Virtualized information security teaching: an offensive approach

Abstract

With the increasing number of computer systems and their complexity, they become unpredictable for businesses, governments and organizations need to protect against hacking, or that leads to using the culture of information security, generating the need for qualified and experienced professionals in the field, which deals with the necessary data and therefore demands high quality. To meet this demand, universities include subjects that address or address the subject of security in the curriculum of their computer courses. However, traditional teaching techniques (such as lectures or literature) prove ineffective for safety training, as training or training is not applied to academic methods in realistic environments. In order to resolve this deadlock, a number of studies and platforms have emerged that provide practical environments for the study of nontraditional security techniques, but these are currently focused on the defensive approach, qualified and limited to certain vulnerabilities and their protection, without detailed attack method, or that reduces the user's understanding of the platform. In addition, despite the existence of offensive security platforms, these are aimed at professionals already in the market and with advanced knowledge in the field, which makes newcomers difficult and discouraged because they do not know the sequence to follow and where to start. This paper creates a discipline in which students have hands-on experience with the offensive approach. If done over a virtualized network through VPNs, to allow the simulation of a real attack environment. In addition, students select or support prebuilt documents and tutorials for each of the network machines, so that these items can evolve in learning new techniques that are adopted by the traditional approach to books and lectures. (AU)