Abstract Network traffic filtering is an important topic in information security education at both undergraduate and graduate levels, and constitutes a major part of a general course on network security. Lectures on network traffic filtering cover mostly network packet filtering, mainly IP, TCP, UDP and ICMP packets, as well as common network services filtering, such as web and email services.... Network traffic filtering is an important topic in information security education at both undergraduate and graduate levels, and constitutes a major part of a general course on network security. Lectures on network traffic filtering cover mostly network packet filtering, mainly IP, TCP, UDP and ICMP packets, as well as common network services filtering, such as web and email services. In contrast to most common network services, FTP (File Transfer Protocol) is considered an unusual network service and requires special filtering mechanisms. FTP is an unusual service in that it uses two communication channels, called the Command channel (also known as the Control channel), and the Data channel. However, most common network service uses one communication channel for exchanging both command and data traffic. With the objective of enhancing information security education, this paper discusses what fundamental concepts the students need to know about the filtering of the unusual FTP network traffic. Also, to allow students to acquire hands-on skills on FTP traffic filtering using firewall technology, a set of comprehensive hands-on lab exercises are described. The paper does so in the hope that it will encourage the teaching of FTP network traffic filtering using a hands-on approach, when offering courses on network security. Finally, the paper discusses the effect of using a hands-on approach while teaching FTP traffic filtering concepts, on the students’ grading performance and learning outcomes. Read More Read Less

Abstract With the introduction of information security awareness curriculum or modules in existing university courses comes the question of how to plan course content that will enhance students’ learning. This paper outlines one active-learning approach—a simulated spear-phishing project that was utilized in information security awareness education at a post-secondary institution. The project framework is described, and insight is offered to assist... With the introduction of information security awareness curriculum or modules in existing university courses comes the question of how to plan course content that will enhance students’ learning. This paper outlines one active-learning approach—a simulated spear-phishing project that was utilized in information security awareness education at a post-secondary institution. The project framework is described, and insight is offered to assist information security educators to employ a similar project in their curriculum. Read More Read Less

Abstract This paper reviews current efforts and resources in secure software engineering education, with the goal of providing guidance for educators to make use of these resources in developing secure software engineering curriculum. These resources include Common Body of Knowledge, reference curriculum, sample curriculum materials, hands-on exercises, and resources developed by industry and open source community. The relationship among the... This paper reviews current efforts and resources in secure software engineering education, with the goal of providing guidance for educators to make use of these resources in developing secure software engineering curriculum. These resources include Common Body of Knowledge, reference curriculum, sample curriculum materials, hands-on exercises, and resources developed by industry and open source community. The relationship among the Common Body of Knowledge proposed by the Department of Homeland Security, the Software Engineering Institute at Carnegie Mellon University, and ACM/IEEE are discussed. The recent practices on secure software engineering education, including secure software engineering related programs, courses, and course modules are reviewed. The course modules are categorized into four categories to facilitate the adoption of these course modules. Available hands-on exercises developed for teaching software security are described and mapped to the taxonomy of coding errors. The rich resources including various secure software development processes, methods and tools developed by industry and open source community are surveyed. A road map is provided to organize these resources and guide educators in adopting these resources and integrating them into their courses. Read More Read Less