tutorial (ET) "Vulnerability and Protection Methods in the Global Internet. Network" in ... into the following categories depending on their places of access to the .... database management systems; computer viruses; programming languages. 3.
On the Experience of Creating the Electronic Tutorial "Vulnerability and Protection Methods in the Global Internet Network" in Moscow State Engineering Physics Institute for Education of IT-Security Professionals
N. Miloslavskaia and A. Tolstoi Moscow State Engineering Physics Institute (Technical University), Information Security Faculty, Russia
Key words:
Electronic tutorial, education of professionals, Internet, distance learning
Abstract:
The paper examines the experience and first results of creating the electronic tutorial (ET) "Vulnerability and Protection Methods in the Global Internet Network" in Moscow State Engineering Physics Institute (Technical University) (MEPhI) for education of IT-Security professionals. It outlines ET components, course structure, training mechanism, and difficulties of ET realization. The main tasks of creating this electronic tutorial are to help the teachers to represent their professional knowledge in new electronic manner, which would equip them with the necessary IT skills and high quality teaching material; to apply computer-assisted and Internet-assisted teaching and learning across the curriculum; to place the students in an environment where they can use creatively this technology as part of their daily activities for selfeducation with careful control of material understanding on all stages of learning; to give state-of-the-art information on the subject at the expense of using hypertext links to Web sites with the newest documents, demo versions of the latest software tools and functional descriptions of hardware products. This paper will be of interest to the teachers and IT-Security professionals. The application of advanced information and communications technologies to learning not only addresses the immediate need for educational support but also ensures that new security professionals include new concepts and knowledge in their professional practice and encourages current practitioners towards such practice.
1
2
1.
N. Miloslavskaia and A. Tolstoi
INTRODUCTION
Higher education is undergoing structural changes in terms of not only student populations, but of learning paradigms and curricula. The student becomes an active participant in the classes. Advances in computer networking and digital technologies are making virtual classrooms and web technology an effective environment for active learning. In 1998 in MEPhI at the department "Information Protection" of the faculty "Information security" we begin to develop electronic tutorial for the students. In 1997 the framework for it in the form of the educational course "Vulnerability and Protection Methods in the Global Internet Network" was developed and tested on the students and post-graduate students. The necessity of preparing this course has been caused by a wide spread and acquisition of the global Internet network. According to expert organizations estimations in 1998 Internet, uniting more than 320 mln documents and 115 mln every-day users, consists of about 45 mln domains (hosts are active computers with unique Internet-addresses). This process can be seen not only on the international scale but also in Russia. According to the Russian Public Center of Internet Technologies about 180,000 hosts there were registered in our country to the beginning of 1999. It is possible to find more than 26,000 information resources in the Internet in Russian language; these are various Web-sites, pages, servers, and independent thematic sections. About 1,500,000 of Russian Internet users can be divided into the following categories depending on their places of access to the network. 250,000 users have got the right of access to the Internet in private usage. About 500,000 users have access to the Internet from private networks; about 600,000 users - from educational and academic networks. The range of Internet users is very wide — beginning from specialists without training in the field of information technologies and home-computer users up to experts in the field of computer networks and network technologies. In this connection we witness an ever-increasing interest of various groups of users in the services offered by Internet and the skills of correct and safe work within Internet. The aims Internet users pursue also vary a lot — from the harmless search for information about work, hobbies, tourism, weather and etc. and copying of graphic, audio and video and software (free or in evaluation copies) to the intrusion into computers and networks with Internet access for the purpose of stealing information of different degrees of confidentiality and the start of the destructive software and network viruses. It is the bad intentions of a certain category of users, the vicious persons, that make the organizations concerned with information security work out, improve and offer to customers free-of-charge or on a commercial basis specialized tools for protection, warning and detection of
On the Experience of Creating the Electronic Tutorial "Vulnerability and Protection Methods in the Global Internet Network" in Moscow State Engineering Physics Institute for Education of IT-Security Professionals
3
the attacks from Internet. These tools vary very much in so far as their application and methods of use are concerned, therefore network and security managers are especially in need of systematic knowledge of all the possible modern methods and ways of protection from non-authorized access to their networks. In the connection with the ever-growing needs of students, post-graduate students and teachers for familiarizing themselves with the collected material at the "Information Protection" department there has been developed an educational course (EC) on the subject "Vulnerability and Protection Methods in the Global Internet Network". The EC is meant for those familiar with network technologies foundations and Internet users, system and security managers. The illustrative material (IM) to this course is realized in Windows environment with the help of Microsoft PowerPoint 97 and comprises a slideshow of about 400 units. The files with IM are on the department intranet server, which is accessible to the teacher during the classes and to the students during their independent work. File-recording requires 12 Mb hard disc and their demonstration not less than 24 Kb RAM. The further development of the created IM was aimed at its improvement. The slides were supplemented by the information in a hypertext forms for its further examination by means of any Web browser (Netscape Navigator, Microsoft Internet Explorer etc.) with a possibility of Internet access to Web-sites through the pointed hypertexts references on slides [1, 2]. The difficulty of designing and developing more useable and costeffective intelligent tutoring systems has caused the realization of some new approaches in that field, the realization of intelligent tutoring shells. We also follow this way. The lecture material and teacher's experience in working with audience became the basis for the development of new learning tool for the students. We create new information technology (IT) education strategy to promote the use of IT to enhance teaching and learning with a new type of information presentation – some kind of electronic tutorial (ET).
