Teach Cyber 2020 logo
May 28, 2021

The Teach Cyber Megabyte

Thank you for being part of the Teach Cyber mailing list! The goal of the newsletter is to share relevant and useful information about Teach Cyber and other resources, events, and news in cybersecurity education.

If you enjoyed this Byte and know someone else that would too, please feel free to forward and share our newsletter! (Please note: if you forward this to someone else and they click "unsubscribe", you may be unsubscribed from the mailing list.)

In this month's Megabyte: Teach Cyber Summer PD; 2020 Cybersecurity Pathways Awards Winners; Feature Article - Transport Layer Security (TSL)

Teach Cyber

Summer Professional Development

Learn Cybersecurity Workshop Series

Are you looking to expand your cybersecurity knowledge and skills this summer? Then you might be interested in signing up for one or more of the virtual workshops Teach Cyber is offering in the Learn Cybersecurity workshops series.
  • July 6, 10:00 am - 5:30 pm ET - Why Cybersecurity Matters
  • July 7, 10:00 am - 5:30 pm ET - Data Security
  • July 8, 10:00 am - 5:30 pm ET - System Security
  • July 9, 10:00 am - 5:30 pm ET - Security and Ubiquitous Connectivity
Each workshop in the "Learn Series" is geared to build teachers' knowledge about cybersecurity. You will learn about and do cybersecurity - hands on labs in the US Cyber Range will help you build your cybersecurity acumen!

You can register for these workshops here.

Teach Cybersecurity Workshop

Are you wanting to prepare to teach cybersecurity next school year? Then you might be interested in signing up for the virtual week-long Teach Cybersecurity workshop. This workshop will help you get ready to teach cybersecurity using the Teach Cyber courseware.
  • July 26-30, 10:00 - 5:30 pm ET
You will get the opportunity to work through labs that you can use with your students in the US Cyber Range. Join us for an action packed week to launch a successful cybersecurity course next year.

You can register for this workshop here.

Scholarships Available - June 30 DEADLINE

Thanks to our partner Dr. Loyce Pailen, the Super Cybersecurity Grandma, we have 2 scholarships for the Learn Cybersecurity Workshops and the Teach Cybersecurity Workshop. Click here to get information on how to apply!

About Super Cybersecurity Grandma

Dr. Pailen has a book series that you might be interested in. Targeting children between the ages of 8 and 12, the Super Cybersecurity Grandma series is dedicated to building cyber-ready workers from a young age to meet the national workforce demands of the future.

The books will educate and inspire a new generation of potential cyber technologists, workers, and managers who will have the opportunity to experience the cybersecurity terrain from early childhood, thus making “cyber speak” and careers in the area much less foreign.

Contact: https://www.jastinenterprisesllc.com/copy-of-services
Screen Shot 2021-05-22 at 9.01.00 AM
Screen Shot 2021-05-22 at 9.01.17 AM
Hey teachers.......here is a fun resource you can check out. K12 Cybertalk produces exciting and engaging webcasts and resources so that you and your students can learn more about cybersecurity and explore its many different career options and opportunities.

TEACHERS......if you have suggestions on how K12 CyberTalk can better meet your classroom needs, contact Dr. Dan Manson, dmanson@cpp.edu.

New Initiative on Cyber Citizenship Seeks Educator Input & Resources

Combatting disinformation and misinformation will require the sharing of knowledge, techniques, tools, and research across fields of the learning sciences, civics, digital and media literacy, technology, cybersecurity, and national security. That is the goal of the Cyber Citizenship Initiative, a new partnership launched by New America, Cyber Florida, and the Florida Center for Instructional Technology in conjunction with the National Association for Media Literacy Education.

The Cyber Citizenship Initiative seeks to ensure that all individuals online have the knowledge and skills to check and verify the information coming across their screens, critically inquire about and seek evidence about what they are consuming, and create and share media messages in ways that advance dialogue and civil discourse.

The first project of this group is to build a free and open portal for K-12 educators with a searchable database of curated resources (lesson plans, curricula, games, prompts, and more) that are designed to help teach skills and mindsets for cyber citizenship. Teachers and developers are invited to submit resources that should be included in the portal. For more information, contact Lisa Guernsey, director of Teaching, Learning & Tech at New America: guernsey@newamerica.org.


