Developing an Undergraduate Course Curriculum for Ethical Hacking

An Ethical Hacking (EH) course not only is a critical component for a Cybersecurity program but also an essential preparation for CS/IT majors towards career paths as security professionals. We face two major challenges when developing an undergraduate EH course, including the setup and choice of the lab design, and the choice and organization of covered topics for this course. On one hand, we have limited space, budget and technical support for a course that relies heavily on hands-on exercises. Given the nature of this course, the lab activities are often 'offensive' and lab operations demand administrative privileges, which cause compliance issues with the university's IT policies. On the other hand, given the vast variety of topics and the fast pace of the field, it is difficult to select and organize an essential set of knowledge units to ensure that students are exposed to current technologies and prepared to be industry-ready. We adopt two major design principles to address these challenges correspondingly. First, our choice of a hybrid Virtual Machine (VM)-based and Web-based labs provides students the full set of privileges to perform lab activities without posing threats to the campus network. The Web-based labs remove high cost of hardware and avoid overwhelming installations and configurations for the lab. Second, given the diversity of topics and fast developments in this field, we choose topics based on four criteria: representative, current, certification-related, and foundations for other covered concepts. The chosen topics are aligned with three EH certificates, and organized into twelve modules with clear inter-module and intra-module logic. This paper details the curriculum of this EH course and elaborates how our design principles are entailed in the course.

[1]  Xinli Wang,et al.  Hands-on Exercises for IT Security Education , 2015, SIGITE.

[2]  Yang Wang,et al.  Teaching a networking class for freshmen: course design and lessons learned , 2014, SIGITE '14.

[3]  Peter Shipman,et al.  Lab on a Stick , 2015, SIGITE.

[4]  Yang Wang,et al.  Developing an Undergraduate Course Curriculum on Information Security , 2018, SIGITE.

[5]  Brian A. Pashel Teaching students to hack: ethical implications in teaching students to hack at the university level , 2006, InfoSecCD '06.

[6]  Dale C. Rowe,et al.  The Untrustables: How Underclassmen Evolved Our Approach to Student Red-Teaming , 2016, SIGITE.

[7]  Zouheir Trabelsi,et al.  Ethical Hacking in Information Security Curricula , 2016, Int. J. Inf. Commun. Technol. Educ..

[8]  Mengjun Xie,et al.  EZSetup: A Novel Tool for Cybersecurity Practices Utilizing Cloud Resources , 2017, SIGITE.

[9]  Aihua Jendy Wu Project Development for Ethical Hacking Practice in A Website Security Course , 2014, WCCCE.

[10]  Tam N. Nguyen,et al.  Certified ethical hacker v.10 online course: a case study , 2018, IC4E.

[11]  Wu He,et al.  Teaching Security Management for Mobile Devices , 2016, SIGITE.

[12]  Te-Shun Chou,et al.  Developing and Evaluating an Experimental Learning Environment for Cyber Security Education , 2018, SIGITE.

[13]  Yang Wang,et al.  Teaching Network Administration in the Era of Virtualization: A Layered Approach , 2017, SIGITE.

[14]  Chi Zhang,et al.  Bottleneck analysis with NetKit: teaching information security with hands-on labs , 2014, SIGITE '14.

[15]  Rajesh Kalyanam,et al.  CHEESE: Cyber Human Ecosystem of Engaged Security Education , 2019, SIGITE.

[16]  Tae Hwan Oh,et al.  Feasibility of virtual security laboratory for three-tiered distance education , 2010, SIGITE '10.

[17]  Marco Ghiglieri,et al.  SecLab: An Innovative Approach to Learn and Understand Current Security and Privacy Issues , 2016, SIGITE.

[18]  Patricia Y. Logan,et al.  Teaching students to hack: curriculum issues in information security , 2005 .

[19]  Mengjun Xie,et al.  Platoon: A Virtual Platform for Team-oriented Cybersecurity Training and Exercises , 2016, SIGITE.

[20]  Yi Hu,et al.  Penetration testing in a box , 2015, InfoSecCD.

[21]  Felix C. Freiling,et al.  Is attack better than defense?: teaching information security the right way , 2006, InfoSecCD '06.

[22]  Lei Li,et al.  Developing Hands-on Labware for Emerging Database Security , 2016, SIGITE.

[23]  Rajesh Kalyanam,et al.  Try-CybSI: An Extensible Cybersecurity Learning and Demonstration Platform , 2017, SIGITE.