View on GitHub

CyberSecurity

A curriculum for a high school cyber security course.

Attack Types

Overview

There are many ways that a hacking event occurs. We will look at several known types and role-play how the attack is done.

Purpose

Many attack types exist and are referred to by name. We want to be able to define the different types of attacks and give them a real-world example to make the idea more concrete.

Objectives

Students will be able to:

Preparation

Vocabulary

Teaching Guide

Getting Started

Activity

Create a physical internet where students send messages to one another using unique addresses and handing the message from student to student. Demo the unplugged internet without any attacks so students know how it works.

Man-in-the-Middle Attack

Choose one (or more) of the students to change the message as they pass it from one student to the next.

Denial of Service Attack

Have many students also send that same student messages but these messages can be gibberish or un-important messages that will crowd out the real message.

Replay Attack

After the messages have been sent, a second student will resend the same signatures or credentials but make a request for new information.

Wrap-up

Reflect as a class how these attacks might be done in an online context. What are some of the challenges we face when receiving or sending a message on the internet to verify that it is authentic?

Assessment Questions

Extended Learning

Blog Post - Inform your blog audience about different attacks. Give advice that might help them prevent these attacks or help them know the signs that an attack is happening.

EFF Phishing & Malware Lesson

EFF Threat Modeling Lesson

License

Cyber Security Curriculum Creative Commons License is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.