Brief
Compare and contrast small cyber-range technologies we might host versus external cloud-based cyber-range technologies we might pay for to increase iSchool student access to other modalities of learning technical basics of cybersecurity.
Option 1: “Rent”
Product | Pros | Cons |
---|---|---|
fun low cognitive barrier to playing fits well with our IoT theme nice breakdown of learning outcomes in gamified form | license fees are currently exorbitant for large numbers of students; not worth imposing a lab fee unless we make a whole mini-course out of it would need to negotiate a different “price per hours of use” model | |
Option 2: “Build” with “Free”
Under Evaluation
(PDF) Cyber Ranges and TestBeds for Education, Training, and Research
Build Your Own Cyber Range with VirtualBox
The Cyber Range - A Guide (NIST-NICE) (Draft) - 062420_1315
What is a cyber range and how do you build one on AWS? | Amazon Web Services
10 Free Courses to learn Cloud Computing For Beginners in 2022
10 Free Great Online Courses in Cloud Computing
Google Cloud Courses and Training | Google Cloud Training
Learn AWS with Training and Certification | Cloud Skills Courses and Programs | AWS
Cyber Awareness Challenge 2022 – DoD Cyber Exchange
CyberCIEGE - Center for Cybersecurity and Cyber Operations - Naval Postgraduate School
5 Ways to Make Cybersecurity Fun
Best Cybersecurity Lessons and Activities for K-12 Education
Cybersecurity Game Aims to Train 25K Specialists by 2025
Free and Low Cost Online Cybersecurity Learning Content
Cybersecurity | NOVA Labs | PBS
HACK - Fabricademy Student Website
Fall 2022 - Spring 2023 | Division of Academic Affairs
Ethical Hacking
INST 408C
Course description:
Hacking is everywhere. Hacks can be anything from ways to make one’s life easier (“life hacks”) to malicious attacks on networks. The common thread in these hacks is that they involve generating non-obvious solutions to problems or using systems in ways that the designers did not intend. Ethical hacking, then, is using ethical judgment to bound what you can do rather than conforming to the limits of the system.
In this class, you will do small group projects to apply particular concepts in creative and flexible ways. The instructor must approve all hacks before they are executed. The structure of these group projects will follow agile methods, with sprints that occur over a period of approximately two weeks. Groups will be reassigned at the end of each sprint. This structure means that it is vital that you attend each class and participate in your group discussions. When time allows, the end of each class will be set aside for quick group standups. At the end of the semester, there will be a demo day in which students will present the best hacks they have executed.
Despite the similarity of the names, this class will not directly prepare you for the Certified Ethical Hacker exam, which is a penetration testing certification. Some of the concepts we will cover in class are on that exam, however, and some of the skills you learn in class will make it easier for you to prepare for the exam if you choose to.
Learning objectives
Upon completion of this course, students should be able to:
Plan and execute a non-obvious solution to a problem (“a hack”)
Distinguish among hacking, malicious hacking, and ethical hacking
Generate a list of ethical concerns that could arise from a proposed hack
Use an Agile structure to perform group tasks
Perform the steps of a basic penetration test
Explain how a given network operates as a sociotechnical system
Grade composition
15% Online discussion
I will assign discussion questions and short assignments to be completed online. For discussion questions, you are expected to answer the question and provide a response to another student’s answer.
15% In-class participation
I expect you to come to class and participate in discussions.
20% Group participation and contribution
You will work on your projects in groups, and those groups will change with each new project assignment. You will evaluate your peers’ performance and they will evaluate your performance.
30% Sprint hacks
Evaluation of hacks produced during sprints will come from three sources: The instructor, the class, and the other members of your team. Your team will present your hack or documentation of your hack to the class at the end of each sprint.
10% Demo day hacks
Each person will be involved in the presentation of at least one hack at the demo day.
10% Final exam
The final exam for this course will be a structured demonstration of the concepts you have learned over the course of the semester. It will be due at the time of the scheduled final exam.
Academic Integrity and Ethical Conduct
The general policy of this course on academic integrity will follow the UMD Honor Code. For specific assignments, however, alternative requirements may apply as noted in the assignment.
Any hack performed for this class must not break the law, hurt another human being, or damage a system that you do not own. The ethical concerns for any hack you propose are as important and the technical or sociotechnical execution.
Proposed course schedule
Week Topic
1 Ethics and hacking
2 Hacking as creativity
3 Command line tools
4 History of hacking
5 Hacking information search
6 Malicious hacking
7 Computer networks
8 Security threats
9 Network scanning
10 Sociotechnical networks
11 Vulnerability research
12 Hacking for social good
13 Penetration testing
14 Student-chosen topics
15 Student-chosen topics
final Demo day
Activities Discussion 1 Sprint 1 Sprint 1 Discussion 2 Sprint 2 Sprint 2 Discussion 3 Sprint 3 Sprint 3 Discussion 4 Sprint 4 Sprint 4 Discussion 5 Sprint 5 Sprint 5