DDoS attacks 2

Paraphrasing the following: Academic institutions all around the world are offering information security programs which include courses on both offensive and defensive concepts and techniques. However, with the rapid advance of the field of information security, students need to be able to experiment with new, emerging offensive techniques in order to be able to implement the appropriate, up-to-date security solutions. Doing this will protect the confidentiality, integrity, and availability of computer systems and assets more efficiently. In order for this to happen, instructors will need to continuously update their security courses to include recent material about emerging concepts, attack techniques, and security countermeasures. Generally, security education is provided through hands-on lab exercises about defensive techniques. Recently, offensive techniques that were originally developed by hackers are gaining widespread approval by academics [1-5]. These methods are central to better understanding the ways security systems may fail. Teaching students offensive skills, as opposed to defensive techniques, yields better security professionals [6-10]. Many academics and industry practitioners feel that the best way to prepare system defenses is to understand the attacks that the systems will face [11]. Defenders need to understand how attacks are designed and launched. Students with hacking skills will be better prepared to work as security administrators with better chances of landing jobs than students without these skills [12]. However, although existing countermeasures are efficiently mitigating threats and thwarting most old offensive techniques, the pool of threats that can be defended against continues to shrink as time passes. Courses that teach cyber security may not teach all the required information and skills for specialists to be able to defend against more recent attacks. This is mostly due to the instructors’ and institution’s hesitation to include the new material over concerns of fragmenting the course or providing information that students can misuse. In order to address the concern of using old and outdated resources to teach information security, this paper will discuss a case study with an emerging DDoS attack known as BlackNurse. The fundamental concepts of this attack will be mentioned, as well as hands-on lab activities on the generation and mitigation of the attack in an isolated lab environment. These activities are designed to accompany and compliment the material currently taught in the class through lectures and textbooks. In fact, the detailed experiments that have been conducted can be considered as a model example of how lab exercises regarding emerging attacks improve student performance and their skillset. The information presented in this paper offers instructors an idea of how they can easily update the content currently taught in their courses. This paper also offers more insight about emerging vulnerabilities in firewalls, which would provide new research perspectives and topics for graduate students and researchers.