TY - GEN
T1 - Teaching DNS Spoofing Attack Using a Hands-on Cybersecurity Approach Based on Virtual Kali Linux Platform
AU - Trabelsi, Zouheir
AU - Parambil, Medha Mohan Ambali
AU - Qayyum, Tariq
AU - Alomar, Ban
N1 - Publisher Copyright:
© 2024 IEEE.
PY - 2024
Y1 - 2024
N2 - The realm of academic security education is primarily focused on defensive strategies. However, there's a growing acceptance of offensive techniques, initially crafted by hackers. Several educators in the field of information security believe that incorporating offensive strategies into the curriculum creates more adept security professionals than focusing solely on defensive methods. Students in information security courses must engage in offensive and defensive tactics to effectively handle malicious activities and devise suitable security measures. This paper presents a case study on executing an in-depth, practical cybersecurity laboratory exercise centered on a prevalent network attack, the DNS spoofing attack, which is vital for network security training. The primary educational goal of this hands-on lab exercise is to equip students with the skills to conduct a DNS spoofing attack within a controlled, virtual network environment using Kali Linux. The introduction of this offensive cybersecurity lab exercise resulted in enhanced student performance; however, it also raised significant ethical issues. Consequently, the paper outlines several measures that academic institutions should consider to mitigate the risks associated with teaching offensive strategies in information security education programs.
AB - The realm of academic security education is primarily focused on defensive strategies. However, there's a growing acceptance of offensive techniques, initially crafted by hackers. Several educators in the field of information security believe that incorporating offensive strategies into the curriculum creates more adept security professionals than focusing solely on defensive methods. Students in information security courses must engage in offensive and defensive tactics to effectively handle malicious activities and devise suitable security measures. This paper presents a case study on executing an in-depth, practical cybersecurity laboratory exercise centered on a prevalent network attack, the DNS spoofing attack, which is vital for network security training. The primary educational goal of this hands-on lab exercise is to equip students with the skills to conduct a DNS spoofing attack within a controlled, virtual network environment using Kali Linux. The introduction of this offensive cybersecurity lab exercise resulted in enhanced student performance; however, it also raised significant ethical issues. Consequently, the paper outlines several measures that academic institutions should consider to mitigate the risks associated with teaching offensive strategies in information security education programs.
KW - Cybersecurity education
KW - DNS spoofing attack
KW - Ethical hacking
KW - Virtual Kali Linux platform
UR - http://www.scopus.com/inward/record.url?scp=85199070557&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85199070557&partnerID=8YFLogxK
U2 - 10.1109/EDUCON60312.2024.10578851
DO - 10.1109/EDUCON60312.2024.10578851
M3 - Conference contribution
AN - SCOPUS:85199070557
T3 - IEEE Global Engineering Education Conference, EDUCON
BT - EDUCON 2024 - IEEE Global Engineering Education Conference, Proceedings
PB - IEEE Computer Society
T2 - 15th IEEE Global Engineering Education Conference, EDUCON 2024
Y2 - 8 May 2024 through 11 May 2024
ER -