During this advanced course, geared for students experienced in cyber security, students will be responsible for the management of a course (Systems Security), as well as the creation of a competition (UB Lockdown).
| Name | Slack Username | |
|---|---|---|
| Dave Murray | djmurray@buffalo.edu | djmurray |
| Kevin Cleary | kpcleary@buffalo.edu | cleary.kevin.p |
Due to the nature and complexity of the Security Development Program, prospective students interested in taking the Security Development Program should evaluate his/her own skills using the table below. Each student should have at least 6 points before attempting SecDev as the individuals are role models and will be taking on a self motivated education. If an individual does not meet the recommended points, he/she can still join but will be held to the same standards as a fellow SecDev student. Failure to meet responsibilities will be confronted in a meeting. Continuation will result in asking the student to step down to another program.
| Item | Point Value |
|---|---|
| Windows System Administration - Basic | 1pt |
| Windows System Administration - Advanced (Including Active Directory Proficiency) | 2pts |
| Linux System Administration - Basic | 1pt |
| Linux System Administration - Advanced | 2pts |
| Networking Basic (OSI and TCP/IP Model) | 1pt |
| Networking Advanced (Subnetting, Firewalls, Ports, Packet Analysis) | 2pts |
| Risk Management/Governance | 1pt |
| Compliance (FISMA, HIPAA, PCI, etc) | 2pts |
| Penetration Testing - Basic | 1pt |
| Penetration Testing - Advanced | 2pts |
| Virtualization - Basic | 1pt |
| Virtualization - Advanced | 2pts |
| IT Project Management Basic - Classes | 1pt |
| Information Assurance MGS-650 - Class | 2pts |
| IT Project Management Advanced - Experience | 1pt |
| Upon successful completion of this course a student will be able to… | Assessment |
|---|---|
| demonstrate their proficiency in an Operating System | Lecturing to Systems Security UB Lockdown Competition |
| research topics they are not familiar with | TBD |
| apply concepts learned from this and previous semesters | Lecturing to Systems Security UB Lockdown Competition |
Students in the Security Development Program are responsible for the mentorship of students in the Systems Security course.
Students in the Security Development Program are responsible for developing, organizing and managing all facets of the UB Lockdown competition. The competition has three goals: Education, Competitive, and Fun.
The competition will be an educational tool to teach students (competitors and track 3) about building systems and services, hardening, using tools, team dynamics, etc by the end of the competition.
Leading Indicators: Setting up a proper systems for educational; Red Team’s attack plan; technical difficulties
Lagging indicators: Feedback given shows that one person did not learn anything
No team or competitor has given up due to the lack of ability to continue caused by technical problems, red team, and/or lack of valiance for the duration of the competition.
Leading Indicators: Technical difficulties; read team’s attack plan; why winning is important
Lagging indicators: One competitor gave up
The majority of competitors are enjoying the competition even when things are getting stressful for the duration of the competition.
Leading Indicators: Technical difficulties, read team’s attack plan, interesting injections and solutions.
Lagging indicators: Feedback, bored/angry competitor
Students in the Security Development Program are expected to ensure UBNetDef will continue on after they graduate. This includes recruitment, passing of knowledge to new SecDev members, and enhancing the curriculums.
Students must conduct their coursework in a manner that does not violate the University at Buffalo’s Academic Integrity Policy. Students found in violation of the Academic Integrity Policy will receive an F for the course.
As a student in cyber security, you are learning tools and given resources that are meant to help protect yourself and others. However, these tools and resources can also be used in malicious or illegal ways. It is imperative that while you are a representative of this class, and even well after, you perform any security education or training strictly inside our internal environment or a controlled and contained environment that you have prepared for yourself. Any activity outside of our internal environment is outside of our control and protection. If you are not sure what you’re doing, it is very easy to do something illegal without even knowing you are (even something as simple as port scanning outside our internal network). If you are unsure if something is allowed or not, contact one of the instructors or mentors. All network traffic inside our infrastructure will be monitored for malicious or suspicious activity and acted upon with severe consequences if such privileges are abused. You are being given an opportunity to learn, please do not waste it.
As a part of the Security Development Program, you are granted elevated permissions permissions inside the vCenter environment. Any misuse of the environment will result in the immediate failure of the student, as well as academic dishonesty charges being filed.
All traffic that occurs within the vCenter environment is being logged for analysis purposes. Traffic captures (pcaps) may be shared with other individuals within UBNetDef for educational purposes only. We highly discourage logging into any personal or social networking websites on a Virtual Machine hosted in the vCenter environment.