Presentation is loading. Please wait.

Presentation is loading. Please wait.

Teaching Security via Problem- based Learning Scenarios Chris Beaumont Senior Lecturer Learning Technology Research Group Liverpool Hope University College.

Published byShanon Murphy Modified over 9 years ago

Similar presentations

Presentation on theme: "Teaching Security via Problem- based Learning Scenarios Chris Beaumont Senior Lecturer Learning Technology Research Group Liverpool Hope University College."— Presentation transcript:

1 Teaching Security via Problem- based Learning Scenarios Chris Beaumont Senior Lecturer Learning Technology Research Group Liverpool Hope University College beaumoc@hope.ac.uk

2 http://www.hope.ac.uk/ Agenda  What is PBL?  Why use PBL?  How did we use it?  Example  Issues  Success  Questions, comments … insults?

3 http://www.hope.ac.uk/ Problem-Based Learning (PBL) In teams, students are given a problem they don’t know how to solve. & they devise a strategy to solve it. In teams, students are given a problem they don’t know how to solve. & they devise a strategy to solve it.

4 http://www.hope.ac.uk/ Why PBL?  Starts where they are  Learning is relevant & effective  They learn what they need to solve the problem  Develop skills:  problem solving, critical analysis, team work, reasoning, reflection, manage uncertainty  Employability Motivational

5 http://www.hope.ac.uk/ PBL and security  PBL works best with ill-defined (messy) real-world problems that have a number of alternative solutions and are open ended.  Security provides a rich environment for such scenarios

6 http://www.hope.ac.uk/ How? - Example  Systems & network Security module  15 credit final year undergraduate module  2 hours per week PBL tutorial / Lab session  4/5 weeks in lab  Teams of 5 students  Coursework + Seen exam  Prior knowledge – LAN module

7 http://www.hope.ac.uk/ Learning Outcomes  Critically and systematically analyse the exposure to security threats of a networked computer system  Formulate a reasoned and appropriate plan to address the risks in a networked computer system  Use appropriate tools to implement aspects of security in a networked computer system

8 http://www.hope.ac.uk/ Key skills assessed  Problem-solving  Communication  Working with others  Improving own learning and performance

9 http://www.hope.ac.uk/ PBL Scenario  Ace Training Ltd – IT training company with head office Liverpool, Training centre: Manchester  Small 100BaseT LAN in each office (one server) + 802.11g in Liverpool for Laptops.  Restricted Internet access (mgt only). No internal email

10 http://www.hope.ac.uk/ PBL Scenario  Liverpool office:  Sales dept (11) use Sage Act! and MS Office.  Accounts Dept use Sage Line 50  Personnel data also stored.  Marketing dept use QuarkXPress

11 http://www.hope.ac.uk/ PBL Scenario  The board of directors has now decided to extend the network with the following requirements:  Email and internet access for all staff in Liverpool.  Host its own Web site in Liverpool (with a view to ultimately incorporating some form of e-commerce & on-line course booking).  Enable the Training Centre manager and administrators to access various company data on the Liverpool server

12 http://www.hope.ac.uk/ PBL Scenario The board are aware that they do not have the expertise to develop an ISMS and have called you in to help them. Your terms of reference are:  To perform a systematic risk assessment of the security threats to the company assets, and provide recommendations for risk treatment.  To design and present a proposal for a secure network architecture to meet the present requirements and construct a demonstration network to show proof of concept

13 http://www.hope.ac.uk/ Expected Clarification Issues  Eg:  Company Assets  Policies  Email requirements  Availability requirements  Network details (eg resilience features)  Laptop usage

14 http://www.hope.ac.uk/ Expected Learning Issues  What should an ISMS consist of?  Confidentiality, Availability, Integrity  BS 7799  Threats and Vulnerabilities  Risk Assessment & treatment  Legal Issues

