Developing an Undergraduate Course Curriculum for Ethical Hacking

Abstract

An Ethical Hacking (EH) course not only is a critical component for a Cybersecurity program but also an essential preparation for CS/IT majors towards career paths as security professionals. We face two major challenges when developing an undergraduate EH course, including the setup and choice of the lab design, and the choice and organization of covered topics for this course. On one hand, we have limited space, budget and technical support for a course that relies heavily on hands-on exercises. Given the nature of this course, the lab activities are often 'offensive' and lab operations demand administrative privileges, which cause compliance issues with the university's IT policies. On the other hand, given the vast variety of topics and the fast pace of the field, it is difficult to select and organize an essential set of knowledge units to ensure that students are exposed to current technologies and prepared to be industry-ready. We adopt two major design principles to address these challenges correspondingly. First, our choice of a hybrid Virtual Machine (VM)-based and Web-based labs provides students the full set of privileges to perform lab activities without posing threats to the campus network. The Web-based labs remove high cost of hardware and avoid overwhelming installations and configurations for the lab. Second, given the diversity of topics and fast developments in this field, we choose topics based on four criteria: representative, current, certification-related, and foundations for other covered concepts. The chosen topics are aligned with three EH certificates, and organized into twelve modules with clear inter-module and intra-module logic. This paper details the curriculum of this EH course and elaborates how our design principles are entailed in the course.