TY - GEN
T1 - Hands-on lab exercises implementation of DoS and MiM attacks using ARP cache poisoning
AU - Trabelsi, Zouheir
PY - 2011
Y1 - 2011
N2 - The field of academic security education today is dominated by defensive techniques. However, recently, offensive techniques which were originally developed by hackers, are gaining widespread approval. Many information security educators believe that teaching offensive methods yields better security professionals than teaching defensive techniques alone. In addition, every course in IT security should be accompanied by a basic discussion of legal implications and ethics. In this paper, we describe a case study of the implementation of comprehensive hands-on lab exercises that are essential to security education. The lab exercises are about how to perform Denial of Service (DoS) and Man-in-the-Middle (MiM) attacks using ARP (Address Resolution Protocol) cache poisoning. The available defense techniques for detecting and preventing malicious ARP cache poisoning activities are also presented. The consequence of offering offensive lab exercises is that the overall students performance improved; but a major ethical concern has been identified. That is, the number of injected malicious ARP packets in the university network, from the students'laptops, increases considerably each time the students experiment the attacks in an isolated network laboratory environment.
AB - The field of academic security education today is dominated by defensive techniques. However, recently, offensive techniques which were originally developed by hackers, are gaining widespread approval. Many information security educators believe that teaching offensive methods yields better security professionals than teaching defensive techniques alone. In addition, every course in IT security should be accompanied by a basic discussion of legal implications and ethics. In this paper, we describe a case study of the implementation of comprehensive hands-on lab exercises that are essential to security education. The lab exercises are about how to perform Denial of Service (DoS) and Man-in-the-Middle (MiM) attacks using ARP (Address Resolution Protocol) cache poisoning. The available defense techniques for detecting and preventing malicious ARP cache poisoning activities are also presented. The consequence of offering offensive lab exercises is that the overall students performance improved; but a major ethical concern has been identified. That is, the number of injected malicious ARP packets in the university network, from the students'laptops, increases considerably each time the students experiment the attacks in an isolated network laboratory environment.
KW - Arp cache poisoning
KW - Denial of service (DoS) attack
KW - Man-in-the-middle (MiM) attack
KW - Sniffer
UR - http://www.scopus.com/inward/record.url?scp=81455139621&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=81455139621&partnerID=8YFLogxK
U2 - 10.1145/2047456.2047468
DO - 10.1145/2047456.2047468
M3 - Conference contribution
AN - SCOPUS:81455139621
SN - 9781450308120
T3 - Proceedings of the 2011 Information Security Curriculum Development Conference, InfoSecCD'11
SP - 74
EP - 83
BT - Proceedings of the 2011 Information Security Curriculum Development Conference, InfoSecCD'11
T2 - 2011 Information Security Curriculum Development Conference, InfoSecCD'11
Y2 - 30 September 2011 through 1 October 2011
ER -