"Transport Layer Security"

TSL Icon
Transport Layer Security, often abbreviated as TLS, is a data encryption technology that enables secure data transfer by encrypting the data sent from one system to another. TLS provides for confidentiality of data in transmission so any third party who intercepts your messages will not understand the encrypted information. Whether you're connecting to a computer in your own home or a website across the world, TLS can encrypt any data that you transfer between devices. While TLS is most well-known for its role in website security, the technology is also used to encrypt e-mails, files, and VoIP calls [1].
Kill Chain
TLS evolved from an older encryption protocol called Secure Sockets Layer (SSL), which Netscape developed in 1995 to secure web communications [2]. Before SSL, most data sent over the web was unencrypted, meaning that anyone could intercept and read the plaintext of internet packets. These messages could contain passwords, credit card numbers, and other personally identifiable information (PII). Although SSL was an incredibly valuable security tool in its time, it was eventually replaced by TLS as a more secure alternative. TLS was developed by the Internet Engineering Task Force (IETF), an international standards organization, and published in 1999. The most recent version of the protocol, TLS 1.3, was released in 2018 [3].
In addition to encrypting internet traffic, TLS is also used in web certificates to authenticate servers and stop certain kinds of attacks. Attackers will often use fake websites to trick users and steal data, but a properly configured TLS certificate will help protect users by showing that a website is (or isn't) who it says it is. In this case, TLS is helping ensure integrity by verifying that the website is authentic. It also prevents attackers from tampering with data in transit, like a tamper-proof seal on a piece of mail – yet another example of providing integrity. This means that the TLS protocol provides encryption and authentication in order to achieve confidentiality and integrity, which are two legs of the CIA triad [3].
McCumber Cube
For a website or application to use TLS, it must have a TLS certificate installed on its origin server [3]. A TLS certificate is issued by a certificate authority (CA) to the person or business who owns the website domain. The certificate contains information about who owns the domain, along with the server's public key, both of which are important for confirming the server's identity. A TLS connection is initiated using a sequence known as the TLS handshake. During the handshake, the user's device and the web server specify which version of the TLS protocol and cipher suite to use, authenticate the identity of the server using the provided certificate, and generate session keys for encrypting messages between the two parties after the handshake is complete. The following diagram illustrates the steps of the TLS 1.2 handshake.
Kill Chain (WoW)
Although you'll often see these web certificates called SSL certificates, it's almost certain that they're actually using TLS. SSL was last updated in 1996 and deprecated by the IETF in 2015, so most browsers don't even support SSL anymore and instead require the use of TLS [4]. Despite this, "SSL" is still an acceptable way to refer to secure connections, even if they use TLS. For example, many network and server administrators say "SSL" when talking about secure connections that use TLS. Let's see TLS action by checking the teachcyber.org web certificates.
HTTPS (Hypertext Transfer Protocol Secure) appears in the URL when a website is secured by a TLS/SSL certificate. HTTP is the protocol used to transfer website data between clients and servers, and HTTPS is the secure version of HTTP that supports encryption using SSL/TLS. In most browsers, a lock symbol in the URL bar represents the use of a properly configured certificate and the HTTPS protocol. If the symbol is unlocked, it probably means that either the website isn't using an up-to-date certificate or something is wrong with your SSL client. The details of the certificate, including the issuing authority, the validity period, and the name of the website owner, can be viewed by clicking the lock symbol.
Custom URL
By investigating the certificate details further, you can find several pieces of information that the server and your browser are using to ensure confidentiality and integrity. You can also see that even though the certificate is identified as an "SSL certificate," it's actually making use of the TLS protocol. These certificates can also be imported and exported, which is important for using web application security tools such as Burp Suite.
One of the most well-known vulnerabilities associated with the TLS/SSL encryption suite is Heartbleed, a severe vulnerability in specific versions of the OpenSSL cryptographic software library. The bug enables attackers to execute a buffer over-read, granting them access to the memory of any systems using the vulnerable versions of OpenSSL.
This not only allows attackers to decrypt traffic, but they could also steal a vulnerable server's private key and impersonate services and websites to devastating effect. Thankfully, this was a problem specific to the OpenSSL implementation of TLS and not the TLS protocol itself. The bug was identified and patched in 2014, so most once-vulnerable clients have since been secured [5].

You can find more information about network security and vulnerabilities in the "Intro to the Challenge of Cybersecurity" course, Unit 4, Lesson 7 (free to registered users). Additionally, students can refer to Unit 5, Lessons 2 and 3 to learn more about the symmetric and asymmetric cryptographic algorithms that form the backbone of TLS.

To test your own TLS/SSL client and learn more about the protocol, you can visit https://www.howsmyssl.com. You can also use https://caniuse.com/tls1-3 to check which browser versions support the most recent TLS version, 1.3.
[1] Christensson, Per. (2020, November 14). “TLS Definition.” TechTerms. https://techterms.com/definition/tls

[2] Cloudflare. “What is SSL? | SSL definition.” Cloudflare Learning. https://www.cloudflare.com/learning/ssl/what-is-ssl/

[3] Cloudflare. “What is TLS (Transport Layer Security)?” Cloudflare Learning. https://www.cloudflare.com/learning/ssl/transport-layer-security-tls/

[4] Olenski, Julie. (2020, February 13). “SSL vs TLS - What's the Difference?” GlobalSign Blog. https://www.globalsign.com/en/blog/ssl-vs-tls-difference

[5] Synopsys, Inc. (2020, June 3). “The Heartbleed Bug.” https://heartbleed.com
Teach Cyber 2020 logo