Abstract
Designing engaging exercises when students do not yet possess a lot of knowledge can be difficult. We show how we draw on students’ prior knowledge, along with basic introductory concepts, to design an elemental (but fun) port scan exercise in an introductory security testing module. While “capture the flag” is a security industry standard for exercises, it can require a lot of in-depth knowledge to properly implement and complete. Using basic computer science concepts such as ports and ASCII values, we design a simplified capture the flag exercise where students can make use of deductive reasoning to complete the game. Overall, the exercise was received favourably by the students who found it challenging but enriching.
I would like to thank my Information Security in the WWW class of 2019 for braving this exercise!.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The nginx configurations and python scripts are available for download from: https://blauw.link/wise13.
References
Senge, P.M.: The Fifth Discipline: The Art & Practice of The Learning Organization. Doubleday, New York (2006)
Kolb, D.A.: Experiential Learning: Experience as the Source of Learning and Development. Pearson Education, Upper Saddle River (2015)
Huotari, K., Hamari, J.: Defining gamification - a service marketing perspective. In: Proceeding of the 16th International Academic MindTrek Conference, pp. 17–22, October 2012. https://doi.org/10.1145/2393132.2393137
Lee, N., Manners, D.: Gamification of penetration testing. Counterterrorism and Cybersecurity, pp. 343–347. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-17244-6_14
Felder, R.M., Silverman, L.K., et al.: Learning and teaching styles in engineering education. Eng. Educ. 78(7), 674–681 (1988)
Wilhelm, T.: Professional Penetration Testing: Creating and Learning in a Hacking Lab. Syngress, Waltham (2013)
NMAP: Nmap: the Network Mapper - Free Security Scanner (2020). https://nmap.org/
Rocha, J.B., Mascarenhas, S., Prada, R.: Game mechanics for cooperative games. ZON Digit. Games 2008, 72–80 (2008)
Atkin, M.S., Westbrook, D.L., Cohen, P.R.: Capture the flag: military simulation meets computer games. In: Proceedings of AAAI Spring Symposium Series on AI and Computer Games, pp. 1–5 (1999)
Bishop, M.: A design for a collaborative make-the-flag exercise. In: Drevin, L., Theocharidou, M. (eds.) WISE 2018. IAICT, vol. 531, pp. 3–14. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-99734-6_1
Cowan, C., Arnold, S., Beattie, S., Wright, C., Viega, J.: Defcon capture the flag: defending vulnerable code from intense attack. In: Proceedings DARPA Information Survivability Conference and Exposition, vol. 1, pp. 120–129. IEEE (2003)
Vigna, G.: Teaching network security through live exercises. In: Irvine, C., Armstrong, H. (eds.) WISE 2003. IAICT, vol. 125, pp. 3–18. Springer, New York (2003). https://doi.org/10.1007/978-0-387-35694-5_2
nginx: Server block examples | NGINX (2020). https://www.nginx.com/resources/wiki/start/topics/examples/server_blocks/
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 IFIP International Federation for Information Processing
About this paper
Cite this paper
Blauw, F.F. (2020). Enlivening Port Scanning Exercises with Capture the Flag and Deduction. In: Drevin, L., Von Solms, S., Theocharidou, M. (eds) Information Security Education. Information Security in Action. WISE 2020. IFIP Advances in Information and Communication Technology, vol 579. Springer, Cham. https://doi.org/10.1007/978-3-030-59291-2_12
Download citation
DOI: https://doi.org/10.1007/978-3-030-59291-2_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-59290-5
Online ISBN: 978-3-030-59291-2
eBook Packages: Computer ScienceComputer Science (R0)
