Network and systems security, a collaborative approach

In recent years, computer and network security education has become a priority among employers, the government, colleges and universities. Another emerging priority among these institutions is collaborative working environments. Rochester Institute of Technology (RIT) is among the many universities and colleges developing and offering Computer and Network Security curriculum. However, we believe that our innovative approach to this new curriculum is unique because of the collaborative nature of the "ABC Defense Lab Project" recently implemented across course boundaries. The Information Technology Department offers a Bachelor of Science Degree in Applied Networking and Systems Administration (ANSA). Within this degree, the curricula is distinctly segmented between the two areas. The networking curriculum studies the infrastructure that ties all the systems together. Students learn about the protocols and technologies required to design, implement, troubleshoot and maintain a complete local area network. The systems administration curriculum studies what is happening "inside the box". Students once again learn about the design, implementation, troubleshooting and maintenance, but here the focus is on the servers and desktop systems required to run within a company.

Within the ANSA Bachelor of Science Degree Program, two courses are offered to undergraduate students: Computer Systems Security and Network Security. These courses serve to provide conceptual and practical instruction in the afore-mentioned areas.

The ABC Defense Lab Project was initially introduced in the Systems Administration Security course. Students were assigned membership in one of three teams: Team A, Team B or Team C. Ten to 15 students made up each of the three teams. Each team was provided with a set of equipment to configure, secure and eventually defend against attacks from the other two teams. Since this was a project within the Systems Administration Security course, the focus was on securing the systems and not the network.

As the Network Security course was first offered approximately one year after the initial offering of the Systems Administration Security course, a very similar project was assigned. However, the focus was of course on designing, building, securing, and defending the network infrastructure.

Although the project was successful in both courses, there were some drawbacks. Namely, the System Administration Security students still needed a network on which to run their systems and the Network Security students still needed systems on their network to be able to provide services. For the students in each course, this detracted from the task at hand; Systems Administration Security or Network Security, because they had to deal with the other side of the issue.

While these two courses were originally designed independently of one another, in the Spring Quarter of the 2003 academic year, Professors Sharon Mason and Daryl Johnson took a new approach to teaching this security curriculum. In this new approach students from each of the two classes worked together in one of three teams (Team A, Team B, or Team C) to design, implement and secure a network with computer systems offering services. The teams were then instructed to work with one another across course boundaries; Team A from the Systems Security class worked with Team A from the Network Security class, etc. In the end each of the teams defended their own network and systems while attempting to exploit security flaws in the other teams' network and systems. This is the first time in the ANSA Degree Program that such a project has been attempted at this scope and scale across course boundaries.

This paper explores the triumphs and breakdowns of this innovative collaborative class project. The successes and failures of both the students and the instructors are reviewed to provide insights as to the lessons learned from this experience.