ABSTRACT
Sniffing attack is a common network attack and a fundamental topic to information security education. The sniffing attack is usually used by malicious users to spy network traffic, and to collect confidential and sensitive information. With the objective of enhancing information security education, this paper discusses what fundamental security concepts and hands-on skills the students need to know and acquire about network sniffing attack, respectively. The learning objective of the discussed hands-on lab exercises is to teach students how to practically sniff network traffic in an isolated network laboratory environment and detect hosts preforming sniffing activities. The paper does so in the hope that it will encourage the teaching of sniffing attack topic when offering courses on network security, using a hands-on approach. The paper discusses also the implications of the offered hands-on lab exercises on the students' performance and learning outcomes.
- Ace Password Sniffer tool. http://www.effetech.com/aps.Google Scholar
- Brutus, S., Shubina, A., and Locasto. M. 2010. Teaching principles of the hacker curriculum to undergraduates. In the Procceedings of the 41st ACM Technical Symposium on Computer Science Education. 2010, Milwaukee, WI, USA, 122--126. Google ScholarDigital Library
- Chen, L., and Lin, C. 2007. Combining theory with practice in information security education. In Proceedings of the 11th Colloquium for Information Systems Security Education. 2007, Boston, MA, USA, 28--35.Google Scholar
- CommView Packet Analyzer tool. http://www.tamos.com.Google Scholar
- CNSS. 2004. National Information Assurance Standard for System Administrators (SAs). Committee on National Security Systems. March 2004.Google Scholar
- Cook, T., Conti, G., and Raymond, D. 2012. When good Ninjas turn bad: Preventing your students from becoming the threat. In the Procceedings of the 16th Colloquim for Informaion System Security Education. 2012, Lake Buena Vista, Florida, USA, 61--67.Google Scholar
- Ledin, G. 2011. The growing harm of not teaching malware. Communications of the ACM, 54(2), 2011, 32--34. Google ScholarDigital Library
- Logan, P., and Clarkson, A. 2005. Teaching students to hack: Curriculum issues in information security. In the Procceedings of the 36th SIGCSE Technical Symposium on Computer Science. ACM SIGCSE. 2005. St. Louis, MO, USA, 157--161. Google ScholarDigital Library
- NetScanTools Pro tool. http://www.netscantools.com.Google Scholar
- Nmap tool. http://www.nmap.org.Google Scholar
- NSTISS. 1994. National Training Standard for Information Systems Security (InfoSec) Professionals. NSTISS. June 20 1994.Google Scholar
- PMD tool. http://webteca.altervista.org/index.htm.Google Scholar
- PromiScan tool. http://www.securityfriday.com.Google Scholar
- Trabelsi, Z., and Alketbi, L. 2013. Using network packet generators and Snort rules for teaching Denail of Service Attacks?, In Procceedings of the 18th ACM Conference on Innovation and Technology in Computer Science Education, ITiCSE'13. 2013, Canterbury, UK, 285--290. Google ScholarDigital Library
- Trabelsi, Z. 2011. Hands-on lab exercises implementation of DoS and MiM attacks using ARP cache poisoning. In Proceedings of the Information Security Curriculum Development Conference. 2011, Kennesaw, GA, USA, 74--83. Google ScholarDigital Library
- Trabelsi, Z., and Shuaib, K. 2008. A novel Man-in-the-Middle intrusion detection scheme for switched LANs. International Journal of Computers and Application (202), 2008.3.202--2195.Google Scholar
- Trabelsi, Z., Hayawi, K., Al Braiki, A., and Mathew, S. S. 2013. Network attacks and defenses: A hands-on approach. CRC Press, 2013. Google ScholarDigital Library
- Trabelsi, Z., and Ibrahim, W. 2013. A Hands-on Approach for Teaching Denial of Service Attacks: A Case Study, Journal of Information Technology Education: Innovations in Practice (JITE:IIP), Volume 12, 2013, 299--319.Google Scholar
- Yuan, D., and Zhong, J. 2008. A lab implementation of TCP SYN flood attack and defense. In the Procceedings of the 9th ACM SIGITE Conference on Information Technology Education. 2008, Cincinnati, OH, USA, 57--58. Google ScholarDigital Library
Index Terms
- Enhancing the comprehension of network sniffing attack in information security education using a hands-on lab approach
Recommendations
Using network packet generators and snort rules for teaching denial of service attacks
ITiCSE '13: Proceedings of the 18th ACM conference on Innovation and technology in computer science educationTeaching ethical hacking techniques is fundamental to security education and allows students to better understand the ways in which computer and network systems fail. This paper discusses the implementation of comprehensive offensive hands-on lab ...
Hands-on lab exercises implementation of DoS and MiM attacks using ARP cache poisoning
InfoSecCD '11: Proceedings of the 2011 Information Security Curriculum Development ConferenceThe field of academic security education today is dominated by defensive techniques. However, recently, offensive techniques which were originally developed by hackers, are gaining widespread approval. Many information security educators believe that ...
Ethical Hacking in Information Security Curricula
Teaching offensive security ethical hacking is becoming a necessary component of information security curricula with a goal of developing better security professionals. The offensive security components extend curricula beyond system defense strategies. ...
Comments