Teaching Cybersecurity Using the Cloud

Cloud computing platforms can be highly attractive to conduct course assignments and empower students with valuable and indispensable hands-on experience. In particular, the cloud can offer teaching staff and students (whether local or remote) on-demand, elastic, dedicated, isolated, (virtually) unlimited, and easily configurable virtual machines. As such, employing cloud-based laboratories can have clear advantages over using classical ones, which impose major hindrances against fulfilling pedagogical objectives and do not scale well when the number of students and distant university campuses grows up. We show how the cloud paradigm can be leveraged to teach a cybersecurity course. Specifically, we share our experience when using cloud computing to teach a senior course on cybersecurity across two campuses via a virtual classroom equipped with live audio and video. Furthermore, based on this teaching experience, we propose guidelines that can be applied to teach similar computer science and engineering courses. We demonstrate how cloud-based laboratory exercises can greatly help students in acquiring crucial cybersecurity skills as well as cloud computing ones, which are in high demand nowadays. The cloud we used for this course was the Amazon Web Services (AWS) public cloud. However, our presented use cases and approaches are equally applicable to other available cloud platforms such as Rackspace and Google Compute Engine, among others

Exploring the Cloud: Vulnerabilities and Cybersecurity Challenges

Defending cloud platforms against cyberattacks is a critical aspect of modern cybersecurity. With the widespread adoption of cloud computing, organizations face new challenges in protecting their data and infrastructure from evolving threats. This article provides an overview of the strategies and techniques used to defend cloud platforms against cyberattacks. The article begins by highlighting the increasing reliance on cloud platforms and the potential risks associated with their use. It emphasizes the importance of robust security measures to protect sensitive data, applications, and resources stored in the cloud. The article then introduces the key techniques for defending cloud platforms, including strong access controls, encryption, secure configurations, regular patching, network segmentation, and logging and monitoring. The article further explores the significance of proactive monitoring and incident response planning in identifying and mitigating potential security incidents. It emphasizes the role of collaboration between organizations, government agencies, and cloud service providers in developing comprehensive defense strategies. The article also mentions the need for continuous training and skills development to stay ahead of emerging threats and effectively defend against cyberattacks. The article concludes by emphasizing the relevance of the topic in today's digital landscape, where cloud platforms play a pivotal role in driving innovation and enabling digital transformation. It underscores the necessity for organizations to adopt a multi-layered defense approach and stay updated with the latest security practices to protect their cloud environments from cyber threats

Evaluation of Cloud-Based Cyber Security System

Cloud-based cyber security systems leverage the power of cloud computing to protect digital assets from cyber threats. By utilizing remote servers and advanced algorithms, these systems provide real-time monitoring, threat detection, and incident response. They offer scalable solutions, enabling businesses to adapt to evolving threats and handle increasing data volumes. Cloud-based security systems provide benefits such as reduced infrastructure costs, continuous updates and patches, centralized management, and global threat intelligence. They protect against various attacks, including malware, phishing, DDoS, and unauthorized access. With their flexibility, reliability, and ease of deployment, cloud-based cyber security systems are becoming essential for organizations seeking robust protection in today's interconnected digital landscape. The research significance of cloud-based cyber security systems lies in their ability to address the growing complexity and scale of cyber threats in today's digital landscape. By leveraging cloud computing, these systems offer several key advantages for researchers and organizations: Scalability: Cloud-based systems can scale resources on-demand, allowing researchers to handle large volumes of data and analyze complex threat patterns effectively. Cost-efficiency: The cloud eliminates the need for extensive on-premises infrastructure, reducing costs associated with hardware, maintenance, and upgrades. Researchers can allocate resources based on their needs, optimizing cost-effectiveness. Real-time monitoring and threat detection: Cloud-based systems provide real-time monitoring of network traffic, enabling quick identification of suspicious activities and potential threats. Researchers can leverage advanced analytics and machine learning algorithms to enhance threat detection capabilities. Collaboration and knowledge sharing: Cloud platforms facilitate collaboration among researchers and organizations by enabling the sharing of threat intelligence, best practices, and research findings. Compliance and regulatory requirements: Cloud platforms often offer built-in compliance features and tools to meet regulatory requirements, assisting researchers in adhering to data protection and privacy standards. Overall, the research significance of cloud-based cyber security systems lies in their ability to provide scalable, cost-effective, and advanced security capabilities, empowering researchers to mitigate evolving cyber threats and protect sensitive data and systems effectively. We will be using Weighted Product Methodology (WPM) which is a decision-making technique that assigns weights to various criteria and ranks alternatives based on their weighted scores. It involves multiplying the ratings of each criterion by their corresponding weights and summing them up to determine the overall score. This method helps prioritize options and make informed decisions in complex situations. Taken of Operational, Technological, Organizational Recorded Electronic Delivery, Recorded Electronic Deliver, Blockchain technology, Database security, Software updates, Antivirus and antimalware The Organizational cyber security measures comes in last place, while Technological cyber security measures is ranked top and Operational measures comes in between the above two in second place. In conclusion, a cloud-based cyber security system revolutionizes the way organizations safeguard their digital assets. By utilizing remote servers, advanced algorithms, and real-time monitoring, it offers scalable and robust protection against evolving threats. With features like threat detection, data encryption, and centralized management, it ensures enhanced security, agility, and efficiency. Embracing a cloud-based approach empowers organizations to stay ahead in the ever-changing landscape of cyber security, effectively safeguarding their critical data and infrastructure

