Design and Implementation of a Multi-Use Attack-Defend Computer Security Lab
HICSS '06 Proceedings of the 39th Annual Hawaii International Conference on System Sciences - Volume 09
Is attack better than defense?: teaching information security the right way
InfoSecCD '06 Proceedings of the 3rd annual conference on Information security curriculum development
Replicating and Sharing Computer Security Laboratory Environments
HICSS '09 Proceedings of the 42nd Hawaii International Conference on System Sciences
Principles of Computer Security, CompTIA Security+ and Beyond with CD-ROM, Second Edition
Principles of Computer Security, CompTIA Security+ and Beyond with CD-ROM, Second Edition
ACM Transactions on Computer Systems (TOCS)
Ethics and Technology: Controversies, Questions, and Strategies for Ethical Computing
Ethics and Technology: Controversies, Questions, and Strategies for Ethical Computing
Hands-on lab exercises implementation of DoS and MiM attacks using ARP cache poisoning
Proceedings of the 2011 Information Security Curriculum Development Conference
Hi-index | 0.00 |
This paper presents an interactive exercise based on offensive denial of service techniques used by hackers. The goals of the exercise are to teach how a large class of denial of service (DoS) attacks work. Students will see that it is not necessary to use distributed DoS. Moreover, using virtualization, we created an exercise that was easy for faculty to use. We tested it on a class of computer science undergraduates, and while it was well-received by the students and easy for the faculty member, we learned some important lessons about designing hands-on exercises. In addition to teaching students about DoS attacks and how to defend against them, this exercise also requires students to look carefully at the HTTP protocol. In the following laboratory exercise, students learn offensive techniques in a context that prompts them to think critically about what makes networks secure and how they can be made more secure. The exercise involves the use of two newer but well-known denial of service attacks: 'SlowLoris' and 'R-U-Dead-Yet?' (RUDY). The students perform these attacks through a Java-based graphical interface, to make the lab more accessible. While carrying out the attacks, the students answer questions designed to improve their analytical skills and to better their understanding of TCP, HTTP, and application-layer security considerations.