Automating the Assessment of Network Security in Higher Education

Security is an essential aspect of the subject of computer networking in which students must understand the concepts and be confident in configuring security mechanisms on a range of network devices and systems as part of a Defence in Depth approach to IT security. Challenges are faced in assessing practical security exercises in a laboratory environment involving multivariate devices and operating systems that involve real equipment or simulation and real or virtualized environments. The working environment for a practical exercise must be pre-configured and once an exercise is completed the results extracted to enable formative or summative assessment of the outcomes of the exercise. Using manual methods this process can be time consuming and it would therefore be beneficial to implement some form of automation. To facilitate this a new application has been developed that automates the configuration management and assessment processes within a computer networking laboratory. The new application has been successfully used to assess the extent to which students have been able to configure a secure network utilizing a Defence in Depth approach within a case-study based exercise. The development challenges of the application and rationale for the implementation of the prototype application are discussed. A test methodology is presented and the results of applying this to the outcomes of a network security exercise are analysed. This demonstrates that the prototype application is able to assess the configuration of network security, in the context of defined parameters, to a high degree of accuracy. Further work might look at using the system to assess the security of business and industrial network in contrast to educational usage.