At the end of each semester I survey the students for their views on the educational journey. I ask students about their perceived level of understanding of information security principles both before and after the course. They have the chance to rave about assignments they like and rant about those they’d rather see in the scrap heap. I also ask the students to what degree they feel the material improves their hard skills and marketability. (Over 98% of students feel the course has a significant impact on their skills.)
Semester to semester, the overwhelming majority love the lab and they aren’t afraid to blast textbook assignments from the prerequisite information security course. Once they're in the lab password cracking is a perennial favorite. There’s something amazing about taking a garbled hash of characters and watching John the Ripper kick passwords out the other end.
While rewarding, students typically find the firewall section a meat grinder. Here students cut their teeth on the Cisco ASA5505. (These are much more affordable on our limited budget, use the same code base as their 5510-5550 series brothers, and leverage the Cisco CLI used in our networking course.) Metaphorically speaking, students seem to view it like a two week family vacation: They can’t wait till they get there but at the end of 14 days of config files, rule sets, and static routing, they can’t wait to leave. Oddly enough it seems a love-hate relationship: Many of the same students wonder why we don’t do a section on VPN technology using the ASA box.
The assessment also asks “Is there a topic you would like to have discussed and added to the course?” Last year a common refrain was wireless security and metasploit penetration testing. I didn’t make it to wireless but they got a taste of metasploit and the result is clear: John the Ripper has some competition. This semester metasploit was a component of the final exam but the tidal wave of feedback suggests I should dump honeypots in favor of more time spent with this pen-testing juggernaut.
So there it is, another semester gone. The INFO3660 course is like boot camp. As a drill sergeant you never feel the troops are ready for combat but you can't keep them forever; Sooner or later you have to send the cyber warriors into the thick of the battle.
No comments:
Post a Comment