Is attack better than defense?: teaching information security the right way

Authors:
Martin Mink;Felix C. Freiling
Affiliations:
RWTH Aachen University, Germany;University of Mannheim, Germany
Venue:
InfoSecCD '06 Proceedings of the 3rd annual conference on Information security curriculum development
Year:
2006

Citing 8
Cited 5

Security across the curriculum: using computer security to teach computer science principles

Internet besieged
Teaching network security through live exercises

Security education and critical infrastructures
Who will rob you on the digital highway?

Communications of the ACM - New architectures for financial services
The big picture

Communications of the ACM - End-user development: tools that empower users to create their own software solutions
Guest Editors' Introduction: Why Attacking Systems Is a Good Idea

IEEE Security and Privacy
Why computer scientists should attend hacker conferences

Communications of the ACM - The disappearing computer
Busting the ghost in the machine

Communications of the ACM - Spyware
Introduction

Communications of the ACM - Hacking and innovation

Guide for designing cyber security exercises

E-ACTIVITIES'09/ISP'09 Proceedings of the 8th WSEAS International Conference on E-Activities and information security and privacy
Hands-on lab exercises implementation of DoS and MiM attacks using ARP cache poisoning

Proceedings of the 2011 Information Security Curriculum Development Conference
Hands-on denial of service lab exercises using SlowLoris and RUDY

Proceedings of the 2012 Information Security Curriculum Development Conference
Using network packet generators and snort rules for teaching denial of service attacks

Proceedings of the 18th ACM conference on Innovation and technology in computer science education
Switch's CAM table poisoning attack: hands-on lab exercises for network security education

ACE '12 Proceedings of the Fourteenth Australasian Computing Education Conference - Volume 123

Quantified Score

Hi-index	0.00

Visualization

Abstract

A recent trend in security education is towards teaching offensive techniques which were originally developed by hackers. This reflects tendencies in the professional world where offensive security testing (penetration testing) is quickly gathering widespread acceptance. We report on good experiences with a security curriculum at a university degree level which emphasizes offensive techniques over defensive ones. Our claim is that teaching offensive methods yields better security professionals than teaching defensive techniques alone. The paper presents an experimental setup with which we plan to investigate this claim further. The experimental setup uses concepts from psychology and pedagogical sciences to empirically assess the benefit of offensive teaching.