15 http://www.hope.ac.uk/ Expected Learning Issues  IP subnetting and NAT  Security architecture/ technology  Firewalls, DMZ, IDS  Encryption  Authentication and Authorization  Secure transmission – VPN / SSL

16 http://www.hope.ac.uk/ Expected Learning Issues  Configuring Software for demonstration  CheckPoint  Win2k Routing  IIS

17 http://www.hope.ac.uk/ Resources  Set book  Panko (2004) Corporate Computer & Network Security  BS7799 parts 1 & 2  Internet resources  Lab session on routing and CheckPoint configuration  Seminar on subnetting

18 http://www.hope.ac.uk/ Deliverables (assessed)  Reports  Risk assessment  Proposed architecture / technologies used with justification and consideration of alternatives.  Demonstration network (5 PCs)  Individual research reports  Team Presentation

19 http://www.hope.ac.uk/ Lab resources  Each team has 5 hard disks/ caddies + 5 PCs with several NICs in each, connected to patch panel.  Team has two switches.  Hard disks pre-installed with Win2k Server, one has CheckPoint firewall.

20 Example solution for similar scenario - Firewall rules also provided

21 http://www.hope.ac.uk/ Typical team lab setup

22 http://www.hope.ac.uk/ Issues  Level of detail  Can be superficial - need to question thoroughly  Lab issues – configuration problems with routers/ CheckPoint

23 http://www.hope.ac.uk/ Successes  Team work  Motivation  Research-based solutions  Variation in solutions

24 http://www.hope.ac.uk/ The Secret of success?

Download ppt "Teaching Security via Problem- based Learning Scenarios Chris Beaumont Senior Lecturer Learning Technology Research Group Liverpool Hope University College."

Similar presentations

Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.

Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
Computer Security II Lecturer – Lynn Ackler – Office – CSC 222 – Office Hours 9:00 – 10:00 M,W Course – CS 457 – CS 557.

Computer Security II Lecturer – Lynn Ackler – Office – CSC 222 – Office Hours 9:00 – 10:00 M,W Course – CS 457 – CS 557.
Role of Vendor Technologies in the Development of Network Professionals Mak Sharma and Sharon Cox School of Computing, Telecommunications and Networks.

Role of Vendor Technologies in the Development of Network Professionals Mak Sharma and Sharon Cox School of Computing, Telecommunications and Networks.
HIPAA Security Standards What’s happening in your office?

HIPAA Security Standards What’s happening in your office?
Secure Computing Network

Secure Computing Network
1 Positive Learning Outcomes Through Problem-Based Learning Willie Yip Department of Computing.

1 Positive Learning Outcomes Through Problem-Based Learning Willie Yip Department of Computing.
Security Controls – What Works

Security Controls – What Works
Firewall Configuration Strategies

Firewall Configuration Strategies
August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.

August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
Group Presentation Design and Implementation of a company- wide networking & communication technologies strategy 9 th December 2003 Prepared By: …………

Group Presentation Design and Implementation of a company- wide networking & communication technologies strategy 9 th December 2003 Prepared By: …………
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Term Project Teams of ~3 students Pick a system (discuss choice with me)  Want simple functionality, security issues, whole system (e. g., client and.

Term Project Teams of ~3 students Pick a system (discuss choice with me)  Want simple functionality, security issues, whole system (e. g., client and.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard
Network and Systems Security Security Awareness, Risk Management, Policies and Network Architecture.

Network and Systems Security Security Awareness, Risk Management, Policies and Network Architecture.
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 10 – Implementing the Cisco Adaptive Security.

© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 10 – Implementing the Cisco Adaptive Security.
LINUX Security, Firewalls & Proxies. Course Title Introduction to LINUX Security Models Objectives To understand the concept of system security To understand.

LINUX Security, Firewalls & Proxies. Course Title Introduction to LINUX Security Models Objectives To understand the concept of system security To understand.
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

Similar presentations

Ads by Google