This article is really interesting

[ I just cut the article down to what I thought was the most important parts of it ... ]

Basically the University will be offering a new course to students whose purpose is to teach students how to write viruses. The course being introduced is called "Computer Viruses and Malware", and is gonna be offered as part of the undergraduate program in Computer Science.

Course:: will allow students to create viruses, worms, and Trojan horses ....

But for some reason some computer industry people seem to dislike this idea. One example Graham Cluley, senior technology consultant at Sophos who is comparing it to teaching kids how to break into cars.

But Dr. John Aycock the main defender of the course says that this will allow students to understand how viruses are created. Thus creating better security professionals who will be abel to create more better secure software and develop better counter-measures in the future to combat viruses.

here's a link to an article -- 1st is the original article
http://www.geek.com/news/geeknews/2003May/gee20030527020143.htm
http://www.vnunet.com/News/1141141

I personally think that this is a good idea what better way to prepare for future virus attacks then this..
You teach students how to create them run them in an environment similar to a mini-internet like the one that there going to set up ... for example if the University of Calgary and the UC Berkeley and USC join together... the Canadian University could create the viruses run them on this network an thus providing them with a wealth of info on how to stop future attacks .. That would be a great idea ...What do you guys think ??

This is old news and was discussed a while ago (might want to do a quick search beforehand)..

http://www.antionline.com/showthread.php?s=&threadid=245336
http://www.antionline.com/showthread.php?s=&threadid=244180
http://www.antionline.com/showthread.php?s=&threadid=244176
http://www.antionline.com/showthread.php?s=&threadid=244074

But I wholehearted agree with it. I wouldn't create a network setup like you are suggesting. There is no need for that and a higher risk of "release". Better off having the students use a network setup by the prof. There are stringent requirements to take that course and they do cover ethics heavily in it.

One of the things I'm pondering for the degree I'm creating (Network Security Bachelor) is the inclusion of Grid Technology Research (security of; penetration of; etc.). That'd be an interesting challenge.. :D

I did a search before I posted it sorry about that I somehow must have missed it ....

I am very interested in the Network Security Bachelor degree that you just briefly described could you please post more info if you dont mind ....
Thanks

When it happens, I will. Right now we're still going through the hoops and barrels that the Ministry of Education requires of us. This is not a quick process. Our target start date is September 2005. So... patience is a virtue (as is determination)... :D

Ms. M: Any chance that could be done online?

Not initially but perhaps in time. :D

Ms. M: Darned shame..... You could probably drum up a lot of business just from around here.....

Oh .. I know.. :) ... Personally, I'd rather the course be good but limited in location/availability than rushed and bad, available to the whole world. Resources, funding and "fear of success/failure" are things that limit what we can and cannot do.

The steps for this are:

a) get Ministry approval to run it

b) run it and figure out what works/what doesn't

c) expand it (online).

I think that we'll start to see more and more Networking Bachelors (not sure if there will be that many networking security bachelors) as time goes on. Certainly there are some universities that believe that you cannot teach administration from the get-go and that you need a huge foundation of programming. But I think that there are many universities that do believe you can teach networking methodologies in a Bachelor program.

The school that I am attending has a Masters degree in Information Systems Security. They started the program shortly after I started work on my masters degree. I don't know how good it is, but when I get closer to finishing my masters, I am going to see if they will allow me to audit the courses. I don't know if they will let me, but a couple of my teachers have already said they will try to help it happen, so we will see.

Oh... I'd be interested in hearing about their courses. I did a fair amount of research on various degrees (all the security ones I found were pretty much Master's and specifically seemed to be about auditing/sec management). :D

Wow! Things are changing so fast. I'm almost done with my Computer Engineering major. I'm thinking about doing a master's degree on Computer Security. I must say I've found a very small number of universities that offer that type of degree.

Now, thank god, things are changing and classes so important such us virrii wri are being introduced in bachelors degree. Really, nowing your enemy is the only way to defend yourself from it!

sorry, i meant now not only masters degrees but also bachelors degrees on computer security

I was just wondering Ms.M what exactly are the requirements that you have to meet before they accept the Bachelors Degree that you and your colleagues are working on ??? just curious ...

Greetings...... I know I am a lurker.


Ms Mittens Cmon give us the info!!!!!


Good thread for a change. Heheh AO is still a good place.


:D

The process is simple but is filled with politics and committees and such:

1. Get the School to agree to do a submission. This is one of many degrees that the school wants to do but only a few will be selected.

