Teaching Security via Problembased Learning Scenarios - PowerPoint PPT Presentation

1 / 24
About This Presentation
Title:

Teaching Security via Problembased Learning Scenarios

Description:

IP subnetting and NAT. Security architecture/ technology. Firewalls, DMZ, IDS. Encryption ... Seminar on subnetting. http://www.hope.ac.uk/ Deliverables ... – PowerPoint PPT presentation

Number of Views:37
Avg rating:3.0/5.0
Slides: 25
Provided by: chr1
Category:

less

Transcript and Presenter's Notes

Title: Teaching Security via Problembased Learning Scenarios


1
Teaching Security via Problem-based Learning
Scenarios
  • Chris Beaumont
  • Senior Lecturer
  • Learning Technology Research Group
  • Liverpool Hope University College
  • beaumoc_at_hope.ac.uk

2
Agenda
  • What is PBL?
  • Why use PBL?
  • How did we use it?
  • Example
  • Issues
  • Success
  • Questions, comments insults?

3
Problem-Based Learning (PBL)
In teams, students are given a problem they
dont know how to solve. they devise a
strategy to solve it.
4
Why PBL?
Motivational
  • Starts where they are
  • Learning is relevant effective
  • They learn what they need to solve the problem
  • Develop skills
  • problem solving, critical analysis, team work,
    reasoning, reflection, manage uncertainty
  • Employability

5
PBL and security
  • PBL works best with ill-defined (messy)
    real-world problems that have a number of
    alternative solutions and are open ended.
  • Security provides a rich environment for such
    scenarios

6
How? - Example
  • Systems network Security module
  • 15 credit final year undergraduate module
  • 2 hours per week PBL tutorial / Lab session
  • 4/5 weeks in lab
  • Teams of 5 students
  • Coursework Seen exam
  • Prior knowledge LAN module

7
Learning Outcomes
  • Critically and systematically analyse the
    exposure to security threats of a networked
    computer system
  • Formulate a reasoned and appropriate plan to
    address the risks in a networked computer system
  • Use appropriate tools to implement aspects of
    security in a networked computer system

8
Key skills assessed
  • Problem-solving
  • Communication
  • Working with others
  • Improving own learning and performance

9
PBL Scenario
  • Ace Training Ltd IT training company with head
    office Liverpool, Training centre Manchester
  • Small 100BaseT LAN in each office (one server)
    802.11g in Liverpool for Laptops.
  • Restricted Internet access (mgt only). No
    internal email

10
PBL Scenario
  • Liverpool office
  • Sales dept (11) use Sage Act! and MS Office.
  • Accounts Dept use Sage Line 50
  • Personnel data also stored.
  • Marketing dept use QuarkXPress

11
PBL Scenario
  • The board of directors has now decided to extend
    the network with the following requirements
  • Email and internet access for all staff in
    Liverpool.
  • Host its own Web site in Liverpool (with a view
    to ultimately incorporating some form of
    e-commerce on-line course booking).
  • Enable the Training Centre manager and
    administrators to access various company data on
    the Liverpool server

12
PBL Scenario
  • The board are aware that they do not have the
    expertise to develop an ISMS and have called you
    in to help them. Your terms of reference are
  • To perform a systematic risk assessment of the
    security threats to the company assets, and
    provide recommendations for risk treatment.
  • To design and present a proposal for a secure
    network architecture to meet the present
    requirements and construct a demonstration
    network to show proof of concept

13
Expected Clarification Issues
  • Eg
  • Company Assets
  • Policies
  • Email requirements
  • Availability requirements
  • Network details (eg resilience features)
  • Laptop usage

14
Expected Learning Issues
  • What should an ISMS consist of?
  • Confidentiality, Availability, Integrity
  • BS 7799
  • Threats and Vulnerabilities
  • Risk Assessment treatment
  • Legal Issues

15
Expected Learning Issues
  • IP subnetting and NAT
  • Security architecture/ technology
  • Firewalls, DMZ, IDS
  • Encryption
  • Authentication and Authorization
  • Secure transmission VPN / SSL

16
Expected Learning Issues
  • Configuring Software for demonstration
  • CheckPoint
  • Win2k Routing
  • IIS

17
Resources
  • Set book
  • Panko (2004) Corporate Computer Network
    Security
  • BS7799 parts 1 2
  • Internet resources
  • Lab session on routing and CheckPoint
    configuration
  • Seminar on subnetting

18
Deliverables (assessed)
  • Reports
  • Risk assessment
  • Proposed architecture / technologies used with
    justification and consideration of alternatives.
  • Demonstration network (5 PCs)
  • Individual research reports
  • Team Presentation

19
Lab resources
  • Each team has 5 hard disks/ caddies 5 PCs with
    several NICs in each, connected to patch panel.
  • Team has two switches.
  • Hard disks pre-installed with Win2k Server, one
    has CheckPoint firewall.

20
Example solution for similar scenario - Firewall
rules also provided
21
Typical team lab setup
22
Issues
  • Level of detail
  • Can be superficial - need to question thoroughly
  • Lab issues configuration problems with routers/
    CheckPoint

23
Successes
  • Team work
  • Motivation
  • Research-based solutions
  • Variation in solutions

24
The Secret of success?
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Teaching Security via Problembased Learning Scenarios" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!