New Curriculum Approach in Teaching Network Security Subjects for ICT Courses in Malaysia

This paper discusses a curriculum approach that will give emphasis on practical portions of teaching network security subjects in information and communication technology courses. As we are well aware, the need to use a practice and application oriented approach in education is paramount. Research on active learning and cooperative groups have shown that students grasps more and have more tendency towards obtaining and realizing soft skills like leadership, communication and team work as opposed to the more traditional theory and exam based teaching and learning. While this teaching and learning paradigm is relatively new in Malaysia, it has been practiced widely in the West. This paper examines a certain approach whereby students learning wireless security are divided into and work in small and manageable groups where there will be 2 teams which consist of black hat and white hat teams. The former will try to find and expose vulnerabilities in a wireless network while the latter will try their best to prevent such attacks on their wireless networks using hardware, software, design and enforcement of security policy and etc. This paper will try to show that the approach taken plus the use of relevant and up to date software and hardware and with suitable environment setting will hopefully expose students to a more fruitful outcome in terms of understanding of concepts, theories and their motivation to learn.

Authors:

• Mohd Fairuz Iskandar Othman
• Nazrulazhar Bahaman
• Zulkiflee Muslim
• Faizal Abdollah

Keywords:

• Curriculum approach
• wireless networks
• wirelesssecurity.

References:

[1] D. T. Tohmatsu, "2007 Global Security Survey," Deloitte Touche
Tohmatsu 2007.
[2] W. Yurcik and D. Doss, "Different approaches in the teaching of
Information Systems Security," in Information Systems Education
Conference (ISECON) Cincinnati, Ohio, 2001.
[3] I. Hassan, M. R. Ayob, M. Sulaiman, A. S. Md Tahir, and M. R. Nordin,
Practice and Application Oriented Education in KUTKM: Penerbit
Universiti, Kolej Universiti Teknikal Malaysia Melaka, 2005.
[4] J. M. D. Hill, C. A. Carver Jr., J. W. Humphries, and U. W. Pooch,
"Using an isolated network laboratory to teach advanced networks and
security," SIGCSE Bull., vol. 33, pp. 36-40, 2001.
[5] S. Lindskog, U. Lindqvist, and E. Johnsson, "IT Security research and
education in synergy," in 1st World Conference on Information Security
Education Stockholm, Sweden, 1999.
[6] B. Hartpence, "Teaching wireless security for results," in Proceedings of
the 6th Conference on Information Technology Education Newark, NJ,
USA: ACM, 2005.
[7] W. I. Bullers, S. Burd, and A. F. Seazzu, "Virtual machines - An idea
whose time has returned: Application to network, security, and database
courses," in Proceedings of the 37th SIGCSE Technical Symposium on
Computer Science Education Houston, Texas, USA: ACM, 2006.
[8] H. J. Mattord and M. E. Whitman, "Planning, building and operating the
information security and assurance laboratory," in Proceedings of the 1st
annual Conference on Information Security Curriculum Development
Kennesaw, Georgia: ACM, 2004.
[9] IPPTN, "Masalah pengangguran di kalangan siswazah," National Higher
Education Research Institute (IPPTN), 2003, p. 10.
[10] IPPTN, "University curriculum: An evaluation on preparing graduates
for employment," National Higher Education Research Institute
(IPPTN), 2004, p. 22.
[11] P. Y. Logan and A. Clarkson, "Teaching students to hack: Curriculum
issues in information security," in Proceedings of the 36th SIGCSE
Technical Symposium on Computer Science Education St. Louis,
Missouri, USA: ACM, 2005.
[12] B. Pashel, A., "Teaching students to hack: Ethical implications in
teaching students to hack at the university level," in Proceedings of the
3rd annual Conference on Information Security Curriculum
Development Kennesaw, Georgia: ACM, 2006.
[13] M. E. Whitman and H. J. Mattord, "Designing and teaching information
security curriculum," in Proceedings of the 1st annual Conference on
Information Security Curriculum Development Kennesaw, Georgia:
ACM, 2004.
[14] G. Vigna, "Teaching network security through live exercises," in
Security education and critical infrastructures: Kluwer Academic
Publishers, 2003, pp. 3-18.