2. Put together the proposal (info is found here: http://peqab.edu.gov.on.ca/appro.html ). The document on HOW TO SUBMIT (font type, page layout, what goes into what section, how it's to be presented, etc.) is 56 pages long. 12 copies in total including 2 electronic ones.

3. Wait for the committee to approve it.

4. Run it. Now, if you think that I'm going to run a degree program and right away launch it into online without seeing if the regular version works, that's silly. Besides, the online version would have some different requirements. Some things would work in the classroom, some won't. The reality is we only have so many professors who can work on developing these courses and not enough money to hire more. Since we are a publically funded school we are dependent on what the Ministry gives us. I doubt they will give us that much money given their recent financial woes.

5. Expand it.

Galdon, what info were you looking for? What the degree will have in it? I could give you my vision of it but that will unlikely be the exact same when the degree runs. As with anything, it's bound to change as time progresses. Certainly there are some things that will be covered (intro to security, firewalls, IDS, OS specific security, forensics, pen testing, network security design, law and ethics, etc.) but some things may be removed or only offered as optional. The degree is to be a hands-on, applied degree with a component in co-op (required), research participation (with whatever research is going on at the College and possibly this might be a grid project) and the student's own thesis.

As a side note, a competing college has announced their degree (http://www.sheridanc.on.ca/applied_degrees/system.html). My boss seems worried about this but as I pointed out to my boss:

a) the degree seems somewhat haphazard

b) has limited networking topics

c) seems more cryptographically related than security

Looking at this I wouldn't be interested. But maybe that's me..

Ms. M: It's not just you.......

I find it hard to come up with good reasons for a lot of the stuff they have in that curriculum and it's relationship to computer security in the "real world"..... CPU architecture.... Hmmmm... Knowing how the CPU is designed is going to help me.... How?

Then I really don't see what is the "meat" of much of the job, Intro through Advanced network protocols and finally something like "Current protocols and their inherent weaknesses".

As you note the heavy emphasis on math is aimed towards cryptography - but, depending upon your environment, that can be a very small part of the whole.

It's possible that they shyed away from a lot of content to avoid criticism that they are "teaching" hackers but to be honest I think this is a reflection of a lot of the IT courses out there today. The problem the institutions have with IT is a valid one though in that by the time they have gone through the process of creating a curriculum it is often already out of date so they seem to shy away from the "cutting" edge a little and, IMO, do the students and their future employess something of a disservice.

Before you shout at me...... ;) That is a generalization formed by looking at the curriculum's studied by a few hundred applicant's as they lay down in resumes and cover letters - therefore it only really applies to American schools, [ducking and weaving......].

As something of an aside: It appears to me that a lot of the Computer "Science" courses taught over here are little more than programming and, having ploughed through all those resumes, I get the distinct impression that an awful lot of schools use their CS students to write low cost addons to their accounting, enrollment etc. apps that the prof looks over, tests the good ones and implements the best on their systems. I can assure you that from my experience many of these students know little about the "science" of computers and a lot about C++..... :mad:

Tiger, I won't shout at you. You bring up the very points that I want to address in the degree I'm creating. I'd rather the students have hands on experience and something more directly related to what they are doing than "fluff". I'd want students to understand and be able to manage a network; know what things to watch out for when being an admin; etc. Certainly some scripting/coding might be necessary but I don't think this is the be-all-end-all for those that administer DNS servers, Domain Controllers, LDAP servers, Kerberos servers, Exchange/sendmail, Apache, CISCO devices, etc. Better understanding of some of the protocols and how they interact would be needed.

Anyways, sorry for rambling but it just grinds me that an educational unit releases this and doesn't recognize the potential damage they are doing to the security industry.

Ms. M:

Tiger, I won't shout at you

I didn't know if I was being a tad too "controversial" with someone in the very trade I am criticizing......

and doesn't recognize the potential damage they are doing to the security industry.

As I said in my post, they've been doing it for years in the other IT fields.... Why change now.... ;)

Do you get any feedback from "those who must be obeyed" regarding the concept that "we can't be seen to be teaching hackers"? I would think that this would be quite high on their list of objections to some content that would be of the most use... Pen testing springs to mind..... <sigh>

In scotland most of the universitys do these as standard.

Also you can do open university courses in the same e.g learning at home.

This may be something for you guys to consider.

http://www.open.ac.uk/

Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=#post) by Tiger Shark
Ms. M: Any chance that could be done online?

wow that is a bad idea, as it is Iam worried that one of these kids viri will get into the wild and that is when its in a nice contained network putting this online would be a nightmare.

BBallad: I meant Ms. M's. Network security course.... Not the Virus course..... ;)