Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Brief

Goal is to re-invigorate INST 365, Ethical Hacking, with the following characteristics:

  1. Physical, Hands-On based - probably Raspberry Pi, Personal Laptop with VM Ware VMs, Kali Linux, Wireshark.

  2. Based in Tinkerspace in College Park; building out a comparable capability in Shady Grove.

  3. Aligned with existing courses and pedagogy

    1. of INST 346 (Technologies, Infrastructure, and Architecture, includes RaPi and networking gear) as prerequisite

    2. INST 347 (Cloud Computing for Information Science, includes VMWare, Kali, and Arduino Cloud) as compatible elective

    3. INST 388X (Internet of Things, includes Arduino Cloud) as compatible elective

    4. Cybersecurity and Privacy Cognate Sequence

      1. INST 364 Human-Centered Cybersecurity

      2. INST 366 Privacy, Security, and Ethics for Big Data

      3. INST 464 Decision-Making for Cybersecurity

      4. INST 466 Technology, Culture, and Society

      5. INST 467 Practical Hacking for Policy Making

  4. Aligned with some external Certification Process like CEH (not necessarily earning the Certification in class)

  5. Add a dimension to the Infosci Cybersecurity cognate that Dennis Frezzo, Donal Heidenblad, Charlie Harry, and many semesters of informal student feedback agree is missing.

  6. Low or no cost to students

Example Course offered at UMD

Ethical Hacking (Circa 2021, not sure why this wasn’t offered as 365, not sure who offered it)

INST 408C

Course description:

Hacking is everywhere. Hacks can be anything from ways to make one’s life easier (“life hacks”) to malicious attacks on networks. The common thread in these hacks is that they involve generating non-obvious solutions to problems or using systems in ways that the designers did not intend. Ethical hacking, then, is using ethical judgment to bound what you can do rather than conforming to the limits of the system.

In this class, you will do small group projects to apply particular concepts in creative and flexible ways. The instructor must approve all hacks before they are executed. The structure of these group projects will follow agile methods, with sprints that occur over a period of approximately two weeks. Groups will be reassigned at the end of each sprint. This structure means that it is vital that you attend each class and participate in your group discussions. When time allows, the end of each class will be set aside for quick group standups. At the end of the semester, there will be a demo day in which students will present the best hacks they have executed.

Despite the similarity of the names, this class will not directly prepare you for the Certified Ethical Hacker exam, which is a penetration testing certification. Some of the concepts we will cover in class are on that exam, however, and some of the skills you learn in class will make it easier for you to prepare for the exam if you choose to.

Learning objectives

Upon completion of this course, students should be able to:

  1. Plan and execute a non-obvious solution to a problem (“a hack”)

  2. Distinguish among hacking, malicious hacking, and ethical hacking

  3. Generate a list of ethical concerns that could arise from a proposed hack

  4. Use an Agile structure to perform group tasks

  5. Perform the steps of a basic penetration test

  6. Explain how a given network operates as a sociotechnical system

Grade composition

15% Online discussion

I will assign discussion questions and short assignments to be completed online. For discussion questions, you are expected to answer the question and provide a response to another student’s answer.

15% In-class participation
I expect you to come to class and participate in discussions.

20% Group participation and contribution

You will work on your projects in groups, and those groups will change with each new project assignment. You will evaluate your peers’ performance and they will evaluate your performance.

30% Sprint hacks

Evaluation of hacks produced during sprints will come from three sources: The instructor, the class, and the other members of your team. Your team will present your hack or documentation of your hack to the class at the end of each sprint.

10% Demo day hacks
Each person will be involved in the presentation of at least one hack at the demo day.

10% Final exam

The final exam for this course will be a structured demonstration of the concepts you have learned over the course of the semester. It will be due at the time of the scheduled final exam.

Academic Integrity and Ethical Conduct

The general policy of this course on academic integrity will follow the UMD Honor Code. For specific assignments, however, alternative requirements may apply as noted in the assignment.

Any hack performed for this class must not break the law, hurt another human being, or damage a system that you do not own. The ethical concerns for any hack you propose are as important and the technical or sociotechnical execution.

Proposed course schedule

Week/Topic

  1. Ethics and hacking

  2. Hacking as creativity

  3. Command line tools

  4. History of hacking

  5. Hacking information search

  6. Malicious hacking

  7. Computer networks

  8. Security threats

  9. Network scanning

  10. Sociotechnical networks

  11. Vulnerability research

  12. Hacking for social good

  13. Penetration testing

  14. Student-chosen topics

  15. Student-chosen topics

final Demo day

Activities Discussion 1 Sprint 1 Sprint 1 Discussion 2 Sprint 2 Sprint 2 Discussion 3 Sprint 3 Sprint 3 Discussion 4 Sprint 4 Sprint 4 Discussion 5 Sprint 5 Sprint 5

Other Ethical Hacking Courses

Great Learning Ethical Hacking

UMGC Ethical Hacking Course

CMSC 389R

Udacity Ethical Hacking NanoDegree

Cannot find any record of INST 365 having been taught and now it’s removed from almost all catalog references!

Possible Cyberrange Options

Compare and contrast small cyber-range technologies we might host versus external cloud-based cyber-range technologies we might pay for to increase iSchool student access to other modalities of learning technical basics of cybersecurity.

Option 1: “Rent”

Product

Pros

Cons

ThreatGen Red Vs. Blue

fun

low cognitive barrier to playing

fits well with our IoT theme

nice breakdown of learning outcomes in gamified form

View file
nameThreatGEN Red vs. Blue-Nov-21-2021-10-59-28-94-PM.pdf

license fees are currently exorbitant for large numbers of students; not worth imposing a lab fee unless we make a whole mini-course out of it

would need to negotiate a different “price per hours of use” model

View file
nameThreatGEN Red vs. Blue - Pricing-4.pdf

Option 2: “Build” with “Free”

Unlikely that we have time to do this, but we do have a server we can partially dedicate.

Under Evaluation

(PDF) Cyber Ranges and TestBeds for Education, Training, and Research

...

Fall 2022 - Spring 2023 | Division of Academic Affairs

Hack this Site

Blackhat (movie)

Mr. Robot (TV Series)

CSI Cyber (TV Series)

Random notes

understand the technical aspects, especially around the stack and its vulnerabilities; hands-on ….

maybe offer 1 credit Linux course