Updates from June, 2020 Toggle Comment Threads | Keyboard Shortcuts

  • Justin Pineda 5:59 pm on June 5, 2020 Permalink | Reply
    Tags: cybersecurity education, distance learning, networking education, online learning, teaching   

    Effectively Conducting Networking & Cybersecurity Distance Learning Courses 

    Photo by Julia M Cameron on Pexels.com

    I had the privilege of sharing some of my experiences on how I conduct my networking and cybersecurity classes online to other IT Educators in a recent webinar hosted by the Philippine Commission on Higher Education (CHED).

    Regardless of the Learning Management System (LMS) used by the school, technical subjects like networking and cybersecurity are different because of the need to have a working laboratory to have a complete grasp of the courses. LMS provides storage, collaboration, insights, engagement automation of quizzes. But creating a laboratory might be challenging.

    How do I do it online and offline?

    • Search for useful and informative references – Aside from the references that are included in the syllabus, I also add a lot of helpful links, videos, and PDF files that I find relevant for the course. I try to relate it in every module so that students will be provided help in their studies.
    • Customize slides for the class to meet learning objectives – I create my slides for 2 reasons: First, there is so much information out there that cannot be put in a single material. It is important to choose the most important ones and guide students to relate the materials to the other references. For example. if the topic is network architecture, I’ll just discuss the components of it and provide them references on example implementations/practices for each component. They will be given a list of references that can check but the important thing is that the core concepts are properly discussed. Second, publicly available slides from vendors tend to promote their products. I try to make my materials as vendor-neutral as possible and let the students choose which they prefer. In the end, we don’t like students to be exposed to a single brand and then work on a company that uses another brand.
    • Record short lectures to set the context – I also do video recordings of lectures to help explain technical concepts in a way that students will be able to understand easier. Theories are very important because they will be used in any industry or scenario that you may encounter. Another objective is to provide an industrial touch to the discussion. As an industry practitioner, I know that some of the concepts discussed in books are idealistic but some are impractical in the real world. I try to balance both by providing industry insights and let the students make their analysis.
    • Create Virtual Machines (VMs) that students can use to run the tools and exercises, anytime and anywhere. – An important aspect of technical classes is lab exercises. For networking and cybersecurity classes, I create my own VMs that contain the tools, environment, programs that students will need to practice what they learned in the lectures. I set up a web server in one VM and the attack tools on another. The good thing about it is that students will be able to try various ways of accomplishing the exercises in their own time. And if it fails, then they can just delete the current VM and load a new one in an instant.

    Rubrics

    I try to make the course very straightforward to students especially the expected outputs and outcomes. Here are the grading components I use for the online classes

    • Learning Log – The learning log is sort of a feedback mechanism from the students. It gives them a venue to speak what is in their mind since not everyone is given time to share in class. Usually, they share their thoughts about the lesson and other things that they observe/experience. They also provide feedback on whether their groupmates are working or if they are having problems with the lesson. The only add-on work for the instructor is to have time to read and respond to these learning logs.
    • Lab Exercise – The lab exercises will validate whether you can use the tools given a specific scenario in a practical sense. The good thing about a lab exercise that is in a VM with a plethora of tools is that there are many ways to achieve the objective. Everything will be based on the strategy of the students.
    • Case Analysis – The usual problem for technical people is that they are tool-centric. They are well-versed on how to use the tools and their features. However, the usual problem is deciding when to use them. The case analysis portion helps students analyze various cases so that they will carefully think about how they will resolve the problem methodically.
    • Exam – Of course, the course will not be complete without an assessment. I usually create an objective multiple-choice exam to check if they know the theories and terms discussed. At the same time, they will also be asked situational questions to check how they will analyze and resolve issues. I try to simulate how IT certification exams work since they will be taking some in the future.

    Sample Lesson

    On the usual lesson, I start with a question to get their attention and interest. Afterward, there will be a discussion and/or debate. For example, What web application attack is the fastest to exploit and difficult to detect? The answer may vary but what I want to discuss is Session Management. But the question will make the students think and spark sharing, discussion, and debate.