2.
MAIN TASKS OF CREATING ET
The main tasks of creating this ET are:
4
N. Miloslavskaia and A. Tolstoi
1. to help the teachers to represent their professional knowledge in new electronic manner, which would equip them with the necessary IT skills and high quality teaching material; 2. to apply computer- and Internet-assisted teaching and learning across the curriculum; 3. to place the students in an environment where they can use creatively this technology as a part of their daily activities for self-education with careful control of material understanding (in the form of various tests and questionnaires) on all stages of learning — students in this environment actively construct their own knowledge, because of their own order of learning; 4. to give state-of-the-art information on the subject at the expense of using hypertext links to Web-sites with the newest documents, demoversions of the latest software tools, and functional descriptions of hardware products. As a result of this course, the students should be able to: 1. apply methods for traffic network and network security monitoring; 2. apply methods for intrusion detection; 3. apply and develop their own methods, strategies, and tools for network security support; 4. evaluate the quality of services and products offered on the Internet; 5. do research on Web; 6. use e-mail and newsgroups. Requirements for students knowledge before they will gain access for the work with ET: Internet-protocols; Internet-services; fundamentals of network security and protection technologies; network operational systems; database management systems; computer viruses; programming languages.
3.
MAIN ET COMPONENTS
Main ET components are the following: 1. The Learning engine for steering, control and coordination of all the components of ET. 2. The Knowledge Base with learning objectives and contents. This Base is normally dynamic, but kernel learning contents of the main part are static and contain the fundamentals of public network security. Due to Internet links state-of-the-art and updating of information can be achieved.
On the Experience of Creating the Electronic Tutorial "Vulnerability and Protection Methods in the Global Internet Network" in Moscow State Engineering Physics Institute for Education of IT-Security Professionals
3.
4. 5. 6. 7.
4.
5
Contents are linked by different relationships and structured depending on the characteristics of the learning objectives. Chosen form of Knowledge Representation is frames. The Methods Base contains different didactical methods and concepts. The developers of ET apply these concepts to teach different kinds of learning contents and to adapt methods corresponding to users characteristics (for example, the level of their preliminary skills) and content. The Presentation Component allows the generation and presentation of learning contents in different ways: text, hypertext applications, and multimedia objects including audio, video, and graphical elements. The Communication Component contains methods of communications and their technical realization. Communication between student, teacher, and system are coordinated in different ways. The User Model contains the user’s attributes, characteristics and knowledge. The Evaluation Component provides student with tests to evaluate his Learning Process.
ET USE
The main tools for realization of ET are Javascript and HTML 3.2. ET can be used in the form of the autonomous educational CD-ROM (off-line education) or as a separate unit of intranet file-server (on-line education). The students and teachers can take user manual with instructions how to work with CD-ROM or file-server. ET can be integrated in educational curriculum of any institute or university or it can have access to another open systems — another networks. That is why we foresee three possible ways of our ET use with some variations and as a result with different system requirements: 1. at home PC as autonomous module (in this case ET is the autonomous CD-ROM); 2. at the classes with the access to the faculty intranet and all its information resources (for example, data bases, software, libraries, etc.) a) with a teacher or b) without a teacher;
6
N. Miloslavskaia and A. Tolstoi
3. at the classes with the access a) to the faculty intranet and all its information resources, and b) to another open systems and global Internet network c) with a teacher or d) without a teacher. In the cases 2 and 3 ET can be used as CD-ROM or as a separate unit of intranet file-server. Thus the course may be supported by a course web-site, which can be used for information exchange and relevant communication (between students, students and teacher, etc.). We can also outline not only different system requirements for ET use, but what is more significant for educational process — different methodological approaches, concerned with interaction between a student and a teacher, access to various network resources, deepness and order of information learning, etc.
