Developing and evaluating a hands-on lab for teaching local area network vulnerabilities

Abstract

Verizon's Data Breach Investigations Report states that local area network (LAN) access is the top vector for insider threats and misuses. In Ethernet, the common vulnerabilities come from Address Resolution Protocol (ARP). It is critical for students to learn these vulnerabilities, understand the mechanisms of exploits, and know the countermeasures, which include static ARP cache entries, improved ARP module in operating systems, encryption, intrusion detection, and data backup. In this paper, we introduce a hands-on lab to help students learn how ARP spoofing attack works. The objective of this lab is to let students successfully become a Man-In-The-Middle by manually creating attack packets. Although tools exist that carry out ARP spoofing attack automatically, asking students to create raw ARP spoofing packets themselves can help them understand the mechanisms of this attack method much deeper than with the automatic tools. We have studied the effectiveness of this lab on the students' understanding of LAN vulnerabilities. Tests were conducted to measure the performance of students before and after using this tool. We gave students surveys after they completed the hands-on lab. A few students were selected for an interview by an independent evaluator. The result shows that this tool can help students understand the concept of ARP spoofing attacks and motivate them in learning more about cyber security.