|
-
May 23rd, 2005, 04:00 PM
#1
I need help to create a Network security course
The school where i use to teach asked me about to create a course about "network security" (in fact they asked me a course about "network hacking", but i really dont like that expression).
- Course duration: 40 hours
- pre-reqs - basic knowledge of linux, tcp/ip family, ethernet networks
- Must be a lab based course - all classes must be at a "lab" ..
So ive started to draft the course contents and "aproach":
- Students will use a live cd such as knoppix-std during the course - i think there is enough tools for this course
- I will build an special set of computers to be "hacked" ( ), with several O.S. and configs.
.... and i get lost... too many possibilities too many tools, too many things to teach... ahhhnn... i cant focus 
I decided to come here to ask you people what i should include on a 40 hours course, since you know that "field" better than me. keep in mind that is the a basic course.
- What tools should i teach?
- What "sample" O.S/Config? Net equipments too (routers, swtiches?)
- Which live CD do you recommend?
Any help/comments will be appreciated.
Meu sítio
FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
If I die before I sleep, I pray the Lord my soul to encrypt. If I die before I wake, I pray the Lord my soul to brake.
-
May 23rd, 2005, 04:13 PM
#2
You should decide how many students you want to take the class at one time. Smaller is better, of course.
40 hours seems like alot, but in lab settings those hours will be eaten up.
I would teach the same thing two ways. One way if you just need the information off a box and you don't care about finding out who did it, and the other way would be to preserve information in case something goes to court.
With local access to a box, breaking it is easy. I would cover that with Knopix live cd distros you can get. Since most hackers are not local, you want to teach how to secure over a network ,and how to TEST to be sure that an enviroment is secure.
Etheral would be a must. Check out the tutorial that IronGeek wrote. I can't find it but here is a link to his site that has it (and lots of other good things too) http://www.irongeek.com/
good luck and keep us posted with what you plan on doing.
~Halv
-
May 23rd, 2005, 04:29 PM
#3
I can't offer much in the way of content, but what I could advise on are teaching methods. Being a teacher myself, I can understand how one gets lost in content; you want to teach everything, and don't really know where to start. A couple of guidelines to get you started:
1. Decide what level of expertise your students will have, and what level you need/will teach to. This will help you decide what to include as you move from content area to content area.
2. Group your lessons together by content area. In other words, network security should be taught at a different time than programming security, and even if methods/tools for them are grouped together (ie on the knoppix-std cd), you should teach them seperately. Don't try to teach a little of everything, especially all at once; just focus on shorter, more specific objectives each day, pertaining to a specific area of security. Then, you can focus on bigger objectives that incorporate many of the smaller ones.
I hope some of that made sense. Designing a curriculum is a daunting task, and it will probably take a while.
-
May 23rd, 2005, 04:45 PM
#4
If it's a course about network security all of the students are of course going to be interested in the "hacking" portion of it.
I do not know where it would fit into your cirriculum, but I would put something in there about basic system hardening and good practices for security.
As far as system hardening shutting down unused services and ports and not using default NAT addresses on home routers. These are just a few ideas there is a wealth of knowledge on this site for other basic system and network hardening practices.
Good practices could be your basic password rules, enforcement of user policy agreements. Also, they should see network security as a layered model , not focusing on firewall, IDS or individual machine policies to keep them safe, but rather the complete implementation and more importantly monitoring and proper response to security incidents.
It should also be drilled into their heads throughout the course that a reactive policy, as many network administrators seem to take, is not acceptable when it comes to security. Complacency is the enemy of security.
"Experience is the hardest teacher, it gives the test first and the lesson after." Anonymous
-
May 23rd, 2005, 04:58 PM
#5
WARGAMES.
I think MsM has some stuff about it spread around on the site.
This will very clearly show both the hacking and the security aspect i think.
Since the beginning of time, Man has searched for the answers to the big questions: \'How did we get here?\' \'Is there life after death?\' \'Are we alone?\' But today, in this very theatre, you will be asked to answer the biggest question of them all...WHO LIVES IN A PINEAPPLE UNDER THE SEA?
-
May 23rd, 2005, 06:07 PM
#6
MoonWolf: im affraid its soon for War Games. But its a good idea for the following course
Captain: Yeap, my idea is to show most of the time "hack tools" and how to use them. Also, how to defend against them. I would like to show why "best security pratices" are good to follow and not a lot of b.s. that everybody spread out.
Meu sítio
FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
If I die before I sleep, I pray the Lord my soul to encrypt. If I die before I wake, I pray the Lord my soul to brake.
-
May 23rd, 2005, 07:30 PM
#7
Hi cacosapo
Just a rather silly question, but how long is each teaching session?.............OK 40 hours, but is that 4 hours per week? errrrrrrrr...........like 4 hours per day?
To structure a course we would need to know this?
-
May 23rd, 2005, 07:45 PM
#8
Originally posted here by nihil
Hi cacosapo
Just a rather silly question, but how long is each teaching session?.............OK 40 hours, but is that 4 hours per week? errrrrrrrr...........like 4 hours per day?
To structure a course we would need to know this?
no, its a good question.
It will be offered in the following formats:
1) 8 hours/day, one week (M-F) (daylight course)
2) 3 hours/day, 3 weeks (M-F) (night course)
3) 4 hours/day, 5 weeks (Sat/Sun)
Those are the school' proposals. 1st classes will be on format #3. After we will remodel to other ones.
Meu sítio
FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
If I die before I sleep, I pray the Lord my soul to encrypt. If I die before I wake, I pray the Lord my soul to brake.
-
June 3rd, 2005, 07:03 PM
#9
Junior Member
I am no teacher, but here are my thoughts. If I was teaching a class about network security/hacking, I would teach the course by first teaching/demonstrating a flaw (hack) and then teaching/demonstrating a fix (security). For example, teaching the kids about Buffer Overflows. You can lecture on the theory/idea behind the buffer overflow (stack smashing, layout of the stack, overwriting return addresses, NOP slides, maybe brief shellcode). You can back this lecture up with some lab work (simple C buffer overflow programs). This will let the students learn how people craft buffer overflows. Next you could lecture on preventing buffer overflows (safe C programming (strncpy instead of strcpy, non-executable stack). NOW, buffer overflows aren't necessarily NETWORK security (more programming security), but I believe this approach will be effective. You teach the student about the problem, then teach them about the solution. This will also challenge the student to see if the solution is absolute/applicable. For more NETWORK security, you could easily teach MitM ARP poisoning attacks. You can lecture on ARP requests/replies and how these are used/handled. You can also lecture on switch ARP tables and how switches work. You could then lecture on the theory behind ARP poisoning. A good lab project here, and this is very vague, would be to setup a small switched network to perform MitM attacks. You can have one test machine sending network packets with certain information in them (ftp password, telnet passwords, http password, basically anything cleartext) and grade the students on their ability to ARP poison and sniff the passwords. You can then lecture on a solution. Static ARP tables is one possible solution, but can be a pain in the @$$. Nevertheless, you see where I am going with this. You lecture on the theory of a hack/exploit, let the students demonstrate their understanding of your lecture in the lab, and then lecture the students on solutions. That is my opinion =\ Good Luck with the class, sounds like it will be fun
An ancient chinese man once told me: \"The hotter the tea, the bigger the wang.\"
My tea is extra hot.
-
June 4th, 2005, 02:01 AM
#10
What tools should i teach?
Foot print......................Nmap,
Vulnerability..................Nessus,
password crack.............John the ripper,
sniffers..........................ettercap.
Although, I think the prinsciples, rather than the tools, are more important.
What "sample" O.S/Config? Net equipments too (routers, swtiches?)
What ever you use needs to work straight out off the box. You do not want to spend half the lesson configuering the network, although, that! in it's self, may be a valuable first lesson??.
Which live CD do you recommend?
The fastest, I wish I could help you here. I'm only familiar with Knoppix STD
What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote