Internet in Teaching Internet Security

3 downloads 1537 Views 1MB Size Report
The Russian Public Center of Internet Technologies www.rocit.ru: ▫. 200000 hosts; .... Deban Linux http://cgi.debian.org/www-master/debian.org/security/. DEC.
Internet in Teaching Internet Security Miloslavskaia N., Tolstoi A. Associate Professors e-mail: [email protected] [email protected]

1

Content  Introduction  Main Aspects of the Internet Usage in the Educational Process  The Internet as an enormous amount of open information resources.  The Internet as environment for distance learning through the open network.  Conclusion 2

The Global Internet Network January 2000 (www.nua.com):  > 320 m documents;  serving daily more than 115 m users;  70 m hosts (active computers with unique Internetaddresses).

The Russian Public Center of Internet Technologies www.rocit.ru:  

200000 hosts; > 30000 information resources in Russian language (Websites, pages, servers, independent thematic sections);  2500000 of Russian Internet users: 500000 have got the right of access in private usage; 800000 have access from corporate networks; 900000 from the educational and academic networks... 3

Main Aspects of the Internet Usage in the Educational Process  the Internet as an enormous amount of open information resources presented on the World Wide Web - one of the main services of the Internet;

 the Internet as environment for distance learning through the open network. 4

Faculty of Information Security 1997 - the “Vulnerability and Protection Methods in the Global Internet network” educational course (EC) 1998 - EC was successfully tested with senior and post-graduate students

EC is taught: 1) as the basic course for the “Complex Maintenance of Automated Systems Information Security” speciality 2) at professional re-training courses (8 hours, shortened course)

5

Internet users — from specialists without training in the field of information technologies and home-computer users up to experts in the field of computer networks and network technologies. Aims of the Internet users — from the harmless search for information and copying of graphics, audio and video and software to the intrusion into computers and networks with Internet access for the purpose of stealing information of different degrees of confidentiality and the start of the destructive software and network viruses. => difficult choice of appropriate specialized tools for protection, warning and detection of the attacks from 6 Internet

Student’s Knowledge after Training applying methods of network traffic and security monitoring applying methods of malefactors intrusion detection in a network applying and developing own methods, strategies, and tools for securing networks estimating the quality of services and products offered in the Internet carrying out research in the World Wide Web 7 using e-mail and news groups

EC Characteristics

The subject of the EC - the Internet - is very dynamic => the EC should be dynamic. The content of its core is static and is based on the fundamental principles of open network security. The Internet references maintain state-of-the-art information. 8

1. Internet as an Enormous Amount of Open Information Resources Internet usage in the EC: 1) search engines and databases for in-depth study of themes; 2) file transfer service for downloading text files and software; 3) e-mail for communication with other trainees, experts, and teachers; 4) discussion groups and teleconferences on certain themes; 5) composition of private address books of Web-sites with information on the newest strategies and standards of protection, reviews of research organizations, and information 9 from hacker’s and other malefactors communities.

1). Information on security evaluation of different products: Firm Berkeley Software Design, Inc. Digital Equipment Corporation The FreeBSD Project Hewlett Packard IBM Linux (general) Linux (Caldera) Linux (Debian) Linux (Red Hat) Microsoft Corporation The Open BSD Project Santa Cruz Operation Silicon Graphic Inc. Sun MicroSystems Inc.

Web-site

e-mail

http://www.bsdi.com/support/

[email protected]

http://www.dec.com/

[email protected]

http://ftp.freebsd.org/pub/FreeBSD/CERT/ http://us-support.external.hp.com/ http://www.ers.ibm.com/tecinfo/advisories/ index.html http://www.aoy.com/Linux/Security/ http://www.caldera.com/tech-ref/security/ http://cgi.debian.org/wwwmaster/debian.org/ security/ http://www.redhat.com/ http://www.microsoft.com/security/ http://www.openbsd.org/security.html http://www.sco.com/security/ http://www.sgi.com/Support/security/security.html http://sunsolve.sun.com/sunsolve/securitypub.html

[email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] 10

2). Special programs ("patches") for security holes for some operational systems: Firm BSD/OS Caldera OpenLinux Deban Linux DEC FreeBSD HP IBM OpenBSD RedHat Linux SCO SGI Sun NT

Web-site ftp://ftp.bsdi.com/bsdi/patches/ ftp://ftp.caldera.com/pub/ http://cgi.debian.org/www-master/debian.org/security/ http://www.service.digital.com/html/patch_service.html ftp://ftp.FreeBSD.org/pub/FreeBSD/ http://us-support.external.hp.com/ http://service.software.ibm.com/aixsupport/ http://www.openbsd.org/errata.html http://redhat.com/updates/ ftp://ftp.sco.com/SSE/ ftp://sgigate.sgi.com/patches/ http://sunsolve.sun.com/sunsolve/pubpatches/patches.html http://www.microsoft.com/security/ 11