    Then I go to the discussion proper. I’ll explain the issues on session management and its best practices when developing a web application etc. Afterward, we do lab exercises and simulate how to check the strength of session ID’s and how to exploit them if found to be weak.

    Lastly, we then analyze real-world cases of the organization that has applications with poor session management. We’ll do a root cause analysis and provide recommendations on how to fix the issues.

    This is just a sample order of instruction that I find helpful for students in their distance education.

    Good Course References

    • Cybrary
    • Peerlyst
    • SANS Reading Room
    • Cisco Networking Academy
    • OWASP
     
  • Justin Pineda 12:06 pm on March 1, 2017 Permalink | Reply
    Tags: hydra, research conference   

    Proud of my students’ achievements @ UA&P event 

    Last February 24, 2017, me and my undergraduate students went to the University of Asia and the Pacific (UA&P) in Pasig City to present their project Hydra in a school-initiated research conference.

    The event was not very big but various students from undergrad to PhD were prepared to present their papers. I was really pushy but cautious to my students at the same time- I would like to guide them in their project and prepare them to present it by themselves in front of academicians.

    img_20170224_143541

    A copy of the Parallel Session schedule and Abstract

    And so the day came… my students Kent and Letty created their presentation slides. I told them to limit it to 6-10 slides only and practice explaining their project in the simplest and shortest way possible… which they were able to do very well.

    That moment when my student started presenting made me feel proud as their teacher. 🙂

    Congrats Kent and Letty for a job well done! Although I still have a lot of waiting to do for the expense reimbursement haha

     

    img_20170224_175416

    With my students, Kent Miculob and Letty Laureta

    To read the paper we submitted, you may visit this link.

     

    Post statement- Use an old Roman encryption to decrypt the message below

     

     
  • Justin Pineda 1:58 pm on January 7, 2017 Permalink | Reply  

    7 reasons why you should take up a Master’s degree 

    I’m currently preparing for my final term for my Master in Information Systems (MIS) degree. It’s a short break from the stress in school. Looking at what I’ve learned and accomplished so far, I would like to share my top 7 reasons why you should take up a Master’s degree. (I’m not going to discuss what course to take or which school should you go to. That will be in a another blog post. 🙂 )

    7. You will meet new friends.

    They say that in grad school, having 10 students in a class is already big. In the class, there will be mixed types of people- from young professionals to management-level to self-employed individuals. There will also be returnees or transferees who will join the class. Since a lot of them will be your classmates for a couple of terms, you spend a lot of time with them during and after class.

    And you will be friends with them in no time similar to your college experience! This time, you won’t be limited to your age group. You can be a young professional and make friends with a senior manager or even a mother. And that’s fine. 🙂

    mis3

    Our Managerial Accounting class.

    mis5

    My consistent group mates hehe

    6. It’s a requirement for you to be able to teach in the Philippines.

    It’s a plain and simple requirement in the Philippines. I cannot argue and elaborate more on that. I will write another post about to pros and cons about the vertical articulation by Commission on Higher Education (CHED). Anyway for now, getting a master’s degree will make you qualified to teach.

    I just have to put my disclaimer right away that I know a lot of people who have graduate degrees but incompetent in their fields (and/or don’t possess the teaching hand). I’m sorry I just have to say it because there are still a lot who pursue the degree for the “title” and “compliance.”

    5. You can build your network of professionals that can help you in your career.

    One of my professors in the grad school said that with the variety of students who enroll in the class, he can already build a company with all of us have different roles.I agree with him. Your classmates come from different industries and fields. You can help each other out at work. I have classmates who are in banking, government, project management, academe etc. They can help you look for a job or do your job well. haha

    My professors helped me link to some consulting opportunities which I won’t be able to find had I not enrolled in grad school. The world in the corporate is quite enclosed that’s why you need an outlet to spread the network.

     4. You get to learn from experiences rather than plain textbooks.

    More than the degree, one of the main reasons why I enrolled in grad school is to listen to my classmates and professors’ stories- experiences in work that helped them succeed or even led them to failure. I can read books or Google stuff or even watch tutorials in You Tube. But to listen to the experiences is something you’ll only get if you’re in class.