A Flexible Laboratory Environment Supporting Honeypot Deployment for Teaching Real-World Cybersecurity Skills

In the practical study of cybersecurity, students benefit greatly from having full control of physical equipment and services. However, this presents far too great a risk to security to be permitted on university campus networks. This paper describes an approach, used successfully at Northumbria University, in which students have control of an off-campus network laboratory, with a dedicated connection to the Internet. The laboratory is flexible enough to allow the teaching of general purpose networking and operating systems courses, while also supporting the teaching of cybersecurity through the safe integration of honeypot devices. In addition, the paper gives an analysis of honeypot architectures and presents two in detail. One of these offers students the opportunity to study cybersecurity attacks and defences at very low cost. It has been developed as a stand-alone device that also can be integrated safely into the laboratory environment for the study of more complex scenarios. The main contributions of this paper are the design and implementation of: an off-campus, physical network laboratory; a small, low-cost, configurable platform for use as a “lightweight” honeypot; and a laboratory-based, multi-user honeypot for large-scale, concurrent, cybersecurity experiments. The paper outlines how the laboratory environment has been successfully deployed within a university setting to support the teaching and learning of cybersecurity. It highlights the type of experiments and projects that have been supported and can be supported in the future

Teaching About the Dark Web in Criminal Justice or Related Programs at The Community College and University Levels.

Increasingly, criminal justice practitioners have been called on to help solve breaches in cyber security. However, while the demand for criminal justice participation in cyber investigations increases daily, most universities are lagging in their educational and training opportunities for students entering the criminal justice fields. This article discusses the need to incorporate courses discussing the Dark Web in criminal justice. A review of existing cyber-criminal justice programs in Texas and nationally suggests that most community colleges and 4-year universities have yet to develop courses/programs in understanding and investigating the Dark Web on the internet. The Dark Web serves as the new “Criminal Underground” for illegal activity and needs to be understood. This research outlines the need for criminal justice programs to teach courses in the Dark Web and offer course recommendations. Recommended syllabi material for Dark Web courses in criminal justice, and recommendations for development of these programs are included

Educación durante la pandemia COVID-19. Uso de la tecnología en la nube: Jamboard

La enseñanza a distancia durante la pandemia Covid-19 es una situación retadora tanto para el docente como para el estudiante, ya que ambos necesitan adaptarse al aprendizaje remoto; sin embargo, a pesar del esfuerzo realizado por el docente, los resultados de participación del estudiante no siempre son los esperados. Al respecto, esta investigación aplicó la herramienta Jamboard, la cual permite que los estudiantes participen en tiempo real durante el desarrollo de la clase, con la constante observación del docente. Objetivo. conocer los niveles de satisfacción de los estudiantes ante el uso del Jamboard. Materiales y métodos. El enfoque de la investigación fue cuantitativo, descriptivo de corte transversal. Se usó la técnica de la encuesta y el instrumento fue el cuestionario de satisfacción de la herramienta Jamboard que se aplicó a 162 estudiantes de una universidad privada de la ciudad de Lima, Perú, del año 2020. Resultados. los estudiantes mejoraron bastante la motivación y el interés en el curso, además se encontraron muy satisfechos con la herramienta Jamboard. Conclusión. Se recomienda utilizar Jamboard para lograr una participación activa en la educación a distancia.Campus At

