THE EDUCATIONAL COURSE "VULNERABILITY AND PROTECTION METHODS IN THE GLOBAL INTERNET NETWORK" — ABOUT THE EXPERIENCE OF THE MOSCOW STATE ENGINEERING PHYSICS INSTITUTE Natalia Miloslavskaia, Ass. Prof. Alexandre Tolstoi, Ass. Prof. Moscow State Engineering Physics Institute (Technical University), 31, Kashirskoye sh., Moscow, Russian Federation, 115409 E-mail:
[email protected] URL: http://www.fis-mephi.ru
Abstract The paper presents the experience of creation and successful teaching of the educational course "Vulnerability and Protection Methods in the Global Internet Network" for training professionals in the field of information security in the Moscow State Engineering Physics Institute (Technical University) at the faculty "Information Security". The illustrative material for the educational course contains presentation of more than 400 slides, which are located on the faculty local area network server and accessible by students for their independent work as well as by teachers during lectures. There are hypertext references on some slides, which can ensure access to appropriate Web-sites in the Internet with help of any standard browser. The detailed description of the educational course structure is submitted. The given project is designed within the framework of developing the distance learning system in Russia.
1. Introduction There are structural changes in higher education system concerning not only structure of student's collectives but also training paradigms and educational schedules. A student becomes an active participant of the training process even more often in classes — not only during laboratory exercises but also during lectures. [Let's note that in this paper under "a
student" we will understand anyone trained — actually student, post-graduate student, or student of qualification improvement courses for professionals in the field of information security.] Progress in the field of computer networks and digital technologies development makes virtual audiences and Web-technology an effective environment for such an active training. The training system of personnel with higher education in the field of information security is created in Russia. The expert training on three specialities dealt with information protection is conducted approximately at 15 Russian universities now. The activity of these universities is licensed by Russian State management institutions. The leading role in this system of highly skilled experts training belongs to the Moscow State Engineering Physics Institute (Technical University) (MEPhI). There is the faculty "Information Security" at this university, which includes five departments: "Information Protection", "Cryphtology and Discrete Mathematics", "Strategic Information Researches", "Information Security of Banking Systems", "Computer Law". The listed departments conduct expert training on two specialities — "Complex Maintenance of Automated Systems Information Security" and "Jurisprudence" — with the following specializations: "Technologies of Maintenance of Banking Automated System Information Security", "Security Maintenance of Distributed Information Systems", "Methods and Tools of Information Security", "Technology of Maintenance of Information Security by Cryptological Methods and Tools", "Computer Law". In 1997 at the MEPhI at the department "Information Protection" of the faculty "Information Security" we began to develop the educational course (EC) "Vulnerability and Protection Methods in the Global Internet network" [5], which was successfully tested on seniors and post-graduate students in 1998. The EC is taught as the basic course on the speciality "Complex Maintenance of Automated Systems Information Security". The necessity of developing such a course has been caused by widespread and extensive, even explosive, growth of the global Internet network. According to estimations of various international expert organizations, for January 1999 the Internet, containing more than 320 million documents and serving daily more than 115 million users, consists approximately of 45 million hosts (hosts are active computers with unique Internet-addresses). This process can be seen not only on the international scale but also in Russia. According to the Russian Public Center of Internet Technologies in our country there were registered about 180,000 hosts to the beginning of 1999. It is possible to find more than 26,000 information resources in the Internet in Russian language; these are various Web-sites, pages, servers, and independent thematic sections. About 1,500,000 of Russian Internet users can be divided into the following categories depending on their places of access to the network. 250,000 users have got the right of access to the Internet in private usage. About 500,000 users have access to the Internet from corporative networks. About 600,000 users have access to the Internet from educational and academic networks.
