1 / 26

Issues Teaching Ethical Hacking in the University Environment

Issues Teaching Ethical Hacking in the University Environment. Peter Hannay p.hannay@ecu.edu.au SECAU – Security Research Centre School of Computer & Security Science Edith Cowan University. UNRELATED COMPLAINT SOMEBODY ON THE INTERNET IS WRONG .

bishopjames
Download Presentation

Issues Teaching Ethical Hacking in the University Environment

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Issues Teaching Ethical Hacking in the University Environment Peter Hannay p.hannay@ecu.edu.au SECAU – Security Research Centre School of Computer & Security Science Edith Cowan University

  2. UNRELATED COMPLAINT SOMEBODY ON THE INTERNET IS WRONG  • People get USB sticks all the time.  The problem isn't that people are idiots, that they should know that a USB stick found on the street is automatically bad and a USB stick given away at a trade show is automatically good. The problem is that the OS trusts random USB sticks.  The problem is that the OS will automatically run a program that can install malware from a USB stick.  The problem is that it isn't safe to plug a USB stick into a computer.  Bruce Schneier

  3. People are Idiots • 20 government agencies • 70%+ hit rate • Some sticks phoned home from multiple ‘sensitive’ networks

  4. Issues Teaching Ethical Hacking in the University Environment Opposition from inside

  5. Administration • Concerns about image • Not fond of ‘non-traditional’ content • Perception of criminality

  6. IT Department • Training criminals to break into our network! • Liability for attacks on externals • Extra work • Securing network • Providing resources • Lack of technical knowledge

  7. Information Security Department • Hesitant to sign off on increased access • Love their firewalls • Do not understand requirements

  8. Compromises • Administration • The word ‘ethical’ & ‘defence’ • A class on ethics

  9. Issues Teaching Ethical Hacking in the University Environment Opposition from OUTSIDE

  10. Media • Training criminals • Slow walking, dramatic music • Targeting students • Real interview questions • Do students require a police clearance? • Are there any sort of background check done?

  11. Academic Community • Practical focus is not seen as ‘scholarly’

  12. Compromise • Don’t talk to the media

  13. Issues Teaching Ethical Hacking in the University Environment Teaching Issues

  14. Students • Perceived to be ‘computer literate’ • High rate of computer use • Low rate of technical ability • Lack of understanding of core concepts • Majority of students had Windows XP as their first OS • Resurgence of traits associated with older generation • No ability to intuitively use a system • High reliance on lists of instructions • Little ability to deal with variance

  15. Resources • Labs • Need root • SOE OS not adequate • Connectivity • Firewalls prevent learning

  16. Student Perception • Become super hacker • Little effort required • Just like the movies

  17. Issues Teaching Ethical Hacking in the University Environment Implementation

  18. Topics • Ethics • Recon • Social & Physical • Web • Password Schemes • Exploit Development • Shellcode Development • Protocol Weaknesses • Defence

  19. Labs • Heavy use of virtualisation • Alternate internet gateway • Network isolation

  20. Issues Teaching Ethical Hacking in the University Environment Response

  21. Administrative • None • This is a good thing

  22. Media • None… yet • This is a good thing

  23. Students • Overwhelmingly positive • Acting responsibly • Achieving outcomes / self guided learning • Over half of students chose to do extension assignments

  24. Issues Teaching Ethical Hacking in the University Environment Thoughts

  25. Issues Teaching Ethical Hacking in the University Environment Conclusion & QUESTIONS

More Related