defense. The WinNuke exploit, and is very helpful to try here. It causes the Windows 2000 server to fail to work correctly. Try your hands on even viewer where it should not show event anymore.

Lab on Maintaining Access

Back Orifice 2000 (BO2K) was the hit of the semester. Students would be  surprised at how much control BO2K gives to to a remote attacker. Modern antivirus products detect BO2k, so its better to disable any antivirus software prior to this lab. To make our demo more effective, an installer for a freeware game is needed. Arrange for the installer also to secretly install BO2K server. The installer can be made available on a web page that advertised the game. Part of the lesson, of course, is that it is not very safe to download software from an un-trusted source. One group of students run the BO2K client software on the attacker’s computer, while another group install the game and watched as their Windows 2000 computer can be taken over. The attackers starts and shut down processes on the victim, hijacked the victim’s keyboard and mouse, also could streaming video of the victim’s display, steal password hashes, and locked up the victim’s computer.

Other Options for Learning Computer security

Guest speakers can be brought in to add other perspectives to the course. Real-life cases also add color. Sometimes one can find written hackers’ accounts in which they brag about their exploits. Numerous optional topics can be added or removed as desired. A notable example is cryptography. Although a little cryptography is probably needed in any introductory computer security course, one can add more of the mathematics and applications of cryptography as time and interest allow. Another large topic area is the configuration of routers, switches, and firewalls. Some of this can be added, especially if the students are fairly advanced. Be forewarned that it takes a lot of time to learn this area. In fact, there are entire courses on this topic, such as those used to prepare for networking and security certifications. If the class consists of fairly talented students it would be possible to have some very open-ended labs in which groups of students download, compile, and test some of the latest attack exploits. Another open-ended lab could have students configure a small hardware firewall and then test to see how well it protects against various attacks. A cheaper approach is to set up a firewall using iptables on an inexpensive Linux-based PC with two network cards. This type of lab gives students the chance to be very creative. However, it is possible to spend hours on a particular exploit or defense and never get it to work.

Summary

The paper represented the overview of the Computer Security and related different aspects of how can one easily configure the Lab and setup the course work for his someone to teach. It covered the overall different techniques used for exploitation, setup of hacker friendly network, report making of the exploits found. Later the paper reveled that more interesting is the hacking of server and taking control over it to further exploit the network resources and facilities. The software we focused are John ripper, EtherPeek and many more.  The security issues related to Linux, and its authentication. Working of firewall and they way to exploit it in its own way. This paper overall discusses the good techniques and tips for novice user to try hacking and learn computer security issues, with basic requirements for of learning the network commands to access the network resources, the different operating systems in network, their configuration and their primary security provided along with the basic operating systems.

Haven't found the Essay You Want?

Get your custom essay sample

For Only $13/page