In this connection we witness ever-increasing interest of various groups of users (from specialists without training in the field of information technologies and home-computer users to experts in the field of computer networks and network technologies) in the services offered by the Internet and skills of correct and safe work within the Internet. The aims pursued by the Internet users are also varied a lot — from harmless search for information about scientific research, hobbies, tourism, weather forecasts, etc., copying graphic, audio, and video files, and software (shareware or demos) to intrusion into computers and networks with the Internet access for purposes of stealing information of different confidentiality degrees, discrediting of separate corporations activity, running destructive software, and embedding network viruses. There are bad intentions of the certain category of users, the vicious persons (malefactors), that make organizations concerned with information security work out, improve, and offer free-of-charge or commercial specialized tools for protection, alerting, and detection of attacks from the Internet to the customers. The range of these tools is very wide in so far as their applications and methods of use are concerned, therefore, network and security managers are especially in need of classified knowledge of all possible modern methods and ways of protection from non-authorized access to their networks. There has been developed the EC on the subject "Vulnerability and Protection Methods in the Global Internet Network" in connection with ever-growing needs of students, post-graduate students, and teachers for familiarizing themselves with all material collected at "Information Protection" department. The illustrative material (IM) to this course is implemented under Windows 95 environment on the basis of Microsoft PowerPoint 97 and includes the presentation consisting of more than 400 slides. IM files are located on the faculty local area network (LAN) server; access to which is opened to teachers during the classes and to students during their independent work. The further development of the created EC was aimed on its improvement. The slides were complemented by information in form of hypertext references to Web-sites in the Internet, acquaintance with which assumes use of any standard Web-browser (Netscape Navigator, Microsoft Internet Explorer etc.) [1, 4]. Difficulties of designing and implementing of more convenient and profitable intellectual training systems stimulated inventions of some new approaches in this area, among which it is possible to allocate intellectual training environments (intelligent tutoring shells) [8]. We followed the same way: created IM and our teachers' experience on working with an audience have become the basis of electronic tutorial (ET) which now is being developed on the specified subject. We followed new education strategy allowing enriching teaching and training by a new kind of information representation.
2. Main objective of the educational course creation
Main objective of creation of given course is to support students with such a level of knowledge that would allow them: 1) to apply methods of network traffic and security monitoring; 2) to apply methods of malefactors intrusion detection in a network; 3) to apply and to develop their own methods, strategies, and tools for securing networks; 4) to estimate quality of services and products offered in the Internet; 5) to carry out research in the World Wide Web; 6) to use e-mail and teleconferences. Let's note that there are certain requirements for preliminary preparation for novices' training in the course. These requirements imply knowledge of the following sections: Internet protocols; Internet services;
basic principles of network security and protection technologies; network operating systems (Unix, Windows 95 and NT, Netware); database management systems;
computer viruses; programming languages and technologies (C, Java, and ActiveX). The EC "Vulnerability and Protection Methods in the Global Internet Network" traditionally consists of three basic forms of classes: lectures, seminars, and laboratory exercises. At lectures the teacher states the basic theoretical material. At seminars practical questions are considered and preparation for laboratory exercises is conducted. During laboratory exercises students receive skills of working with some PC and network protection and monitoring tools and get acquainted with Internet information resources concerning with EC subject. The control of knowledge on given EC is carried out by: 1) checking homework, during performance of which a student passes quizzes, writes some program modules for perfection of already available protection tools or for implementation of some remote network attacks, and develops integrated protection of networks with particular topology and segmentation while connecting to the Internet; 2) passing an examination at the end of the EC. The EC is designed for one educational semester (16 weeks) and covers 64 academic hours. They are distributed as follows: 2 hours per week — lectures, 1 — seminars, and 1 — laboratory exercises. Totally we have 32 hours of lectures, 16 hours of seminars, and 16 hours of laboratory exercises during a semester.
3. The course structure
Subject of teaching, as well as everything concerned with the Internet, is very dynamical: literally each day malefactors develop new methods of system breaking and crashing; in return the market of protection tools responds with releasing appropriate products for intrusion detection and defense. For this reason the dynamic principle was incorporated into the basis of the approach to creating EC itself. The EC should be dynamical, but the content of its core is static and based on the fundamental principles of open network security. Due to the Internet references the maintenance of state-of-the-art information and its updating can be submitted in the EC. The substantial information is linked by various relations and structured depending on the characteristics of the training purposes. The training part of the EC consists of the following sections: detailed description of the main ideas of all chapters, sections etc.; notes; analysis of certain examples;
glossary; references; Internet resources.
