Download Category: Lessons

Slides, Guided Labs, Independent Labs, Submission Documents for US Cyber Range Labs

Unit 5 – Lesson 6 – “Network Controls”

3 Days

In this lesson, the focus is on the network controls such as secure protocols (https, DNSSEC, IPSec), firewalls, and IDS/IPS. Students will conduct practical configuration and testing of a firewall and an IDS for network protection.

“Social Engineering”

2 Days

New lesson, June 2022

Unit 2 – Lesson 6 – “Risk” (Version 1.3)

2 Days

This is the final lesson in Unit 2. After exploring attacks, vulnerabilities, threats, control measures, and trust, students will develop an understanding of cyber risk. A system is said to be trusted if it functions how it was intended to function and only how it was intended to function. The lesson introduces the idea that trust needs to be considered when specifying the functionality desired, when building the system according to the specifications, and then when implementing the system.

Cybersecurity also involves identifying security risks, determining their severity, implementing safeguards, monitoring, and being prepared to act. Risk assessment is this very process of identifying risks, determining the magnitude, and implementing the safeguards. These topics are discussed.

Unit 2 – Lesson 5 – “Trust”

2 Days

This lesson follows the exploration of security controls and responses with a look at the concept of trust and why security is a “hard” problem. Misplaced trust is examined as a human vulnerability. This lesson leads to examining risk and answering some of the “hard” questions of what needs to be protected, how it will be protected, and how it will be managed.

Unit 2 – Lesson 4 – “Controls and Responses” 

5 Days

Unit 2 – Lesson 2 – “Attacks, Vulnerabilities, and Threats”

4 Days

This lesson introduces attacks, vulnerabilities, and threats. It begins with differentiating among the terms, and leads to examining attacks to deconstruct the motivations, capabilities, and resources of attackers.

Unit 2 – Lesson 1 – “Information Assets”

1 Day

This lesson introduces the process of identifying and classifying information assets according to their sensitivity. Security controls are briefly introduced as a means to ensure confidentiality, integrity, and availability of information assets.

Unit 7 – Lesson 7 – “The Continuous Cycle of Security”

2 Days

This is the culminating lesson of the unit, bringing together many of the aspects of the unit to demonstrate that cybersecurity is constantly evolving, that there is no such thing as perfect security, and that risk must be planned for and held to a level where the risk balances the tradeoffs an organization is willing to make.