Re: Training or lab environments for cybersecurity programs at institutions

[Dennis Bolton <bolton () OAKLAND EDU>]

Hi,

We have also followed the air gap approach with the program's network
limited to a specific classroom or classrooms.  Instructors also have
students sign an Ethical Hacking agreement.  In some labs students also
purchase their own hard drives to use during the course period and must
remove the drives at the end of each class session.    As an FYI we are
seeing a lot of removable media being shuffled between the air-gap network
and regular lab\classroom computers, which has not been an issue so far,
but is something we are keeping an eye on.

-- 
Dennis Bolton
Information Security Officer
Dodge Hall Rm 220
118 Library Drive
Rochester, MI 48309-4401
248-370-4803

On Mon, Jan 22, 2018 at 12:29 PM, Barton, Robert W. <bartonrt () lewisu edu>
wrote:

> Morning,
>
>
>
> We isolate them physically from the remainder of the university
> (network).  The ‘gentleman’s agreement’ we have is that all labs, or work
> that the students do must be benign in nature.  We’re currently setting up
> our virtual Cisco, PaloAlto, and VM learning environments.  I just ran a
> hands on 9 hour firewall workshop for our Cyber Defense Club (they attend
> competitions in the area).  The administration is a little bit of a mix
> between the departments, and us in the centralized organization.  We are
> hoping to move to a “we handle the hardware, and OS, and you handle your
> applications, and teaching,” in the near future.  We do have a tech side,
> and management side to our program.
>
>
>
> Robert W. Barton
>
> Director of Information Security
>
> Lewis University
>
> One University Parkway
>
> Romeoville, IL  60446-2200
>
> 815-836-5663
>
>
>
> *From:* The EDUCAUSE Security Constituent Group Listserv [mailto:
> SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Rhonda Johnson
> *Sent:* Monday, January 22, 2018 10:49 AM
> *To:* SECURITY () LISTSERV EDUCAUSE EDU
> *Subject:* [SECURITY] Training or lab environments for cybersecurity
> programs at institutions
>
>
>
> Aims Community College is interested in hearing from other institutions
> which offer cybersecurity programs for their students.  We'd like to hear
> what type of environment you have set up, how much you have isolated these
> programs from your other student environments and how you're controlling
> security for those programs.
>
> Thanks for this information!
>
>
> --
>
> Rhonda Johnson, MS-CIT
>
> Director, Network and Telecom
>
> Aims Community College
> 970-339-6350
>
> This message (including any attachments) is intended only for the use of
> the individual or entity to which it is addressed and may contain
> information that is non-public, proprietary, privileged, confidential, and
> exempt from disclosure under applicable law or may constitute as attorney
> work product. If you are not the intended recipient, you are hereby
> notified that any use, dissemination, distribution, or copying of this
> communication is strictly prohibited. If you have received this
> communication in error, notify us immediately by telephone at
> (815)-836-5950 and (i) destroy this message if a facsimile or (ii) delete
> this message immediately if this is an electronic communication. Thank you.



-- 
Dennis Bolton
Information Security Officer
Dodge Hall Rm 220
118 Library Drive
Rochester, MI 48309-4401
248-370-4803