June 10th, 2005, 06:56 PM
Intriductiory course in computer security
Does anyone have any suggestions how best to teach newbies/designers the aspects of computer security. I have 3 days of 3 hours each to teach them some basics.
I don't want to bore them with powerpoint slides so I was thinking about giving them practical examples combined with slides but I am afraid they will loose interest.
June 10th, 2005, 08:44 PM
June 10th, 2005, 08:57 PM
Well...a quick google of ' fun lessons on computer security ' didn't turn up much...but you might try something along this line...
Security Awareness for Ma, Pa and the Corporate Clueless
June 10th, 2005, 09:25 PM
Attached is a document that discusses Trusted Operating Systems (which are really just well designed, full featured operating systems) and specifically covers the ideas of access control systems (Bell-LaPadula, Biba, Graham-Denning, Harrison-Ruzzo-Ullman, and Take-Grant), other design elements (user id/authentication, object reuse requirements, trusted path, audit trail, and intrusion detection) as well as system structure for maximizing control while minimizing complexity (the microkernel, security kernel, reference monitor, and the trusted computing base) as well as the benefits of each of these elements.
Since these elements can be applied to OS security, application security, HR security, and networking security they will form a solid foundation to computer security. The concepts are simple to understand, especially if the students don't already have their heads filled with misinformation about resolving application level bugs and such being the panacea of security.
June 10th, 2005, 09:31 PM
Allow me to say a few more things in addition to the thread I pointed you too. Since computer security is an eminently practical matter, there is no reason you should bore them with powerpoints the whole time. The best thing, I think, is to show them a few things in real time, if the class size permits. Show just how much is revealed about a person when they visit a site, show the various ways that sites can run programs on your computer, show how easily an exploit or two can find its way on to a computer and what sorts of things they want to do. Most importantly, show how these can be detected. Again if class size permits and you are prepared to deal with the consequences, send them home to download a copy of AVG antivirus or something like that to run on their computers and look at what is found. I also think reasonalby able home users should get used to what a Hijackthis log looks like, with the attendant warnings about deleting the wrong things, of course. In short, once you get the basic structure out of the way, make it as practical as you can.
June 10th, 2005, 09:51 PM
I am not sure what type of 'budget' you have for this project, however, ISS (Internet Security Systems) sent me this the other day. I had a quick look, and it does seem to be geared towards 'newbies'. Might be worth a quick look.
Security Awareness Program
June 10th, 2005, 10:01 PM
Now....don't take this the wrong way...but, if you are going to ' teach ' a class or a group...you are not going to win their confidence if you do this: Intriductiory.
Spelling and grammer are important when it comes to gaining the confidence of your class...just a thought to ponder.
And...make a plan of action...preparation is the first step.
June 10th, 2005, 10:03 PM
This could be of some help to you, I just found the add in PC-Mag
June 10th, 2005, 10:31 PM
hesperus, thats a great idea. Class size is 10 students and I will definately involve them in practical aspects of defending themselves. But being designers, they are not accustomed to looking at log files, and text output or command line arguments.
Egaladeist, I already had them for 2 days worth of introduction to computer networks. Some of them still cannot tell the difference bewteen a router, switch or a hub. The thing that stays in their head are practical and group excercises.
I think I am gonna show them how vulnerable they really are, and then spend some time explaining what to do and what not to do while using their laptops.
June 10th, 2005, 10:56 PM
Didn't realize it was an intra-company thing, thought maybe you were talking about home users. Nevertheless, getting to know hijackthis is not terribly difficult if you have someone to walk you through the basics. If you know what it looks like when your computer is clean, then changes are easy to see, though it may not be relavant here.
Posting what you do and whether or not it worked would be helpful to others since this question seems to pop up fairly regularly.