Académique Documents
Professionnel Documents
Culture Documents
Abstract—Hands-on ethical hacking and network defense has understanding on how to protect computer systems and the
become an essential component in teaching cybersecurity. abilities to learn how to conduct ethical hacking and network
However, without understanding vulnerabilities in a computer defense in the real world.
system, it would be difficult to conduct successful network
defense in order to prevent intruders in the real world. In this paper, we analyze and discuss network vulnerability
Therefore, teaching ethical hacking and vulnerability scanning is scanning hands-on lab problems. The contributions of this
a key element to the success of cybersecurity curriculum. In this paper are as follows:
paper, we review the state of the art of current open source
vulnerability scanning tools. A virtual lab environment is • We explore the definitions and processes of network
introduced as part of our lab design. We present our designed vulnerability scanning.
hands-on labs in detail using vulnerability scanning tool • We provide thorough descriptions on the top open
OpenVAS. We review outcomes after conducting the hands-on source network vulnerability scanning tools.
labs in our cybersecurity courses and identify future work for
open research areas. • We then propose our hands-on labs in detail on
network vulnerability scanning that we design
Keywords—Vulnerability assessment; network security; specifically to enhance the cybersecurity curriculum
penetration testing; cybersecurity curriculum for ethical hacking and network defense education.
I. INTRODUCTION The rest of the paper is organized as follows. Section 2
The threats to our computer network infrastructure are provides the background knowledge of vulnerability scanning
increasing and constantly changing in every day. According to including security vulnerabilities, system security, and
CNBC news about how the 2016 threat landscape appears to application security. We explore the top open source network
vulnerability scanning tools in Section 3. In Section 4, we
some experts, Fortinet global security strategist Derek Manky
propose our hands-on labs using OpenVAS and VirtualBox in
pointed out “Every minute, we are seeing about half a million
detail and evaluate the use of OpenVAS as a vulnerability
attack attempts that are happening in cyber space”[1]. In scanning tool in our security courses. Section 5 concludes our
addition, hackers are launching more sophisticated attacks on paper with outcomes and future work.
every possible weakness in our computer network system and
trying to damage or crush our security system. It is crucial that II. BACKGROUND
we train adequate cybersecurity professionals to defend our
A. Network Vulnerabiliy Scanning
system and prevent cyberattacks.
Vulnerability scanning is the process of using one computer
Hands-on ethical hacking and network defense has become to look for weakness in another computer. It can also be used
an essential component in teaching cybersecurity effectively. to determine vulnerabilities in a network [3, 4, 5]. Security
Most courses in cybersecurity education are concentrating on experts can use vulnerability scanning to find weakness in
defensive techniques such as cryptography, intrusion detection, systems in order to fix and protect the systems. On the other
firewalls, and access control; or offensive techniques such as hand, intruders can also use it to attack a system and hurt the
buffer overflow attacks, exploitation, and post-exploitation [2]. system.
However, before conducting hands-on ethical hacking and
network defense, understanding what kind of vulnerabilities Vulnerability scanning tools usually produce a detailed
that exist in computer systems is the first and the most report with the severity level of every vulnerability detected,
important step in protecting our security system. Therefore, such as high level severity problems, medium severity
understanding and teaching vulnerability scanning is a key problems, and low severity problems [6]. This helps to
element in cybersecurity curriculum. prioritize remediating or mitigating the scanning results.
From the experiences in teaching cybersecurity to our Before we explore different vulnerability scanning tools, it
students, we found that it is much needed to focus on is necessary to understand the basic concepts of security
vulnerability scanning as one of the initial steps in ethical vulnerabilities. In the following section, we explain what
hacking and network defense education. Having this security vulnerabilities are, where they come from, and discuss
fundamental knowledge can enhance students’ deep why system security and application security are concerns.
111
free of charge vulnerability scanner. We found that OpenVAS
in Kali is a well-designed scanning tool. Therefore, we
provide detailed steps in the following example of conducting
our vulnerability scanning hands-on lab.
In order to scan a host using OpenVAS, we need to check
if Kali is up-to-date, then we can install the latest OpenVAS
and run “openvas-setup” command to set up OpenVAS. Fig. 4
shows the commands of upgrading Kali and setting up
OpenVAS including downloading the latest rules, creating an
admin user, and starting up various services [11].
