Archives

As indicated in the National Strategy to Secure Cyberspace [1], one of the priorities of the United States is to grow and then maintain the number of skilled professionals in Information Assurance. In fact, such professionals are needed at all levels of industry – from those implementing our networks to those researching and designing the technologies. The National Center of Academic Excellence in Information Assurance Education, East Stroudsburg University of Pennsylvania, has partnered with the NSA recognized (IACMM) firm Backbone Security, Northampton Community College, Monroe Career and Technical Institute, and northeastern PA secondary schools to address this priority.

Computer forensics is a hands-on discipline. Introductory skills, however, can be taught using simple exercises that require neither expensive laboratory facilities nor even face-to-face courses. This paper describes a simple floppy disk analysis project that allows an instructor to address issues ranging from the computer forensics process and basics of file systems to long file names, file signatures, and hashing. Projects are essential to teaching this discipline as they support active learning, constructivism, and active learning. These hands-on projects also offer an opportunity for courses to be taught online and for students to build their own toolkits using open source or commercial software.

We present a laboratory module that follows an end-to-end security process pattern in securing real world applications. The overall goal is to relate theoretical concepts of cryptography and security protocols to implementation solutions and their use in the workplace. In a series of activities for installing, certifying and working with systems, each configuration decision and communication exchange is evaluated and discussed in the context of the theoretical knowledge acquired in our core courses in cryptography, network and software security, and network management and security.

It appears that at many, not to say, most, schools, cryptography is being taught to Computer Security and Information Assurance students by mathematicians or cryptographers. By their own reports, mathematicians and cryptographers tend to teach what interests them, even at the expense of what the student needs to know. While this may simply be a matter of pedagogy, it is often a matter of content. While the student may identify or infer for himself what he needs to know, it should not be left either to him or to chance.