Skip to main content

Virtual Penetration Testing: A Joint Education Exercise across Geographic Borders

  • Conference paper
  • 1734 Accesses

Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT,volume 406)

Abstract

This paper describes an exercise that combines the business case for penetration testing with the application of the testing and subsequent management reporting. The exercise was designed for students enrolled in information systems and computer science courses to present a more holistic understanding of network and system security within an organization. This paper explains the objectives and structure of the exercise and its planned execution by two groups of students, the first group being information systems students in Australia and the second group comprising students enrolled in a computer security course in the United States.

Keywords

  • Penetration testing
  • vulnerability testing
  • security education

References

  1. Kercher, K., Rowe, D.: Risks, Rewards and Raising Awareness: Training a Cyber Workforce Using Student Red Teams. In: Proceedings of SIGITE 2012, Calgary, Alberta, Canada, October 11-13 (2012)

    Google Scholar 

  2. Papanikolaous, A., Karakoidas, V., Vlachos, V., Venieris, A., Ilioudis, C., Zouganelis, G.: A hacker’s perspective on educating future security experts. In: 2011 IEEE Panhellenic Conference on Informatics (2011)

    Google Scholar 

  3. ACM, CS2008 Curriculum Update (2008), http://www.acm.org/education/curricula-recommendations (accessed May 3, 2013)

  4. ACM, IS2010 Curriculum Update (2010), http://www.acm.org/education/curricula-recommendations (accessed May 3, 2013)

  5. Conklin, A.: Cyber Defense Competitions and Information Security Education: An Active Learning Solution for a Capstone Course. In: Proceedings of the 39th Hawaii International Conference on System Sciences, Hawaii (2006)

    Google Scholar 

  6. Lathrop, S., Conti, G., Ragsdale, D.: Information warfare in the trenches. In: Irvine, C., Armstrong, H. (eds.) Security Education and Critical Infrastructures. Kluwer Academic Publishers (2003)

    Google Scholar 

  7. Mattson, J.: Cyber Defense Exercise: A Service Provider Model. In: Futcher, L., Dodge, R. (eds.) Fifth World Conference on Information Security Education. IFIP, vol. 237, pp. 51–86. Springer, Boston (2007)

    CrossRef  Google Scholar 

  8. Logan, P., Clarkson, A.: Teaching students to hack: curriculum issues in information security. In: ACM SIGCSE 2005, Louis Missouri (February 2005)

    Google Scholar 

  9. Peisert, S., Bishop, M.: How to Design Computer Security Experiments. In: Futcher, L., Dodge, R. (eds.) Fifth World Conference on Information Security Education. IFIP, vol. 237, pp. 141–148. Springer, Boston (2007)

    CrossRef  Google Scholar 

  10. Tjaden, B., Tjaden, B.: Training Students to Administer and Defend Computer Networks and Systems. In: Proceedings of ITiCSE 2006, Bologna, Italy, June 26-28 (2006)

    Google Scholar 

  11. Vigna, G.: Teaching network security through live exercises. In: Irvine, C., Armstrong, H. (eds.) Security Education and Critical Infrastructures. Kluwer Academic Publishers (2003)

    Google Scholar 

  12. Aboutabl, M.: The CyberDefense Laboratory: A Framework for Information Security Education. In: IEEE IAW West Point Military Academy, New York (2006)

    Google Scholar 

  13. Anantapadmanabhan, V., Frankl, P., Memon, N., Naumovich, G.: Design of a laboratory for information security education. In: Irvine, C., Armstrong, H. (eds.) Security Education and Critical Infrastructures. Kluwer Academic Publishers (2003)

    Google Scholar 

  14. Swanson, D.: Secure Strategies. Information Security Magazine (October 2000), http://www.infosecuritymag.com/articles/october00/features3.shtml (accessed April 3, 2013)

  15. Chickowski, E.: Too Scared to Scan, Dark Reading, TechWeb, United Business Media (UBM), Manhasset, NY (March 27, 2013), http://www.darkreading.com/security/application-security/240151869/too-scared-to-scan.html (accessed April 3, 2013)

  16. Kennedy, D., O’Gorman, J., Kearns, D., Aharoni, M.: Metasploit, The Penetration Tester’s Guide. No Starch Press Inc., CA (2011)

    Google Scholar 

  17. PTES, Penetration Test Execution Standard (2012), http://www.pentest-standard.org/ (accessed March 30, 2013)

  18. Lyon, G.: Nmap Network Scanning. Insecure.Com LLC Sunnyvale CA,USA (2008)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2013 IFIP International Federation for Information Processing

About this paper

Cite this paper

Armstrong, H., Bishop, M., Armstrong, C. (2013). Virtual Penetration Testing: A Joint Education Exercise across Geographic Borders. In: Dodge, R.C., Futcher, L. (eds) Information Assurance and Security Education and Training. WISE WISE WISE 2013 2011 2009. IFIP Advances in Information and Communication Technology, vol 406. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-39377-8_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-39377-8_2

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-39376-1

  • Online ISBN: 978-3-642-39377-8

  • eBook Packages: Computer ScienceComputer Science (R0)