Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Intriductiory course in computer security

  1. #1

    Intriductiory course in computer security

    Does anyone have any suggestions how best to teach newbies/designers the aspects of computer security. I have 3 days of 3 hours each to teach them some basics.

    I don't want to bore them with powerpoint slides so I was thinking about giving them practical examples combined with slides but I am afraid they will loose interest.

    Thanks

  2. #2
    Senior Member hesperus's Avatar
    Join Date
    Jan 2005
    Posts
    416
    Perhaps you will find something helpful here :

    http://www.antionline.com/showthread...ecurity+course

  3. #3
    Senior Member
    Join Date
    Dec 2004
    Posts
    3,171
    Hi tarpi,

    Well...a quick google of ' fun lessons on computer security ' didn't turn up much...but you might try something along this line...

    http://securityawareness.blogspot.com/
    Security Awareness for Ma, Pa and the Corporate Clueless

    Eg

  4. #4
    Banned
    Join Date
    May 2003
    Posts
    1,004
    Attached is a document that discusses Trusted Operating Systems (which are really just well designed, full featured operating systems) and specifically covers the ideas of access control systems (Bell-LaPadula, Biba, Graham-Denning, Harrison-Ruzzo-Ullman, and Take-Grant), other design elements (user id/authentication, object reuse requirements, trusted path, audit trail, and intrusion detection) as well as system structure for maximizing control while minimizing complexity (the microkernel, security kernel, reference monitor, and the trusted computing base) as well as the benefits of each of these elements.

    Since these elements can be applied to OS security, application security, HR security, and networking security they will form a solid foundation to computer security. The concepts are simple to understand, especially if the students don't already have their heads filled with misinformation about resolving application level bugs and such being the panacea of security.

    cheers,

    catch

  5. #5
    Senior Member hesperus's Avatar
    Join Date
    Jan 2005
    Posts
    416
    Allow me to say a few more things in addition to the thread I pointed you too. Since computer security is an eminently practical matter, there is no reason you should bore them with powerpoints the whole time. The best thing, I think, is to show them a few things in real time, if the class size permits. Show just how much is revealed about a person when they visit a site, show the various ways that sites can run programs on your computer, show how easily an exploit or two can find its way on to a computer and what sorts of things they want to do. Most importantly, show how these can be detected. Again if class size permits and you are prepared to deal with the consequences, send them home to download a copy of AVG antivirus or something like that to run on their computers and look at what is found. I also think reasonalby able home users should get used to what a Hijackthis log looks like, with the attendant warnings about deleting the wrong things, of course. In short, once you get the basic structure out of the way, make it as practical as you can.

  6. #6
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    I am not sure what type of 'budget' you have for this project, however, ISS (Internet Security Systems) sent me this the other day. I had a quick look, and it does seem to be geared towards 'newbies'. Might be worth a quick look.

    Security Awareness Program

    Cheers:
    DjM

  7. #7
    Senior Member
    Join Date
    Dec 2004
    Posts
    3,171
    Hi tarpi,

    Now....don't take this the wrong way...but, if you are going to ' teach ' a class or a group...you are not going to win their confidence if you do this: Intriductiory.
    Spelling and grammer are important when it comes to gaining the confidence of your class...just a thought to ponder.

    And...make a plan of action...preparation is the first step.

    Eg

  8. #8
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    http://www.technologycrimes.net

    This could be of some help to you, I just found the add in PC-Mag

  9. #9
    hesperus, thats a great idea. Class size is 10 students and I will definately involve them in practical aspects of defending themselves. But being designers, they are not accustomed to looking at log files, and text output or command line arguments.

    Egaladeist, I already had them for 2 days worth of introduction to computer networks. Some of them still cannot tell the difference bewteen a router, switch or a hub. The thing that stays in their head are practical and group excercises.

    I think I am gonna show them how vulnerable they really are, and then spend some time explaining what to do and what not to do while using their laptops.

  10. #10
    Senior Member hesperus's Avatar
    Join Date
    Jan 2005
    Posts
    416
    Didn't realize it was an intra-company thing, thought maybe you were talking about home users. Nevertheless, getting to know hijackthis is not terribly difficult if you have someone to walk you through the basics. If you know what it looks like when your computer is clean, then changes are easy to see, though it may not be relavant here.

    Good luck.

    Posting what you do and whether or not it worked would be helpful to others since this question seems to pop up fairly regularly.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •