1 / 24

Teaching Security via Problem-based Learning Scenarios

Teaching Security via Problem-based Learning Scenarios. Chris Beaumont Senior Lecturer Learning Technology Research Group Liverpool Hope University College beaumoc@hope.ac.uk. Agenda. What is PBL? Why use PBL? How did we use it? Example Issues Success Questions, comments … insults?.

farrah
Download Presentation

Teaching Security via Problem-based Learning Scenarios

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Teaching Security via Problem-based Learning Scenarios Chris Beaumont Senior Lecturer Learning Technology Research Group Liverpool Hope University College beaumoc@hope.ac.uk

  2. Agenda • What is PBL? • Why use PBL? • How did we use it? • Example • Issues • Success • Questions, comments… insults? http://www.hope.ac.uk/

  3. Problem-Based Learning (PBL) In teams, students are given a problem they don’t know how to solve. & they devise a strategy to solve it. http://www.hope.ac.uk/

  4. Why PBL? Motivational • Starts where they are • Learning is relevant & effective • They learn what they need to solve the problem • Develop skills: • problem solving, critical analysis, team work, reasoning, reflection, manage uncertainty • Employability http://www.hope.ac.uk/

  5. PBL and security • PBL works best with ill-defined (messy) real-world problems that have a number of alternative solutions and are open ended. • Security provides a rich environment for such scenarios http://www.hope.ac.uk/

  6. How? - Example • Systems & network Security module • 15 credit final year undergraduate module • 2 hours per week PBL tutorial / Lab session • 4/5 weeks in lab • Teams of 5 students • Coursework + Seen exam • Prior knowledge – LAN module http://www.hope.ac.uk/

  7. Learning Outcomes • Critically and systematically analyse the exposure to security threats of a networked computer system • Formulate a reasoned and appropriate plan to address the risks in a networked computer system • Use appropriate tools to implement aspects of security in a networked computer system http://www.hope.ac.uk/

  8. Key skills assessed • Problem-solving • Communication • Working with others • Improving own learning and performance http://www.hope.ac.uk/

  9. PBL Scenario • Ace Training Ltd – IT training company with head office Liverpool, Training centre: Manchester • Small 100BaseT LAN in each office (one server) + 802.11g in Liverpool for Laptops. • Restricted Internet access (mgt only). No internal email http://www.hope.ac.uk/

  10. PBL Scenario • Liverpool office: • Sales dept (11) use Sage Act! and MS Office. • Accounts Dept use Sage Line 50 • Personnel data also stored. • Marketing dept use QuarkXPress http://www.hope.ac.uk/

  11. PBL Scenario • The board of directors has now decided to extend the network with the following requirements: • Email and internet access for all staff in Liverpool. • Host its own Web site in Liverpool (with a view to ultimately incorporating some form of e-commerce & on-line course booking). • Enable the Training Centre manager and administrators to access various company data on the Liverpool server http://www.hope.ac.uk/

  12. PBL Scenario The board are aware that they do not have the expertise to develop an ISMS and have called you in to help them. Your terms of reference are: • To perform a systematic risk assessment of the security threats to the company assets, and provide recommendations for risk treatment. • To design and present a proposal for a secure network architecture to meet the present requirements and construct a demonstration network to show proof of concept http://www.hope.ac.uk/

  13. Expected Clarification Issues • Eg: • Company Assets • Policies • Email requirements • Availability requirements • Network details (eg resilience features) • Laptop usage http://www.hope.ac.uk/

  14. Expected Learning Issues • What should an ISMS consist of? • Confidentiality, Availability, Integrity • BS 7799 • Threats and Vulnerabilities • Risk Assessment & treatment • Legal Issues http://www.hope.ac.uk/

  15. Expected Learning Issues • IP subnetting and NAT • Security architecture/ technology • Firewalls, DMZ, IDS • Encryption • Authentication and Authorization • Secure transmission – VPN / SSL http://www.hope.ac.uk/

  16. Expected Learning Issues • Configuring Software for demonstration • CheckPoint • Win2k Routing • IIS http://www.hope.ac.uk/

  17. Resources • Set book • Panko (2004) Corporate Computer & Network Security • BS7799 parts 1 & 2 • Internet resources • Lab session on routing and CheckPoint configuration • Seminar on subnetting http://www.hope.ac.uk/

  18. Deliverables (assessed) • Reports • Risk assessment • Proposed architecture / technologies used with justification and consideration of alternatives. • Demonstration network (5 PCs) • Individual research reports • Team Presentation http://www.hope.ac.uk/

  19. Lab resources • Each team has 5 hard disks/ caddies + 5 PCs with several NICs in each, connected to patch panel. • Team has two switches. • Hard disks pre-installed with Win2k Server, one has CheckPoint firewall. http://www.hope.ac.uk/

  20. Example solution for similar scenario - Firewall rules also provided

  21. Typical team lab setup http://www.hope.ac.uk/

  22. Issues • Level of detail • Can be superficial - need to question thoroughly • Lab issues – configuration problems with routers/ CheckPoint http://www.hope.ac.uk/

  23. Successes • Team work • Motivation • Research-based solutions • Variation in solutions http://www.hope.ac.uk/

  24. Confidential The Secret of success? http://www.hope.ac.uk/

More Related