The textual material of the EC is divided into four main semantic units: 1. Introduction: brief discussion of principles, which underlie Internet design and influence security of stand along computers and networks connected to the Internet; main types of Internet users and their purposes in maintenance of information protection; some examples of system breaking and statistical data on threats in networks; types of malefactors and main reasons of network breaking; classification of remote attacks and typical schemes of attacks; classic and modern methods of intrusions. 2. Weakness and vulnerability in various types of networks and the Internet used for nonauthorized access to information: weakness and vulnerability of protocols, system utilities, commands, and information services; some examples of attacks using errors in programming; attacks by network computer viruses. 3. Protection tools used for securing connections between firm networks and the Internet: levels of security in the Internet; some conceptual approaches for networks and interworking protection; security policies and means of their implementation; fundamentals of client/server architecture protection; Internet host protection, including protection of database management systems and network operating systems (by examples of UNIX, Windows NT, Novell Netware);
communication channel protection by means of firewall installation and various systems of password and message encryption; monitoring and auditing tools which detect weak places in networks; electronic data interchange protection; selection of protected network topology; existing hardware-software protection tools for different kinds of attacks; 4. Conclusion: attacks attributes;
list of tools that should be installed in a network with access to the Internet; some practical recommendations for protection of networks having access to the Internet; some useful Web-sites with additional information on the themes of the EC.
4. The illustrative material to the educational course The exposed base theoretical material is accompanied by the IM in the form of the slideshow projected by a lecturer for better visualization on a blackboard. Let's allocate main objectives of creating the IM to the EC: 1) to help teachers to present their professional knowledge in a new, most effective — electronic — way that would give them necessary modern level and high quality of stated material; 2) to apply teaching based on automated and involving extensive information resources of the Internet approaches to educational schedule exposition to students; 3) to place students in such an environment, where they can creatively use this technology as a part of their daily exercises within the framework of self-education; students can actively construct their own knowledge setting their individual style of training and mastering of new information in this environment; 4) to give state-of-the-art information on the EC theme at the expense of usage of hypertext references to Web-sites with the newest documents, demos of the latest software information protection tools for networks, and descriptions of functionality of hardware protection tools. The IM to the EC can be used either in the form of independent teaching CD-ROM (we call this "offline training") or as the separate block of the faculty network file server ("online training"). The CD-ROM can be easily used in the educational schedule of any institute or university or it can be accessible from other open networks (while working in an appropriate network environment). For this reason we see three possible ways of our IM usage with some versions and, as a result, with the various requirements to the system: 1) at the home computer as an independent module (in this case the IM is simply independent CD-ROM);
2) in institute display classes with connection to network of department, faculty, or institute and access to all network information resources (for example, databases, software, libraries etc.) a) with a teacher or b) without a teacher; 3) at institute display classes with connection to a) a network of department, faculty, or institute and access to all network information resources, b) and also with access to other open systems and the global Internet network c) with a teacher or d) without a teacher. In case 2 and 3 the IM can be used both as CD-ROM and as the separate unit of a network file server. Also the IM can be represented on a faculty Web-site, which is used for information interchange and implementation of communications foreseen at the course (among students, among students and teachers etc.). IM files requires 12-Mb hard disc space on the server and not less than 24 KB RAM for their demonstration. Also it is possible to allocate not only various system requirements to the IM versions but, that is more essential for training process, the different methodological approaches concerning student-teacher interactions, access to various network resources, depth and order of course material study.