Teaching and Learning IoT Cybersecurity and Vulnerability Assessment with Shodan through Practical Use Cases

[Abstract] Shodan is a search engine for exploring the Internet and thus finding connected devices. Its main use is to provide a tool for cybersecurity researchers and developers to detect vulnerable Internet-connected devices without scanning them directly. Due to its features, Shodan can be used for performing cybersecurity audits on Internet of Things (IoT) systems and devices used in applications that require to be connected to the Internet. The tool allows for detecting IoT device vulnerabilities that are related to two common cybersecurity problems in IoT: the implementation of weak security mechanisms and the lack of a proper security configuration. To tackle these issues, this article describes how Shodan can be used to perform audits and thus detect potential IoT-device vulnerabilities. For such a purpose, a use case-based methodology is proposed to teach students and users to carry out such audits and then make more secure the detected exploitable IoT devices. Moreover, this work details how to automate IoT-device vulnerability assessments through Shodan scripts. Thus, this article provides an introductory practical guide to IoT cybersecurity assessment and exploitation with Shodan.This work has been funded by the Xunta de Galicia (ED431G2019/01), the Agencia Estatal de Investigación of Spain (TEC2016-75067-C4-1-R, RED2018-102668-T, PID2019-104958RB-C42) and ERDF funds of the EU (AEI/FEDER, UE)Xunta de Galicia; ED431G2019/0

Portafolios Docentes de Programación en la Nube para la Evaluación de Competencias [Programming Portfolios in the Cloud for Skills Assessment]

Este trabajo presenta una plataforma web para la generación de Portafolios Docentes de Programación Software (PDPs) en la nube y la extracción automática de métricas de los PDPs generados para evaluar competencias, tanto las relacionadas específicamente con la programación de software (p. ej. Desarrollar software de calidad, Dominar el paradigma orientado a objetos), como las competencias genéricas (p. ej. Capacidad de análisis y resolución de problemas, Creatividad). La plataforma ofrece a los profesores un interfaz web para personalizar (número de alumnos, herramientas, practicas docentes, etc.) un Entorno Virtual Computacional (EVC), que es desplegado en la nube proporcionando un entorno integrado de todas herramientas necesarias para que el alumno genere un PDP y el profesor extraiga de forma automatizada las métricas para la evaluación de competencias específicas y transversales. La plataforma se encarga de aprovisionar los recursos de cómputo y almacenamiento además de la configuración para la puesta en marcha del EVC a través de proveedores Cloud (públicos o privados). Finalmente, se presenta un estudio de los tiempos de despliegue de EVCs sobre el proveedor cloud publico Amazon Web Services, demostrando que la plataforma abstrae de toda la complejidad de configuración e integración de las herramientas requeridas en un tiempo razonable. [This work presents a web platform to generate a Teaching Portfolio of software Programming (TPP) on the cloud, and the extraction of metrics of the generated TPP for assessing competences, both related to programming skills (e.g. Mastering the Object-Oriented Paradigm) as generic competences (e.g. Capacity of analysis and resolution of problems, Creativity). The platform provides the teachers with a web interface to customize (in terms of number of students, tools, lab sessions, etc…) a Computational Virtual Environment (CVE), which is deployed on the cloud providing an integrated environment composed of all required tools for the student to generate a TPP and the teacher to automatically extract the metrics for assessing both specific and soft skills. The platform is responsible for provisioning computational and storage resources, and also the configuration for starting up of the EVC on cloud providers (public or private). Finally, the paper presents study of the time required to deploy such CVEs in the Amazon Web Services public cloud provider, demonstrating that the platform abstracts the configuration complexity and integration of the required tools in a reasonable time.