    3. You have something to look forward after your routinary work.

    You will have classmates who still slack in some instances and those who are teacher’s pets. haha There are also those who study in advance and submit the deliverable very early. You’ll have classmates who don’t  have anything to submit too! haha In any case, attending the class is something you will look forward after a week of work. For some, attending a class is a challenge. For others, it is a stress reliever.

    mis6

    The class organized a KTV Christmas Party

    2. You can get promoted at work after you graduate.

    Not an assurance though. In the government, some posts require a Master’s degree to lead a division or a department. In the academe, you can get a higher rank.

    In the private sector, I’ve observed some seasoned managers have master’s degrees. Most of them have MBA’s.

    1. You learn something new.

    Sounds clichĂ© but that’s the truth. You will have classmates who will take the class just to pass and earn a degree. But majority of my classmates attend class to learn something new. I’m not a project manager. I have no project management experience but I am learning now (the hard way haha) for our capstone. I need to sell an IT business idea and make sure that I will gain profit. I learned different IS Policy frameworks and how to use them even if I’m not a manager. And I learned so much more…

    Here’s one of the learning logs I wrote in our Human Capital Management class.

    If you think these reasons are what you’re looking, then enroll now!

    I’m not advertising any school.haha  Just encouraging… 🙂

     

     

     

     
  • Justin Pineda 6:17 pm on February 20, 2016 Permalink | Reply  

    Vulnerability Proof-of-Concept and Analysis 

    The objective of this activity is to simulate and existing vulnerability (it can be an application, network, etc.) and create an analysis based on research. The ultimate goal is for the students to come up with an outlook of the vulnerability on how it has affected and will affect the computing world in the future.

    For instance, there Vulnerability X works on Platform Y.1. Computers need to update to Platform Y.2 to become protected. However, a lot of computers didn’t update because of compatibility issues. What will happen to these “unpatched computers?” How many of them are found in critical data centers etc? Will Vulnerability X evolve into a more complex and more dangerous vulnerability?

    Sample works:

    Android Rooting Vulnerability – Android Rooting

    iOs Jailbreak Vulnerability – iOS Jailbreak

    Heartbleed Vulnerability – Heartbleed

    Shellshock Vulnerability – Shellshock Vulnerability

    Remote Desktop Protocol Vulnerability – RDP

    Adobe Flash Vulnerability – Adobe Flash

     

     

     
  • Justin Pineda 5:41 pm on February 20, 2016 Permalink | Reply  

    Machine Project in Infosec 

    Objectives

    â– To be able to configure, implement an open-source security tool.

    â– To simulate a real-world attack scenario where the security tool can be used.

    â– To show how to configure necessary functionalities of the security tool.

    Tasks

    â– Each group will be assigned a specific security tool. Each group will research about the topic and download an open-source version of the tool.

    â– The group can use a recommended tool or look for a preferred application as long as it is open source.

    â– The group will configure and deploy a working prototype and simulate the functionalities of the tool with the prescribed test/s in a lab environment.

    â– The group will demonstrate the output in the 12th week of the term.

    Tools

    â– Network Firewall (PFSense)

    â– NIDS- Network Intrusion Detection System (Snort)

    â– HIDS- Host Intrusion Detection System (OSSEC)

    â– WAF- Web Application Firewall (Iron Bee)

    â– Honeypot (Honeyd)

    â– DLP- Data Loss Prevention (OpenDLP)

    â– Anti Spam (SpamAssassin)

    Tests

    Tool Test
    Firewall Allow/Block Website based on IP/hostname

    Allow/Block Website based on Category

    NIDS Detect a port scan

    Detect a backdoor connection

    HIDS Detect a keylogger

    Detect a port scan

    WAF Prevent a SQLi attack.

    Prevent a port scan.

    Honeypot Log port scan to server.

    Log remote access to server.

