Brief
Goal is to re-invigorate INST 365, Ethical Hacking, with the following characteristics:
Physical, Hands-On based - probably Raspberry Pi, Personal Laptop with VM Ware VMs, Kali Linux, Wireshark.
Based in Tinkerspace in College Park; building out a comparable capability in Shady Grove.
Aligned with existing courses and pedagogy
of INST 346 (Technologies, Infrastructure, and Architecture, includes RaPi and networking gear) as prerequisite
INST 347 (Cloud Computing for Information Science, includes VMWare, Kali, and Arduino Cloud) as compatible elective
INST 388X (Internet of Things, includes Arduino Cloud) as compatible elective
Cybersecurity and Privacy Cognate Sequence
INST 364 Human-Centered Cybersecurity
INST 366 Privacy, Security, and Ethics for Big Data
INST 464 Decision-Making for Cybersecurity
INST 466 Technology, Culture, and Society
INST 467 Practical Hacking for Policy Making
Aligned with some external Certification Process like CEH (not necessarily earning the Certification in class)
Add a dimension to the Infosci Cybersecurity cognate that Dennis Frezzo, Donal Heidenblad, Charlie Harry, and many semesters of informal student feedback agree is missing.
Low or no cost to students
Example Course offered at UMD
Ethical Hacking (Circa 2021, not sure why this wasn’t offered as 365, not sure who offered it)
INST 408C
Course description:
Hacking is everywhere. Hacks can be anything from ways to make one’s life easier (“life hacks”) to malicious attacks on networks. The common thread in these hacks is that they involve generating non-obvious solutions to problems or using systems in ways that the designers did not intend. Ethical hacking, then, is using ethical judgment to bound what you can do rather than conforming to the limits of the system.
In this class, you will do small group projects to apply particular concepts in creative and flexible ways. The instructor must approve all hacks before they are executed. The structure of these group projects will follow agile methods, with sprints that occur over a period of approximately two weeks. Groups will be reassigned at the end of each sprint. This structure means that it is vital that you attend each class and participate in your group discussions. When time allows, the end of each class will be set aside for quick group standups. At the end of the semester, there will be a demo day in which students will present the best hacks they have executed.
Despite the similarity of the names, this class will not directly prepare you for the Certified Ethical Hacker exam, which is a penetration testing certification. Some of the concepts we will cover in class are on that exam, however, and some of the skills you learn in class will make it easier for you to prepare for the exam if you choose to.
Learning objectives
Upon completion of this course, students should be able to:
Plan and execute a non-obvious solution to a problem (“a hack”)
Distinguish among hacking, malicious hacking, and ethical hacking
Generate a list of ethical concerns that could arise from a proposed hack
Use an Agile structure to perform group tasks
Perform the steps of a basic penetration test
Explain how a given network operates as a sociotechnical system
Grade composition
15% Online discussion
I will assign discussion questions and short assignments to be completed online. For discussion questions, you are expected to answer the question and provide a response to another student’s answer.
15% In-class participation
I expect you to come to class and participate in discussions.
20% Group participation and contribution
You will work on your projects in groups, and those groups will change with each new project assignment. You will evaluate your peers’ performance and they will evaluate your performance.
30% Sprint hacks
Evaluation of hacks produced during sprints will come from three sources: The instructor, the class, and the other members of your team. Your team will present your hack or documentation of your hack to the class at the end of each sprint.
10% Demo day hacks
Each person will be involved in the presentation of at least one hack at the demo day.
10% Final exam
The final exam for this course will be a structured demonstration of the concepts you have learned over the course of the semester. It will be due at the time of the scheduled final exam.
Academic Integrity and Ethical Conduct
The general policy of this course on academic integrity will follow the UMD Honor Code. For specific assignments, however, alternative requirements may apply as noted in the assignment.
Any hack performed for this class must not break the law, hurt another human being, or damage a system that you do not own. The ethical concerns for any hack you propose are as important and the technical or sociotechnical execution.
Proposed course schedule
Week/Topic
Ethics and hacking
Hacking as creativity
Command line tools
History of hacking
Hacking information search
Malicious hacking
Computer networks
Security threats
Network scanning
Sociotechnical networks
Vulnerability research
Hacking for social good
Penetration testing
Student-chosen topics
Student-chosen topics
final Demo day
Activities Discussion 1 Sprint 1 Sprint 1 Discussion 2 Sprint 2 Sprint 2 Discussion 3 Sprint 3 Sprint 3 Discussion 4 Sprint 4 Sprint 4 Discussion 5 Sprint 5 Sprint 5
Other Ethical Hacking Courses
Great Learning Ethical Hacking
Udacity Ethical Hacking NanoDegree
Cannot find any record of INST 365 having been taught and now it’s removed from almost all catalog references!
Possible Cyberrange Options
Compare and contrast small cyber-range technologies we might host versus external cloud-based cyber-range technologies we might pay for to increase iSchool student access to other modalities of learning technical basics of cybersecurity.
Option 1: “Rent”
Product | Pros | Cons | ||||||||
---|---|---|---|---|---|---|---|---|---|---|
fun low cognitive barrier to playing fits well with our IoT theme nice breakdown of learning outcomes in gamified form
| license fees are currently exorbitant for large numbers of students; not worth imposing a lab fee unless we make a whole mini-course out of it would need to negotiate a different “price per hours of use” model
| |||||||||
Option 2: “Build” with “Free”
Unlikely that we have time to do this, but we do have a server we can partially dedicate.
Under Evaluation
(PDF) Cyber Ranges and TestBeds for Education, Training, and Research
Build Your Own Cyber Range with VirtualBox
The Cyber Range - A Guide (NIST-NICE) (Draft) - 062420_1315
What is a cyber range and how do you build one on AWS? | Amazon Web Services
10 Free Courses to learn Cloud Computing For Beginners in 2022
10 Free Great Online Courses in Cloud Computing
Google Cloud Courses and Training | Google Cloud Training
Learn AWS with Training and Certification | Cloud Skills Courses and Programs | AWS
Cyber Awareness Challenge 2022 – DoD Cyber Exchange
CyberCIEGE - Center for Cybersecurity and Cyber Operations - Naval Postgraduate School
5 Ways to Make Cybersecurity Fun
Best Cybersecurity Lessons and Activities for K-12 Education
Cybersecurity Game Aims to Train 25K Specialists by 2025
Free and Low Cost Online Cybersecurity Learning Content
Cybersecurity | NOVA Labs | PBS
HACK - Fabricademy Student Website
Fall 2022 - Spring 2023 | Division of Academic Affairs
Random notes
understand the technical aspects, especially around the stack and its vulnerabilities; hands-on ….
maybe offer 1 credit Linux course