标题:Simulation-based Learning Utilizing Virtualization Technology and Backtrack in Teaching Information Assurance and Security: Case in Haramaya University
摘要:Simulation-based training techniques, tools, and strategies can be applied in designing structured learning experiences, as well as be used as a measurement tool linked to targeted teamwork competencies and learning objectives. An adequate computing lab support for advanced computer courses that needs practical understanding and hands-on approach is a perennial challenge for most higher educational in Ethiopia. The study presents a model of using dedicated and flexible lab support information security and assurance courses as part of the curriculum of Bachelor of Science in Information Technology in Haramaya University, Ethiopia. Using virtualization technology different laboratory setup on a single computer machine has been implemented using one of the well-known operation system for penetration testing called backtrack. Information Security topics like Port Scanning and Service Identity Determination, Password Cracking, Trojan Attacks, Steganography, Man-in-the-middle attacks, and Web SQL injection were able to learn and simulate by students under this virtualization setup. A self-administered survey questionnaire has been employed to assess the class service quality and perception of the students on this matter. The result shows that after the students are introduced to the activity in the laboratory using virtual machine in simulating topics in information security, there is 83% increase in number of student having a very good understanding in the subject. Moreover, the table shows us that 90% of the student agrees that the hands on activity using VM really increase their interesting learning the course. Moreover, the table shows us that 90% of the student agrees that the hands on activity using VM really increase their interesting learning the course. These show that the implementation of hands on activity with VM really helps the student to have better understanding in the subject matter. In conclusion, virtualization technology is not only limited to industry utilizing them to improve their servers and network services, but also has been effective as innovative teaching strategy in the laboratory practical session in the academe. Thus, it was found that the students are accepting the challenge to learn information security using virtualization and are benefiting greatly from their experiences.
关键词:Virtualization; information security; man-in-the-middle attack; steganography; SQL web injection; password cracking.