Figure 2. Nmap report on scanning Windows XP Next, we can use command “openvas -start” to start all the
services and point the browser to https://127.0.0.1:9392, accept
the self-signed SSL certificate and plugin the credentials for
admin user. This shows we are listening on port 9392 at the
local host.
Now, we are ready to scan. Type the IP address desired to
scan and start the scanning process. Fig. 6 and Fig. 7 show IP
address 192.168.1.25 obtained through the Windows XP
virtual machine and the vulnerability scanning results including
the type of vulnerabilities, their severities, and their locations,
such as port numbers.
112
anatomize the attacks, and assimilate the concepts they
learned from the lecture.
The feedback from both undergraduate and graduate
students on conducting the proposed hands-on labs is 90%
positive. Some students had difficulty to set up OpenVAS at
first, but once the configuration process is completed, students
were enthusiastic to conduct the labs.
In the future, we would like to offer a separate course:
Cybersecurity Ethics, Legal Issues, and Privacy, and use one
chapter to cover U.S. and state laws on cybersecurity legal
issues to help students understand the ethics while conducting
vulnerability scanning and learning offensive techniques. In
Figure 6. OpenVAS scanning report-1
addition, we are in the process of designing several labs that
can adopt different free vulnerability scanners, so students can
compare the results and learn from how hackers use a specific
scanner to find vulnerabilities before launching an attack.
REFERENCES
[1] H. Taylor, (2015, December 28), “Huge Cybersecurity Threats Coming
in 2016,” Retrieved from
http://www.cnbc.com/2015/12/28/biggest-cybersecurity-threats-in-
2016.html
[2] M. Mink, and F. C. Freiling, “Is Attack Better Than Defense? Teaching
Information Security the Right Way,” Proceedings of the 3rd annual
conference on Information security curriculum development, Kennesaw,
Georgia, pp. 44-48, 2006.
[3] Ken Houghton, “Vulnerabilities and Vulnerability Scanning,” As part of
the Information Security Reading Room, SANS Institute, pp. 5-8, 2003.
[4] D. Yan and F. Yang, "Vulnerability Analysis of Intelligent Network
Figure 7. OpenVAS scanning report-2 System", Networks Security Wireless Communications and Trusted
Computing 2009. NSWCTC '09. International Conference on, vol. 2, pp.
282-285, 2009.
Through the experiment of conducting our hands-on labs
on vulnerability scanning, we found that OpenVAS is a [5] D. Manky, (2010, November 8), “Top 10 Vulnerabilities Inside the
Network,” Retrieved from
suitable alternative for Nessus since Nessus is not free
http://www.networkworld.com/article/2193965/tech-primers/top-10-
anymore, though students need to go through extra steps to vulnerabilities-inside-the-network.html
install, set up, and configure OpenVAS. All the necessary [6] “Network Vulnerability Scan,” In Wikipedia, Retrieved September 14,
hands-on learning steps in this lab essentially help students to 2016,
be more familiar with OpenVAS and to understand how https://en.wikipedia.org/wiki/Network_vulnerability_scan
hackers gather vulnerabilities on a targeted host before [7] “Web Application Vulnerability Scanning Procedure,” Retrieved from
launching an attack. http://www.utpa.edu/dit/planning/sop/information-security/web-
application-vulnerability-scanning-procedure.htm
V. CONCLUSION [8] C. P. Pfleeger, Security in Computing, Second Edition,: Prentice Hall, p.
33, 1997.
Cybersecurity hands-on labs play a significant role in
[9] A. H. Alqahtani and M. Iftikhar, “TCP/IP Attacks, Defenses and
terms of helping students to assimilate the concepts and ideas Security Tools,” International Journal of Science and Modern
covered in the class. Any hands-on labs offered in an Engineering (IJISME), vol. 1, pp. 42-43, 2013.
institution must balance between budget, possibility, [10] E. Geier, (2014, April 29), “6 Free Network Vulnerability Scanners,”
availability, and the consequences, especially for offensive Retrieved from
security lab exercises. Hands-on ethical hacking and network http://www.networkworld.com/article/2176429/security/security-6-free-
network-vulnerability-scanners.html
defense, especially vulnerability scanning is essential for [11] “OpenVAS 8.0 Vulnerability Scanning,” In Kali Linux, Retrieved
understanding how hackers discover the weaknesses in a September 15, 2016.
targeted host before launching an attack. For our proposed
vulnerability scanning hands-on labs, we use VirtualBox with
Nmap and OpenVAS as scanning tools because they are free,
yet they can help our students to reach the learning objectives,
113