3). Security tools available for the public: ftp://ciac.llnl.gov/pub/ciac/sectools/unix/ ftp://coast.cs.purdue.edu/pub/tools/

ftp://ftp.cert.org/pub/tools/ ftp://ftp.win.tue.nl/pub/security/ ftp://ftp.funet.fi/pub/unix/security/

12

Another Useful Information 4). Attack research centers. 5). Books on security problems. 6). Mailing lists on security. 7). Web-sites concerning security. 8). Discussion groups on information security. 9). Certification organisations. 13

Russian Resources on Information Security http://www.infotecs.ru/gtc - Russian State Technical Commission (Gostechcomissia) http://www.rocit.ru - Russian Public Center of Internet Technologies

14

Russian Resources on Information Security http://www.list.ru/catalog/10945.html - information resources on computer security; http://www.securityclub.ru/intri.htm - Web-servers of 165 companies, activities of which are connected with different aspects of security maintenance; http://www.sec.ru - list of 220 data security market companies; http://security.tsu.ru/ - references on publications about computer and network security; http://i-secure.al.ru/ - Internet security 15 etc.

Russian Hakers Sites      

http://www.hackzone.ru http://www.hackworld.ru http://www.xakep.ru http://www.cyberhack2000.boom.ru http://hackz.hotmail.ru http://hackblock.chat.ru etc. 16

2. Internet as an Environment for Distance Learning through the Open Network A student is an active participant of the training process (even during lectures)

Virtual audiences and Web-technology are an effective environment for such active training

17

Stages of EC development The illustrative material (IM) for the EC = presentation of > 700 slides (Windows; Microsoft PowerPoint). Location: faculty local area network (LAN) server with access to 1) staff during classes and 2) students during their independent work. Requirements: 16-Mb hard disc space and not less than 24 KB RAM for demonstration. The slides were complemented by hypertext references to Web-sites in the Internet, acquaintance with which assumes use of any standard Web-browser (Netscape Navigator, Microsoft Internet Explorer etc.).

The electronic tutorial (ET)

18

The electronic tutorial’s cover

19

Objectives of the ET creation 1) to help lecturers to present their professional knowledge in a most effective — electronic — way that would give them the necessary modern level and a high quality of stated material; 2) to apply teaching based on automation and involving extensive information resources of the Internet; 3) to place students in such an environment, where they can creatively use this technology as a part of their daily exercises within the framework of self-education, actively construct their own knowledge, set their individual style of training and master new information; 4) to give state-of-the-art information on the EC theme at the expense of usage of hypertext references to Web-sites with the newest documents, demos of the latest software information protection tools for networks, and descriptions 20 of functionality of hardware protection tools.

The World Wide Web is rather an attractive environment for the expansion of training opportunities due to: 1) Web-browsers are easy in use and are widely accessible; 2) Web pages can contain any information stored in a computer including multimedia (images, sound, video...); 3) Web pages support interaction by means of forms or executable code such as Java. 21

ET usage: independent teaching CDROM ("off-line training") at home PC

IM can be represented on an institute Web-site

separate block of network file server ("online training")

at display classes with connection to network of institute, faculty or department and access to all network information resources (databases, software, libraries etc.)

With an instructor

2 + access to other open systems and the global Internet network

22 Without an instructor

Progress Test is Carried out by: 1) checking material understanding, during which a student is to do quizzes of two types with a multiple choice: a) between "yes" or "no"; b) from some substantial sentences (2, 3 or more) (“common tutorial” - now exsists), 2) applying new knowledge and skills to develop new integrated network security strategies, to find and eliminate network vulnerabilities, to make conclusions about advantages and disadvantages of some security tools, to write some program modules for perfection of already available protection tools or for implementation of some remote network attacks (“practical tutorial” with artificial intelligence - in future!); 23 3) doing an examination at the end of the EC.

Advantages of Distance Learning System in Russia 1) equal educational opportunities for everybody irrespective of where they are living; 2) the EC can be installed and run at a remote computer; 3) this remote PC can address all institute network resources and open networks to which a network manager has opened access; 4) training becomes very flexible and individual and focuses on the needs and interests of a trainee; 5) students can work irrespective of time and place with a suitable rate of acquaintance with the course material; 6) expenses for training for students are essentially reduced. 24

Questions

e-mail: Ms. Natalia Miloslavskaia - [email protected] Mr. Alexander Tolstoi - [email protected]