From September to this week, I was privileged to teach an introductory class in computer science at Adelphi University (Garden City, New York). My objectives with this class were to take a group of computer science and management of information systems students who had not have any security classes and teach them the basics of computer security.

By the end of class, I wanted them to understand what the technological implications of computer security were, and I wanted them to be able to recognize certain attacks, as well as to know how to prevent and/or stop these attacks them from continuing.

This Tuesday, we had our final exam and the students did better than I had expected.



I did not set out to set a very hard final; I wanted to test 
knowledge and understanding of the topics that we covered in class.
Skill and ability were put to the test throughout the semester in a security
lab. The final mark consisted of 50% of the final result
and 50% of the lab results.


One of the questions that I asked was the following:


The chart below was recently recovered from a group of attackers allegedly working on behalf of the Chinese government. This chart is the first documented evidence that attacker-groups are systematically working their way around the Internet to compromise machines.

hackerchart1.jpg

 
List out the phases through with a typical computer attacks moves and relate one activity shown above to each phase. Briefly describe the goal of each phase and indicate a defensive action that belongs to that phase.

This question, while not very hard, brought together most of the elements that we covered: how does an attacker work, can you detect attacker activity and place it in context, and do you know how to prevent the activity from being successful. I was very glad to see that almost everyone got close to a full score on this question.

Hopefully, this indicate that my students, when they graduate and disappear into corporate America, have at least a very basic level of understanding of computer security attacks and are able to raise awareness on the topic. If this helped make the world a little better, I'm a very happy person.

If anyone interested in receiving the full exam, I'll be more than happy to share.