Information Security Though Elearning Using Vte

Published Date: 02 Nov 2017

e- learning using VTE''

E-Learning refers to "electronic learning". E-Learning is the use of any type of technology which improves learning and makes it much easier. Development of E-learning tools is an active area of education today. In today’s fast-paced culture, E-learning is the need of the hour. It is being used as a big platform for enhancing and upgrading knowledge. It increases flexibility in various fields and provides ways to make things both easier and challenging. Better resources, convenience and efficiency are all driving components of e-learning. E learning also has several challenges one of the major challenges of E learning is Information Security. New attacks are emerging rapidly in Information Security; hence the tools and technologies available for securing the information needs substantial upgradation as well as skills to mitigate these attacks. It requires creation of practical training environment with tools and technologies available for Information Security. Virtual Training Environment for Information Security gives a new dimension to E- learning. Government of India introduced VTE for making this field more efficient. The aim of this paper is to present Virtual training environment and its importance for the students as well as the whole society.

1. Introduction

Information security is one of the most talked about areas in real world today. As we have noticed growing trends about computers and technology in all walks of life similarly

Information Security is utmost important for the safeguarding of the data and information that we wish to share with the help of this technology.

People must be made aware about the Information Security concerns and the potential threats and negative effects which will be caused by ignorance of this very aspect. But training people without practical knowledge is next to impossible. E-Learning can serve as a great help while achieving this goal. People can be trained with the use of technology electronically.

2. E-Learning

E-learning is the term used to describe the use of the web and other Internet technologies in terms of enhancing the teaching and learning experience. It shares similar characteristics of many other e-services, such e-commerce, e-banking and e-government. The e-services users’ behaviours are different according to their roles and needs. E-learning users focus on how to benefit from e-learning concerning teaching and learning purposes. The users may need to spend longer periods of time when undertaking e-learning compared to other e-services.

3. Definition and Characteristics

There are many different definitions of e-learning present in the literature, and each one has a different emphasis: some focus on the content, some on communication, and some on the technology [1]. One of the early definitions for e-learning was provided by the American Society for Training and Development (ASTD), which proposes that e-learning covers a wide set of applications and processes, such as web-based learning, computer-based learning, virtual classrooms, and digitals collaboration. E-learning is the implementation of technology in order to support the learning process, whereby knowledge or information can be accessed using the communication technology. The learning process can be continuous, provided that the content is available on the net. Eklund [2] defines e-learning as a component of flexible learning, which is a wide set of applications and processes, all of which use all

available electronic media to deliver education and training; this includes computer-based learning, web-based learning, virtual classrooms, and digital

collaboration.

4. Information Security in E-Learning

E-learning is mainly dependent on information as well as communication technologies. According to Rosenberg [3], e-learning is based on three fundamental criteria, which are: 1) network-capable updating, storage/retrieval, distribution and sharing of information; 2) delivery to the end of user via computer using standard Internet technology; and 3) focus on the broadest view of e-learning. The first

and second criteria expose the e-learning institutions to the threats, as the use of ICT could ultimately lead to many possible information security risks which could compromise information, such as loss of

confidentiality, availability, exposure of critical data, and vandalism of public information services [4]. Unfortunately, very few efforts have been made to rectify this situation. More efforts have been emphasised to enhance the content and technology due to addressing content and technology as the challenges in securing a successful e-learning environment. Security is needed within e-learning environments owing to the fact that, nowadays, knowledge has become an important means of production, as product and as a key for personal success. In e-learning, information deriving from useful data is amongst the main assets of the organisation. Amongst security issues in e-learning

are protection against manipulation (students,

insider), user authentication, and confidentiality [5]. However, as the functionality of e-learning is expanding, information must be actively protected in this bigger context to avoid the loss of its

confidentiality, integrity and availability. Some people might state that knowledge should be shared, but there are situations where the flow of sensitive information should be restricted to only a few well-defined groups, such as, for example, learning

materials for certain groups and copyright protection of intellectual properties.

5. VTE (Virtual Training Environment)

Today’s networks are complex and globally connected. Educating those responsible for the security and survivability of these networks—and the computer systems they connect—is a major challenge. An even greater challenge is to provide this education in a way that is accessible and not tied to a certain place or time.

Virtual Training Environment (VTE) is one way of amplifying the security training and best practices that have been developed and delivering the same through classroom training. Because of the rich media instruction and hands-on training labs, VTE allows users to access high-quality information security, computer forensics, and incident response training material anywhere in the world, with only a Web browser and an Internet connection. 

The Virtual Training Environment (VTE) is a Web-based knowledge library for Information Assurance, computer forensics and incident response, and other IT-related topics. 

To meet these challenges, the CERT Program at the Carnegie Mellon Software Engineering Institute (SEI) has launched the CERT Virtual Training Environment (VTE). Available to anyone connected to the Internet, VTE employs technology to deliver security knowledge to information-security professionals.

CERT VTE provides quick access to training materials such as white papers, captured desktop screen demonstrations, recorded course lectures, and hands-on training labs for information technology professionals who cannot attend in-person training. VTE also provides trained personnel with a means to refresh and practice their knowledge and skills. Thus, network administrators and other IT security professionals can learn from experts with over 17 years of security knowledge and expertise without having to leave their desks.

Different Content for Different Needs

VTE offers Knowledge in Depth for Defence in Depth (KD3) training material covering topics on information assurance, cyber forensics, and other IT-related topics in three different forms.

First, CERT VTE offers a free public-access Web "library" of content that includes documents, demonstrations of concept applications, and videotaped lectures. Users who wish to learn the basics of computer security can visit the VTE library and select a subject they want to learn more about.

In the library, students can choose one or more of the following subject-matter groups: asset and risk management, information assurance policy and implementation, TCP/IP security, cryptography, host-system hardening, securing network infrastructure, firewalls and network security, intrusion detection, synchronization and logging, forensics and incident handling. The content for these 10 groups incorporates existing materials from CERT public course offerings, as well as other special material drawn from training and courses that are not offered to the public.

"The SEI’s mission is to transition knowledge and technology," says Jim Wrubel, senior member of the technical staff and VTE team lead. "By providing free access to these documents, we are not only fulfilling that mission, but also raising the awareness that an informed and educated IT community will prevent security problems before they happen."

Next, VTE offers a paid subscription service, which contains lab environments that users can access, performing exercises that test the skills learned through use of the other VTE materials. 

"These labs provide a unique training exercise—a chance to apply the knowledge described in the lectures, documents, and demos found in the public library. They provide a chance to try new skills in a risk-free environment," says Wrubel.

Finally, began in March 2006, information-security professionals had the opportunity to complete full courses in this online environment. The online classroom mode offers a guided path through course content, tracks and evaluates student progress, and gives students the opportunity to interact with a course instructor via email and chat sessions

VTE initially offered online versions of three courses that are now offered in live public and customer-site locations: Staff, Advanced Information Security for Technical Staff. Special tracks were available that allow organizations to meet the training-compliance needs of directives such as DoD 8570 and the Federal Information Security Management Act (FISMA). VTE can also be used by organizations to host their own private content, to be delivered exclusively to their designated audiences.

Based on the same pattern Government of India has taken a major step to simulate the actual security attacks and counter measures using VTE (Developed by DOEACC SOCIETY GORAKHPUR CENTRE under DIT funded project). It is by far most appropriate and perhaps the best implementation of E-Learning in the field of Information Security. Virtual Lab Environment is generally created using the virtualization technology. Virtualization Technology enables one computer to run multiple operating systems simultaneously in simulation mode. There are various virtualization software packages available from various vendors now a day. For e.g. Virtual Server from Microsoft, VMware ESX Server from VMware Inc., Zen from Citrix. These software packages could be used for simulating Personal Computer (PC) virtual environment. Various operating systems like Windows, Linux can be installed on top of the virtualization software. The operating systems can be configured like normal PC and if accessed from different physical system across networks, it appears to be accessing different systems. This way a local area network (LAN) scenario can be configured using the virtualization technique. The virtualization software comes with a managerial console which can be used to control and configure the virtual machine. Virtual Machine Remote Control service provides the management of the virtual server from the remote machine, which has remote control client installed on it. The Virtual Environment in the server can be accessed using the web browser from the remote system. Based on one’s credentials, There is a huge demand of trained manpower in Information Security areas to design countermeasures against various types of attacks. In this workshop participants would learn the anatomy of hack attacks and designing of countermeasures against such type of attacks. It would be achieved through scenario based virtual training environment (Developed by DOEACC SOCIETY GORAKHPUR CENTRE under DIT funded project) to teach the Information Security concepts to participants by following a practical approach.

This is an intensive, practical "hands-on" workshop where participants would gain the skills in various area of information security such as Information gathering, ARP cache poisoning and MITM attack, Brute force attack, Denial of Service (Dos) attack, IP Spoofing, Rootkits, SQL Injection, Code Injection, E-mail spoofing & Phishing, E-mail security using PGP, configuring snort IDS, IPSec, IP tables, Hardening windows & Linux and finally evaluating Security.

It comprises of different modules for information security. These modules cover various areas of information security such as

Information gathering

Vulnerability assessment,

Packet sniffing ,

IP spoofing

Brute Force Attack

Rootkits

SQL Injection

Code Injection

Phishing

Attacks on wireless networks

Email Encryption

Linux and Windows Hardening

Firewall configuration

Forensics

Malware Detection

The best advantage that a person can get through this kind of an environment is that he can safely apply all the countermeasures to all kinds of attacks without worrying about the damage and side effects which may be caused. Different kinds of attacks can be launched without hesitation since the environment is virtual. This form of E learning will open numerous paths for R&D. Even a novice user or a layman would be interested in experimenting and innovating in the field of security. This all has been possible only by the awareness and expansion of e learning.

6. Conclusion

The Information Security Skill Development with Virtual Training Environment so developed is being used for imparting hands on training on Information Security to System Administrators, Government Officers and Information Security Professionals. This environment can be further improved with the users feedback received. As it can be accessed online through web-browser hence this is being used for providing Information Security training to participants at remote locations where physical setup of complete Information Security lab is not there. Therefore this is reducing training costs by reducing logistical costs and physical setup cost and users are likely to perform the lab at their convenient time at their preferred locations. The effectiveness of this setup is that students and security professionals can use this environment without thinking twice about the cost and the hazards that might occur on real systems. Thus it provides an opportunity to implement new ideas and researches without any hesitation and consideration.