CyberSecurity Lab

Network-Security-Icon-smallProject Description: The IASP project includes the procurement, installation, and configuration of a system to provide virtual desktop connectivity for online labs. The Virtual desktop connectivity will enable students to actively participate in supporting network services while learning to mitigate risk to business resiliency due to security breaches, unavailable resources, and threats to integrity of business processes.

Project Objectives: The implementation of Virtual Desktop Infrastructure server provides an effective means for students to complete the needed security labs and accompanying documentation and test to fulfill the requirements for various projects and labs within the Bachelor of Applied Science in Network Security and Forensics (BSNSF) program.

Lab Exercises

Comprehensive Cyberterrorism Defense Course Labs

Comprehensive Cyberterrorism Defense (CCD) course labs cover:

Demonstrate Steganography with Invisible Ink, Whacking People with Netcat, Using a Rootkit (FU) to Hide OS Information and Processes, Using FastSum to Calculate a Checksum on a File or Folder, Using Netstumbler to Discover Wireless Networks, Sniffing for Wireless Networks with Kismet, Capturing Wireless Packets with AirPCap, Cracking WEP Encryption Using Airodump-ng and Aircrack-ng, Scanning for Vulnerabilities Using Microsoft Baseline Security Analyzer (MBSA), Rooting Out Weak Passwords with John the Ripper, Conducting Password Audits Using LCP, Using Cain to Capture and Crack HTTPS Passwords, Probing Vulnerabilities with Nessus, Discovering SQL Servers with SQLPing3, SImulating Various Web Application Attacks Using WebGoat, Sniffing Packets with Wireshark, Detecting Intrusions with Snort and Snort Alert Monitor, Using Kiwi Syslog and SNare to Conduct Event and Intrusion Analysis, Using Microsoft Log Parser 2.2 to Review Event Logs for Anomalies, Using Sam Spade to Conduct Reconnaissance, Analyzing Network Traffic Using Look@LAN, ARP Poisoning with Cain, Footprinting a Business Using EDGAR, Exploiting a Vulnerable System Using the Metasploit Framework, Using Simple Google Security Searches, Conducting Reconnaissance Using Online DNS Query Tools, Footprinting an Organization USing the Wayback Machine, Capturng a Website Using Black Widow Using TOR to Browse the Internet Anonymously, Scanning Target Systems with NMAP, Scanning for Open Ports Using Superscan 4.0, Packet Sniffing with Packetyzer, Using HPing to Simulate an Attack, Using XProbe2 to Determine a Remote Host's Operating System, Passive OS Fingerprinting with p0f, and Using Amap to Identify Applications Running on a Target System.

Cyberterrorism First Responder (CFR) Course Labs

Cyberterrorism First Responder (CFR) course labs cover: Building a Cyberterrorism Incident Response Toolkit, Using Kiwi Syslog and Snare to Conduct Event Analysis, Analyzing and Searching Multiple Logs, Using the CFR Toolkit for Emergency Assessment, Sniffing Packets with Wireshark, Port Scanning a Network, Using the CFR Toolkit for Emergency Containment, Welcome Hackers - Containment, Knocking at the Back Door - Eradication, Detecting and Eradicating Rootkits, Website Defacement - Restoration and Recovery, Capturing Event Indications from Volatile Memory, Detecting Events with Snort and Snort Alert Monitor, Conducting a Fast-Paced Vulnerability Assessment as Part of Incident Response, Case Management & Incident Response Forms, and Imaging a Drive for Hand-off to Forensics Staff.

CFR Scenarios: Handling a Generic Incident, Handing a Denial of Service Incident, Handling an Unauthorized Access Incident, Port Scanning, and Handling a Multiple Component Incident.

Scenario Resources: Scenario Questions are listed for different phases, Preparation, Detection and Analysis, Containment, Eradication, and Recovery (CER), Post-Incident Handling, and General Questions.

Incident Resources: Incident resources cover the following: Incident Definition and Examples, Precursors, Indications, Evidence Gathering and Handling, Eradication and Recovery, and Checklists for each type of Incident. The types of incidents covered are Denial of Service, Malicious Code, Unauthorized Access, Inappropriate Usage, and Multiple Component. A separate section covers Crisis Handling Steps and Compiled Checklists for the previously mentioned incidents.

Lab Resources

Additional materials have been acquired by the lab from training offered by the U.S. Department of Homeland Security and Federal Emergency Management Agency (FEMA) Training and Exercise Integration/Training Operations (TEI/TO) free cybersecurity training courses to technical personnel and technical managers working within our nation's critical infrastructures and within the emergency response and public safety sectors. through the University of Arkansas Criminal Justice Institute. The Criminal Justice Institute formed the Cyberterrorism Defense Analysis Center to offer the training for the Cyberterrorism Defense Initiative - The National Cybersecurity Training Initiative. Additional information about this program is available at

Comprehensive Cyberterrorism Defense (CCD) course materials are available to students and/or graduates of the BSNSF program.

Cyberterrorism First Responder (CFR) course materials are available to students and/or graduates of the BSNSF program.

More information about either program is available on their site,, for available dates, locations, and registration instructions.

Back to Top