CSMASTER

We teach two very different computer security courses in our undergraduate and graduate curricula.  The undergraduate course is basic -- principles of security, creating a security plan and a recovery/action plan, security concepts.  These are things someone just entering the field professionally should know.  The graduate course, however, takes an entirely different approach, a very aggressive approach.

Most of our graduate students are already working professionally in computer fields.  Security policies are already in place in their companies so they already are familiar with the basics.  For that reason, the graduate security course takes an approach similar to Lupin's class at Hogwarts School of Wizardry and Witchcraft.  In spite of its formal name (Computer System Security), students (and I, too) have long referred to the course as "Defense against the Dark Arts."  In some places, this approach is sometimes called "Black Hat/White Hat."  Students learn penetration testing (pen testing), the art and practice of "ethical hacking."  They are given a wide assortment of tools for reconnaissance, scanning, penetrating, and exploring networks and computers.  Then once they have learned the types of attacks (the "Black Hat" side) which may well come at them as network and system administrators, they switch hats and learn how to detect, blunt, and generally mitigate cyber attacks.

For many years, I have had the assistance of a good friend and former student who lives in Ohio and runs an impressive server farm out of his basement.  His expertise has been invaluable in organizing and supporting the course.  The most intriguing part of the course is the culminating exercise, which takes up the entire final 4-5 weeks of the semester.  The "ByteMe!" exercise varies each time the course is offered, but basically it is a targeted penetration test of a large, simulated corporate network.  Using secure connections, students work in small groups to plan and execute a pen test of the corporate site.  They are given specific objectives and must either identify or compromise specific objects using the techniques learn and practiced during the semester.

Defense against the Dark Arts will never make anyone an expert penetration tester.  That isn't its purpose.  But it does sensitize students to the very broad range of attacks and threats with which they must contend on a daily basis without any end in sight.  And just for the record, proper ethical standards are pressed upon the students repeatedly alongside warnings about doing any testing outside the designated "sandbox" or using the software for anything but its intended purposes.

• < Prev
• Next >