5.
COURSE STRUCTURE
Courseware consists of a set of WWW pages and tools with a consistent layout template and uniform design metaphors that define a customised virtual learning environment. The course learning environment allows users to easy navigate and communicate. There are two main parts of the course: 1. introductory part – describing the overall course structure and learning methodology; 2. study part – providing resource materials and supporting learning according to the model chosen. The introductory part includes: a) the course home page; b) introduction to the course; c) course outline; d) course micro-planning; e) user registration and authorization (in the case of successful passing of preliminary user evaluation); f) preliminary user knowledge evaluation (which effects on automatic choice of corresponding learning methodology and in general access or non-access to the work with ET) and statistics; g) course demo; h) detailed student marks report generation for a teacher (separately for all paragraphs and chapters, with user response time for each test and
On the Experience of Creating the Electronic Tutorial "Vulnerability and Protection Methods in the Global Internet Network" in Moscow State Engineering Physics Institute for Education of IT-Security Professionals
7
question, further recommendations for the students to return again to some information etc.). We want to stress the necessity of student registration before working with ET – it will help: – teachers to get information about concrete student successes in material learning by browsing so called test results files, which are characterized as once-write and non-modified by the students; – students in the case of second entry to the system to begin not from the basis (if they have passed with good examination results) but from that point, where he or she have stopped previous time or have shown not good material understanding. The study part consists of the course units containing the following sections: 1. 2. 3. 4. 5.
lecture notes, tests and questions, case studies, glossary, Internet and literature resource bank.
The learning activities are designed according to the specific course objectives. This part content is divided in four main units: 1. Introduction: a) brief discussion of principles, which lie in the foundation of Internet creation and influence on network and PC security; b) main users of Internet and their goals in securing their information; c) particular examples of intrusions and some statistics on threats within a network; d) intruders classifications and the main causes of network intrusion; e) intrusion classification and typical schemes of attacks; f) classical and modern methods of intrusions. 2. Weaknesses and vulnerabilities, which are used in Internet for nonauthorized access to information, arising from LAN-Internet connected network: a) weaknesses and vulnerabilities of protocols, system utilities, commands and information services;
8
N. Miloslavskaia and A. Tolstoi
b) particular examples of the intrusion on the basis of weaknesses in UNIX and Windows NT and programming errors; c) network viruses attacks. 3. Security tools, which are used for protecting LAN-Internet connected network: a) some conceptual approaches for LAN and interLAN security; b) users security policies and means of their realization; c) security levels in Internet; d) choice of safe network topology; e) possible software-hardware protection tools for each type of attacks; f) bases of client/server architecture protection in all tree aspects — client and server parts and communication links; g) database management system and network operational system protection; h) hosts protection by the means of firewalls, password and message encryption; i) monitoring tools and network verification with the aim of discovering of weak points; j) electronic data exchange protection; 4. Conclusion: a) attack features; b) recommendations on main security measures; c) list of security tools which must be installed in LANs or PCs with Internet access; d) some useful Web-addresses for getting additional information on the subject.
6.
TRAINING MECHANISM
Training mechanism have chosen by the authors is Web-based mechanism (with hypertext links to different types of information), which typically offer static training and low cost delivery. Hypertext links are created to link to relevant sections within and outside the document files, and also to the appropriate URLs in the Internet world. The Web is an attractive medium for delivering courseware for a number of reasons [3]: – Web browsers are simple to use and widely available; – Web pages can contain any kind of computer-based information including multimedia content (images, audio, video, etc.); – Web pages can allow interaction through forms or executable content such as Java;
On the Experience of Creating the Electronic Tutorial "Vulnerability and Protection Methods in the Global Internet Network" in Moscow State Engineering Physics Institute for Education of IT-Security Professionals
9
– Web pages can be created using Hypertext Markup Language (HTML) which is relatively easy to learn or through the use of authoring tools. The main principles of Internet use in the courseware are [4]: 1. use of search engines and databases for deeper research on the most important themes; 2. use FTP for downloading files and latest software versions; 3. use e-mail for communication with peers, experts and teacher; 4. use of lists and discussion and newsgroups; 5. compose their own address book with Web-sites, where they can find news about new security strategies and standards, surveys of famous research organizations, information from different hackers and other intruders societies.