5. Training gear Training gear chosen by the EC developers is based on Web-technology (with hypertext links to various types of information). The Web-technology usually supports static training and inexpensive access. The hypertext connections are created with the purpose of transition to appropriate Internet addresses that allows to depart from conventional static training and to apply dynamical acquaintance with news concerning the course subject. Therefore, the World Wide Web, one of the mostly used Internet services, is rather attractive environment for expansion of training opportunities due to some reasons [2]: 1) Web-browsers are easy in use and are widely accessible; 2) Web pages can contain any stored in a computer information including multimedia (images, sound, video etc.); 3) Web pages suppose interaction by means of the forms or executable contexts such as Java. Let's also list the basic principles of the Internet usage in our EC [3]: 1) usage of search engines and databases for in-depth study of the most important themes; 2) usage of file transfer service FTP for downloading files and the latest versions of software;
3) usage of e-mail for communication with other trainees, experts, and teachers during student's independent work; 4) usage of discussion groups and teleconferences on certain themes; 5) composition of private address books of Web-sites, where is possible to find out information about the newest strategies and standards of protection, reviews of well-known research organizations, information from various hacker and other malefactors communities.
6. Conclusion Today valuable information and illustrative material assembled during EC development is being processed into its further representation as an electronic tutorial (ET) on the above subject. The ET usage will allow to organize training process on given subject more flexibly and creatively, being oriented to ability and feature of material mastering by students, and also perfect approach to student knowledge testing by teachers from the practical point of view. Thus, the fundamental basis of described EC development in the way of ET designing will be created within the framework of distance learning system [6-8], which are actively implemented in Russia now. Today importance of distance learning is considered in a context of global computer network use and idea of equal educational opportunities for everybody irrespective of whether they live — in highly developed countries or in small agricultural communities. There have been already achieved interesting results of experiments in the field of distance learning at all levels of training, from an elementary school to university. In our case the EC can be installed and run at a remote computer (for example, at student home computer connected by dial-up line to his/her faculty network at the university). This remote PC also can be addressed all network resources to which the faculty network manager has opened access for authorized users. Such training becomes very flexible and individual and focuses on need and interests of a trainee. Students can work irrespective of time and place with suitable rate of acquaintance with the course material. The concept of distance course learning implies two modes of working with the material: online and offline. Online learning has a number of advantages: students can directly address additional resources such as libraries. Hence they can search for other literature expanding information introduced in the EC. In case of question a student can visit suitable teleconference or read so-called "frequently asked questions" for the solution of his problems or send the appropriate inquiry by e-mail to his teacher. But this online form of training assumes certain financial expenses to a student for information transfer payment during the whole operating time that frequently is unacceptable for him. The right decision for minimizing such expenses is offline training. Students can download training blocks to their
home PCs in the form of compressed packages, which requires only short transfer time. Subsequently, course material is accessible all the time while a student studies it — it is not necessary for him to connect to the faculty network again if he wants to repeat the subject. Then the training process goes offline via the EC written on CD-ROM. In this case expenses for training for students are essentially reduced.
References [1] ARNOLD, M. Using the Web to Augment Teaching and Learning, in: Kevill, R., Oliver, R., Phillips, R., Proceedings of ASCILITE'97, December 8-10, 1997, pp. 37-41.
[2] BROOKS, D.W. Web-Teaching: A Guide to Designing Interactive Teaching for the World Wide Web, London, Plenum Press, 1997.
[3] COLLIS, B. The Internet as Educational Innovation: Lessons from Experience with Computer Implementation, in: Education Technology. Bd. 36 (1996).
[4] DYRLI, O. The Internet: Bringing Global Resources to the Classroom, Technology and Learning, 1993, vol. 14/2, pp. 50-57.
[5] MILOSLAVSKAIA, N., TOLSTOI, A., TIMOPHEEV, J. Vulnerability and Protection Methods in the Global Internet Network, Moscow, MEPhI, 1997, 236 p.
[6] MOORE, M.G., KEARSLEY, G. Distance Education: A System View, Belmont, CA, 1996.
[7] SELF, J. Theoretical Foundations for Intelligent Tutoring Systems. Journal of Artificial Intelligence in Education, 1990, 1 (4), pp. 3-14.
[8] USKOV, V. The XV IFIP World Computer Congress, 31 August — 4 September 1998. Teleteaching'98. Part II, pp. 1023-1033.