    DLP Prevent sending of email based on message

    Prevent sending of email based on file type

    Anti-Spam Detect SPAM based on message

    Detect SPAM based on quantity

    Milestones

    ■Week 3 – Finalization of security tool

    ■Week 6 – Security tool configured

    ■Week 7- 10 – Testing

    ■Week 12/13 – Project Demo + Documentation Submission

    Deliverables & Grading

    â– Working prototype 40%

    â– Tests completed 40%

    â– Documentation 20%

    Paper Format

    ■Abstract – Summary of your project

    ■Introduction – Discuss what the tool is all about

    ■Results and Discussion – Discuss the tests done (include screen shots)

    ■Conclusion – Lessons learned

    Sample Projects:

    Video Links

    IDS- SnortV1, SnortV2, SnortV3

    Honeypot – Honeybot, KFSensor

    Firewall – PFSense

    Documentation

    NIDS (Snort, Snorby and Barnyard Installation & Configuration) – comsecinstallation

    HIDS (OSSEC Installation, Configuration & Testing) – USER MANUAL OF OSSEC

    SPAM Filter (MailWasher) – INFOSEC_MachineProject_MailWasher

    Honeypot (Honeybot) – INFOSEC_MachineProject_Honeypot

     
  • Justin Pineda 4:21 pm on February 20, 2016 Permalink | Reply  

    Research Paper on Emerging Technologies 

    Introduction

    A Case Study will be held as an academic symposium during the midterms week to discuss various emerging technologies in the field of information security. Each group will be tasked to research on a specified topic, explore and answer key issues about the subject.

    As its culminating activity, an academic paper with a required format will be submitted and a 15-minute presentation will be presentation will be presented with the classmates and special faculty and industry guests. Question and answer will be followed after the presentation.

    Topics

    1. Security in Social Networking Sites
      1. Cite current issues pertaining to crimes/violations in social networking sites. Describe the usual scenarios.
      2. Show some statistics on social networking related crimes.
      3. What are the actions taken by social networking organizations and government agencies?
      4. How do you see the future of social networking sites? Future attacks and remedy?
    2. Mobile Malware
      1. Can mobile devices get infected by malware?
      2. State news about devices getting infected. What happens to these devices?
      3. Show statistics on mobile malware.
      4. Is there an initiative from AV companies and government about it?
      5. How do you prevent mobile devices from getting infected?
    3. Business Continuity Planning (BCP) for Disaster Prone Areas
      1. Cite news of business disruption due to a disaster and its effects on the business.
      2. Show statistics of business losses due to either natural or man-made disasters.
      3. Are there initiatives/laws that require businesses for BCP?
      4. Discuss usual business continuity planning and disaster management and recovery plans.
      5. Discuss any standard/template regarding BCP.
    4. Internet Surveillance
      1. Is Internet surveillance possible?
      2. What are ways to conduct Internet surveillance?
      3. What are limitations of current security capabilities?
      4. What are solutions for existing Internet surveillance?
    5. Cybercrime Laws and Issues (choose scope)
      1. Discuss current cybercrime laws. (if there are any)
      2. Discuss issues that warrant cybercrime laws. Prove that there is a need for these laws.
      3. Discuss limitations and or threats of these cybercrime laws.
      4. Discuss if there is a need for more laws.
    6. Security in Automated Controlled Vehicles
      1. What are automated controlled vehicles?
      2. Why is there a need for automated controlled vehicles?
      3. Research companies that are utilizing these types of vehicles.
      4. Research for news that show threats on automated controlled vehicles.
      5. Discuss solutions for automated controlled vehicles.
    7. Drones
      1. History on the implementation of drones.
      2. News and development on drones.
      3. What are positive and negative issues (factual) on drones?
      4. Do drones bypass due process?
      5. Do drones violate privacy and freedom?

    Grading

    The Case Study is 10% of your final grade.

    Group Grade is 70% (to be given by the professor)

    Individual Grade is 30% (to be given by the group leader; leader gets 100% in the individual grade)

    Criteria

    Content (Paper) – 50%

    Is the paper complete and comprehensive?

    Mastery – 30%

    Is the group knowledgeable on the topic?

    Did the group have the ability to analyze related real-world problems?

    Did the group answer the related questions?

    Delivery – 10%

    Did the group communicate the message properly?