Use Case Based Blended Teaching of IIoT Cybersecurity in the Industry 4.0 Era

[Abstract] Industry 4.0 and Industrial Internet of Things (IIoT) are paradigms that are driving current industrial revolution by connecting to the Internet industrial machinery, management tools or products so as to control and gather data about them. The problem is that many IIoT/Industry 4.0 devices have been connected to the Internet without considering the implementation of proper security measures, thus existing many examples of misconfigured or weakly protected devices. Securing such systems requires very specific skills, which, unfortunately, are not taught extensively in engineering schools. This article details how Industry 4.0 and IIoT cybersecurity can be learned through practical use cases, making use of a methodology that allows for carrying out audits to students that have no previous experience in IIoT or industrial cybersecurity. The described teaching approach is blended and has been imparted at the University of A Coruña (Spain) during the last years, even during the first semester of 2020, when the university was closed due to the COVID-19 pandemic lockdown. Such an approach is supported by online tools like Shodan, which ease the detection of vulnerable IIoT devices. The feedback results provided by the students show that they consider useful the proposed methodology, which allowed them to find that 13% of the IIoT/Industry 4.0 systems they analyzed could be accessed really easily. In addition, the obtained teaching results indicate that the established course learning outcomes are accomplished. Therefore, this article provides useful guidelines for teaching industrial cybersecurity and thus train the next generation of security researchers and developers.This work has been funded by the Xunta de Galicia (ED431G 2019/01), the Agencia Estatal de Investigación of Spain (TEC2016-75067-C4-1-R, RED2018-102668-T, PID2019-104958RB-C42) and ERDF funds of the EU (AEI/FEDER, UE)Xunta de Galicia; ED431G 2019/0

Campus inteligente : tendências em cibersegurança e desenvolvimento futuro

1 recurso en línea (páginas 93-101).Smart Campus is an entity of any kind that uses technology and infrastructure to support and improve its processes, so people can use them better. This paper reviews the literature to contextualize the Internet of Things and its vital importance for the Smart Campus, as well as its relationship with the concepts of cybersecurity and wireless sensor network. We describe the various interrelationships, tendencies, and future development of a Smart Campus, as well as the differences and similarities with the emerging concept of Smart University. This review revealed that the Internet of Things is involved in all fields and can influence and improve the university’s processes to contribute to decision-making, technological development, and academic learning. To conclude, Smart University focuses on improving the infrastructure of universities through technology, with the main purpose of enhancing the quality of the education provided by institutions.Um Smart Campus é uma entidade de qualquer tipo que utiliza a tecnologia para apoiar sua infraestrutura e seus processos, com o fim de melhorá-los para o uso das pessoas. O propósito deste trabalho é apresentar uma revisão de literatura, onde contextualiza-se a internet das coisas e sua vital importância para o Smart Campus e sua relação com os conceitos de cibersegurança e rede sem fio de sensores. Apresentam-se as diferentes interrelações,tendências e desenvolvimento futuro do Smart Campus, assim como as diferenças e semelhanças com o conceito emergente de Smart University. Esta revisão revelou que a Internet das coisas se envolveu em todos os campos e pode influir nos processos de uma universidade para melhorá-los, ajudar na tomada de decisões e apoiar a aprendizagem acadêmica e o desenvolvimento tecnológico. Conclui-se que Smart University não se limita a melhorar a infraestrutura das universidades através da tecnologia, pois seu fim principal é melhorar a qualidade da educação ministrada pelas instituições.Un Smart Campus es una entidad de cualquier tipo que utiliza la tecnología para apoyar su infraestructura y sus procesos, con el fin de mejorarlos para el uso de las personas. El propósito de este trabajo es presentar una revisión de literatura, en donde se contextualiza el internet de las cosas y su vital importancia para el Smart Campus y su relación con los conceptos de ciberseguridad y red inalámbrica de sensores. Se presentan las diferentes interrelaciones, tendencias y desarrollo futuro del Smart Campus, así como las diferencias y similitudes con el concepto emergente de Smart University. Esta revisión reveló que el Internet de las cosas se involucra en todos los campos y puede influir en los procesos de una universidad para mejorarlos, ayudar en la toma de decisiones y apoyar el aprendizaje académico y el desarrollo tecnológico. Se concluye que Smart University no se queda en mejorar la infraestructura de las universidades a través de la tecnología, pues su fin principal es mejorar la calidad de la educación impartida por las instituciones.Bibliografía: páginas 99-101