Huntsville City School Board Presented to: Huntsville City School Board Huntsville City Cyber Curriculum "Approved for public release; distribution unlimited. Reference herein to any specific commercial, private or public products, process, or service by trade name, trademark, manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favoring by the United States Government. The views and opinions expressed herein are strictly those of the authors and do not represent or reflect those of the United States Government. The viewing of the presentation by the Government shall not be used as a basis of advertising." Presented by: Rob Goldsmith AMRDEC Cyber Lead U.S. Army Aviation and Missile Research, Development, and Engineering Center Date 2/6/2014

Huntsville City Cyber Curriculum Objective: Give industry insight into developing classes that will give students the skills required for a successful INFOSEC career. Current Actives: AMREC/SED personnel have been meeting with Huntsville City School personnel to develop a groundwork for an Information Security curriculum. Planned Actives: Have current Grissom High cyber team build out final project planned for next years freshmen class Prepare curriculum for 1st Information Security class that would be offered to Freshmen in School year 2014/15

Cyber Curriculum Rollout Professional Certification 2014 2015 2016 2017 2018 Objectives Activities Issues Intro To Information security (infosec) Overlap or duplication of effort from other IT classes Infosec II Initial Meeting with Huntsville City Schools Dec 17th Developed skeleton plan for curriculum Jan 2 – 20th Received feedback from facility and staff Jan 28th Submit Course descriptions for course catalog Feb 5th Infosec III Infosec IV Extracurricular Enhanced Extracurricular

INFOSEC I Will be taken as part of Freshmen Career Development Course Overview Introduction to Ethics in the Information Age Operating Systems Windows OS Intro to the Linux OS Virtualization Secure configurations at the desktop level Number systems (e.g. base 10, base 2, base 16) IP addressing Identifying network hosts and services on a network Network Applications using video game client/server setup as an example WIFI security Project: Develop a written security plan for a typical home network Final Project Build and configure network that is capable of hosting a multi player video game where each student’s machine capable of being a server or a client Provide a scan that identifies all hosts and listening services. 6b34fe24ac2ff8103f6fce1f0da2ef57 FOUNDATIONS OF CYBER SECURITY (CYBER I) This elective will introduce students to the subject of Cyber Security. Students will learn ethical standards that must be adhered to as well as legal repercussions that come with the abuse of cyber technology. Through hands on learning the students will become familiar with the Microsoft Windows Operating Systems and Linux Operating systems. Students will learn numbering systems such as binary and hex and how they are applied in network addressing and operating system configuration. Students will gain knowledge on vulnerability identification, risk assessment and mitigation techniques through the use of standard tools and scanners. This course’s ultimate goal is to give students the knowledge needed to build a computer network, configure individual hosts and apply best business practices to secure the network against inside and outside attacks.

INFOSEC II 6b34fe24ac2ff8103f6fce1f0da2ef57 Should be taken in conjunction with a Computer Networking elective or technical writing Course Overview Ethics in the Information Age (refresher) Binary number system Basic risk analysis The Linux Command Line OSI Model layers 1,2,3 and 7 Network Devices (NICs, Switches and Routers) Introduction to Microsoft Server OS and Linux Server OS Introduction to Databases Introduction to Web servers Basic programming techniques Basic Structured Query Language (SQL) Host Based Firewalls (Windows Firewall and Linux IPtables) Project: Do a written risk analysis on a Linux Lamp Server Final Project: Build and configure a Linux LAMP server and host a dynamic web site with a database backend. PRIN. OF CYBER SECURITY (CYBER II) This elective will introduce students to computer network systems that are most commonly the focus of attack. Students will be given the opportunity to build and configure the common elements found on the Internet to include database servers, web server and web application servers (i.e. PHP, Perl,ASP). In order to develop complex server environments students will be introduced to remote access terminal shells which later on will be vital towards penetration testing and attack vectors. It’s suggested this class be taken in conjunction with a computer programming elective.

INFOSEC III Prerequisites: INFOSEC II 6b34fe24ac2ff8103f6fce1f0da2ef57 Prerequisites: INFOSEC II Should be taken in conjunction with Computer programming and/or upper level math course Course Overview Ethics in the Information Age (refresher) Law as it’s applied to cyber Intro to Cryptography Intro to Forensics Tools: Network scanners, password crackers, fuzzers Intrusion Detection/Prevention IDS “Offensive” networking: port redirection, alternate uses of secure shell, VPNs, backdoors, honeypots Social Engineering / Phishing / Browser Based Exploits / File Format Vulnerabilities Project: Develop a white paper Alt Project: Develop a forensic and/or crypto tool Final Project: Analyze an existing exploit, demonstrate its use. Offer a possible mitigation. ATTACK VECTORS (CYBER III) - This elective will introduce students to common attack vectors in the cyber realm. Students will become familiar with cryptographic techniques and attacks on cryptography, as efforts used to evade forensics. This class will give a deep understanding to students on how network intrusion systems operate and how hackers evade these systems. Students will ultimately become familiar with offensive network intrusion techniques and how they are used to test and strengthen a computer system. It’s suggested this class be taken in conjunction with a computer programming elective and high level math course.

INFOSEC IV Prerequisites: INFOSEC III 6b34fe24ac2ff8103f6fce1f0da2ef57 Prerequisites: INFOSEC III Should be taken in conjunction with Computer programming and/or upper level math course Course Overview Ethics in the Information Age (refresher) The Metasploit Framework Python Scripting Exploit Development Web App Penetration Testing Formal Penetration Testing Reporting Your Results Project: Develop a Virtual “Hacker” Lab Final Project: Participate in a live or online Capture the Flag Tournament PENETRATION TESTING (CYBER IV) - This elective will allow the students to apply the skills they have to existing cyber challenges in the real world as well as prepare them for certifications to include EC-Council’s Certified Ethical Hacker (CEH). Students will be exposed to popular penetration testing tools as well as testing methodology used by professional in the cyber realm. Students will compete with cyber teams from around the world tackling challenges that originated from real work cyber attacks. This class will prepare successful students for day 1 of a promising career in cyber security.

Grissom High Cyber Team 6b34fe24ac2ff8103f6fce1f0da2ef57 6b34fe24ac2ff8103f6fce1f0da2ef57 Grissom High Cyber Security Team Grissom High Cyber Team will be an extracurricular actively whose goal is to compete and win in cyber tournaments both online and on location. This team’s purpose would be a safe place for students to collaborate and develop skills used in the professional workplace. A team environment allows students to specialize in specific areas of cyber technologies such as crypto, forensics or programming. Generally Cyber Security Professionals are Jacks of all trades and a master of ONE

Huntsville City Cyber Curriculum Questions Or Suggestions