    Presentation – 10%

    Did the presentation contain creative and comprehensible visuals?

    Required Sections in the Paper

    Section Description

     

    Abstract Your abstract is a maximum of 200-word summary of your case study. It describes briefly about your topic and what you intend to research further. You are establishing the boundaries of your study in the abstract.

     

    Introduction The introduction is a maximum of 300-word overview of the topic. This means you need to discuss the current technology of your topic. Discuss the features, benefits and limitations of the current technology.

     

    Problem Statement Based on your introduction, you have to establish your problem statement. What are the problems or issues that the current technology is facing? You have to state that piece by piece and justify why it has to be resolved.

     

    Results and Discussion Research and establish the solutions for the problems found in the problem statement. Explain processes and procedures of the solutions that you recommend and how it can be done.

     

    Conclusion and Recommendation Provide a conclusion of the case study that you have conducted. Based on your study, will your solutions be helpful in resolving the issues in the problem statement? Give recommendations that can be further investigated and researched in the future to strengthen your study. Make sure the recommendation is out of the scope of your study.

     

    References List all the references for your case study. You need to follow the IEEE reference format. For your guidance, you need to have at least:

    Five (5) technical references related to the topic (journal, scientific publication, conference proceeding)

    Five (5) news article reference related to the topic (newspaper, magazine)

    Three (3) books related to the topic.

    Note: Never plagiarize. It’s equivalent to cheating.

     

    Format of paper: MSW_A4_format

    For the presentation:
    1. Create a presentation of your paper. It should be a summary of all sections: Abstract, Introduction, Problem Statement, Discussion, Conclusion.
    2. Follow the 6×6 rule. Each slide should have a maximum of 6 bullet points with maximum of 6 words per bullet point.
    3. Use interesting font/colors. Use images that will help explain your paper.
    4. Everybody should have a part in the presentation.
    5. You have 15 minutes to present your paper followed by Q&A.
    6. Wear business attire for the presentation.

    Deliverable:
    1. Send a PDF copy of your final paper and PPT presentation to justinp@apc.edu.ph & pineda.justin@rocketmail.com with Subject- Case Study Final Deliverable – (Case topic) by Group (Group Name)
    2. Print a hard copy of the paper.
    3. Submit (1) & (2) requirements before the class.

    Sample papers:

    On Social Networking: Online Peers Can Mean Offline Perils, Online Peers Can Mean Offline Perils-Presentation

    On Mobile Malware: Prevalence of Malware in Mobiles (1), Prevalence of Malware in Mobiles

    On Internet Surveillance: Internet Surveilance by Team ZAFT_present, Internet Surveilance by Team ZAFT draft 4

    On Social Networking: Using Facebook in TOR, INFOSEC PDF

    On Internet Surveillance: Internet Surveillance

    On Drones: Drones Case Study (1), Drones

    On Cybercrime Law: Revised-Cybercrime

    On Mobile Malware: Mobile-Malware-A-Case-Study-in-Information-Security-1

     

     
  • Justin Pineda 8:12 am on September 19, 2015 Permalink | Reply
    Tags: , mobile security, websecurity   

    Vulnerability Scanning & Risk Mitigation Project 

    In INFOSEC, the focus of the discussion is a bird’s eye view of the different domains of Information Security. More importantly, the curriculum followed is the CompTIA Security+ lessons. The final project’s objective is to be able to explore on security tools and software such as firewall, IDS, honeypot and to demonstrate the functionalities by doing test scenarios.

    For COMSEC1, the focus shifts into a more specific topic on ethical hacking. The course discusses the steps on ethical hacking and its importance. For the final project, students are required to conduct a static code analysis and vulnerability scan in an existing project and fix the risks to an acceptable risk level.

    Some of the projects include:

    Web application – Web_COMSEC1

    Mobile application – Mobile_COMSEC1

     
c
Compose new post
j
Next post/Next comment
k
Previous post/Previous comment
r
Reply
e
Edit
o
Show/Hide comments
t
Go to top
l
Go to login
h
Show/Hide help
shift + esc
Cancel
%d bloggers like this: