Wednesday, December 17, 2008

Making the world a little better

From September to this week, I was privileged to teach an introductory class in computer science at Adelphi University (Garden City, New York). My objectives with this class were to take a group of computer science and management of information systems students who had not have any security classes and teach them the basics of computer security.

By the end of class, I wanted them to understand what the technological implications of computer security were, and I wanted them to be able to recognize certain attacks, as well as to know how to prevent and/or stop these attacks them from continuing.

This Tuesday, we had our final exam and the students did better than I had expected.



I did not set out to set a very hard final; I wanted to test 
knowledge and understanding of the topics that we covered in class.
Skill and ability were put to the test throughout the semester in a security
lab. The final mark consisted of 50% of the final result
and 50% of the lab results.


One of the questions that I asked was the following:


The chart below was recently recovered from a group of attackers allegedly working on behalf of the Chinese government. This chart is the first documented evidence that attacker-groups are systematically working their way around the Internet to compromise machines.

hackerchart1.jpg

 
List out the phases through with a typical computer attacks moves and relate one activity shown above to each phase. Briefly describe the goal of each phase and indicate a defensive action that belongs to that phase.

This question, while not very hard, brought together most of the elements that we covered: how does an attacker work, can you detect attacker activity and place it in context, and do you know how to prevent the activity from being successful. I was very glad to see that almost everyone got close to a full score on this question.

Hopefully, this indicate that my students, when they graduate and disappear into corporate America, have at least a very basic level of understanding of computer security attacks and are able to raise awareness on the topic. If this helped make the world a little better, I'm a very happy person.

If anyone interested in receiving the full exam, I'll be more than happy to share.


No comments:

Post a Comment

Please share your view and opinions on what I wrote. In order to maintain quality, all comments will be moderated for merit. Contributions that call me out on statements that appear unfounded, wrong, or simply with which you disagree are highly appreciated and are even encouraged. Spam and 'me too' answers will be ignored.