7.
DIFFICULTIES OF ET REALIZATION
The main difficulties, with which we have come across during ET realization, are concerned with designing of the tests and questions. The main aims of ET tests are: 1. to control student material understanding; 2. to apply new knowledge and skills to develop new network security strategies, to find and eliminate network vulnerabilities, to make conclusions about advantages and disadvantages of some security tools. In case 1 we use in ET two types of tests with answer choice: – between "yes" or "no"; – from some substantial sentences (2, 3 or maybe more). Thus ET in this case has form of so called "simple tutorial". In case 2 the students must use learned commands, write programs and analytical reports. The verification of correctness of their answers requires using methods of artificial intelligence [5]. These tests now are under construction because of their complexity. In this case we call ET "tutorialpracticum" or "practice tutorial". In order to have detailed picture of student knowledge tests are created for all course units — paragraphs, chapters and courseware as a whole.
10
N. Miloslavskaia and A. Tolstoi
Tests can be either be input in dialogue with the browser or prepared in a text file with special syntax and imported. Response time to an answer we consider to be very important factor in making conclusion about material acquisition. If a student did not answer in limited period of time the system regards this test as having no answer. Number of tries for the students can also be limited. Results of student answers in the form of protected from modification files are stored in special database. Correct answers and typical mistakes are also included in this database. So we can gather statistics of student understanding degree of the courseware. This permits us to make corresponding changes in it with the aim to simplify or vise versa deepening the explanation of some information. After testing student or teacher can take immediately detailed or short report of chosen from menu type with special recommendations to return to definite chapters and paragraphs or confirmation of successful passing through tests.
8.
CONCLUSION
Thus, the fundamental basis for application of the described above ET will be created within a system of distance learning [6, 7], which is now being introduced in Russia. The importance of distance learning is discussed today in the framework of global computer networks and the ideas of equal educational opportunities for all, whether they belong to minority cultures or live in small rural communities. There have been interesting experiments in distance education on all levels from primary school to university education. In our case ET can be run on the remote computer (for example, from home PC of a student via modem with access to faculty intranet) as all of the network resources to which a network administrator open access for authorized network users. Learning appears flexible, individual and need oriented. The students can work independent from time and space at their own learning speed. The concept of the distance learning courseware implies the two possibilities to work in the materials — online or offline. The online learning offers several advantages: the students can directly access the additional elements such as the library, so that they can search for further literature out of the actual learning situation. In case of an arising question a student can have a look in the newsgroup or in the frequently asked questions to find an answer to his problem or to send e-mail for a teacher. But this online form of learning implies transmission costs all the time, which is hardly acceptable for a student. A solution to minimize these online costs is offline learning.
On the Experience of Creating the Electronic Tutorial "Vulnerability and Protection Methods in the Global Internet Network" in Moscow State Engineering Physics Institute for Education of IT-Security Professionals
11
The students can download learning units on their home PC in form of compressed packages. This requires only short transmission duration and afterwards the course material is available all the time the student needs it. He does not have to connect to a faculty network again if he wants to repeat his subject matter. The learning process itself then takes place offline (with courseware CD-ROM). In this way the transmission costs for the students are reduced considerably. Further developing of described ET we see in the way of making its use more flexible and creative for students and more mature in practical testing of student knowledge for teachers.
REFERENCES 1. Arnold, M. Using the Web to Augment Teaching and Learning, in: Kevill, R., Oliver, R., Phillips, R., Proceedings of ASCILITE’97, December 8-10, 1997, pp. 37-41. 2. Dyrli, O. The Internet: Bringing Global Resources to the Classroom, Technology and Learning, 1993, vol. 14/2, pp. 50-57. 3. Brooks, D.W. Web-Teaching: A Guide to Designing Interactive Teaching for the World Wide Web, London, Plenum Press, 1997. 4. Collis, B. The Internet as Educational Innovation: Lessons from Experience with Computer Implementation, in: Education Technology. Bd. 36 (1996). 5. Moore, M.G., Kearsley, G. Distance Education. A System View, Belmont, CA, 1996. 6. Self, J., Theoretical Foundations for Intelligent Tutoring Systems. Journal of Artificial Intelligence in Education, 1990, 1(4), pp. 3-14. 7. Uskov, V., Organizational, Technological, and Financial Aspects of Distance Learning, Proceedings of the XV IFIP World Computer Congress, 31 August – 4 September 1998. Teleteaching’98. Part II, pp. 1023-1033.
