The Department of Mathematics and Computer Science held two summer camps this past week for high school students. The first, Camp Code, introduced students to the programming language Python and taught them how to think like software developers. The second, Guardians of Cyberspace, helped students understand the critical importance of cyber security, what makes computing insecure, and how to find points of insecurity using a variety of tools.
In Camp Code, twenty-seven students, most of whom had never written a program before, became Python programmers over the course of three days. Here is the list of topics we covered in the order we covered them:
- What is a computer program?
- What is computational thinking?
- The variety of computing languages
- Why Python?
- The Python interactive shell
- Building blocks: variables, expressions, statements, and comments
- Basic input and output from the command line
- The difference between objects and variables
- Types of variables: ints, floats, and strings
- Cool things you can do with strings
- Formatting and escape sequences
- Strings as lists
- How to work with lists
- How to work with dictionaries
- Exception handling
- The math library
- Selection statements: if, elif, else
- Flag-controlled loops: while
- Counter-controlled loops: for
- Random numbers and how they’re used in games
- Building user interfaces using easygui
- Drawing graphics using Turtle Graphics
- Drawing and animation using pygame
Obviously, that’s a lot of topics, and we would not have been able to cover them all if we didn’t use lots of examples to illustrate them and to keep the students engaged. The students kept up throughout and asked lots of great questions. They enjoyed becoming software developers this week.
The Guardians of Cyberspace camp started with an illustration of how serious the cyber security problem is. Specifically, we described how the electric power grid is a critical infrastructure that could be compromised by cyber antagonists and described the likely consequences of such a breach. This helped us emphasize to the ten students that what they were learning was really important and that, as Computer Scientists, they’ll have the nitty-gritty technical knowledge of programming, operating systems, instruction processing, computer networking, encryption, and data analysis needed to protect such critical systems from attack. We were able to draw a very convincing connection to the programming concepts the students had learned in the previous three days.
We then gave them a boot-camp-style introduction to each of those computer science concepts that are so important to understand if you are going to by an information security specialist. This prepared them to use a variety of tools in the last three hours of the camp to probe computer systems for vulnerabilities. Since they had seen the underlying technical concepts, they could use these tools without simply being button-pushers. That made the lab exercises so much more meaningful. Undergraduate student Steven Day, who is working on a research project focused on developing a training environment for cyber security education as part of Lewis’ Summer Undergraduate Research Experience (SURE) program, helped develop and run these hands-on exercises.
Here is the list of topics we covered in Guardians of Cyberspace:
- Why cyber security is critically important (with an example from the electrical grid)
- Types of threats (including active and passive, computer-focused and network-focused)
- How computer networks communicate data
- Using a command line
- Basic command-line networking tools: ipconfig/ifconfig, ping, tracert, whois
- An introduction to Linux – basic commands, the directory structure, using vi to edit documents
- Tools for communicating with remote servers – putty, winscp, ftp, telnet
- An illustration of why insecure tools like telnet and ftp are insecure by sniffing packets with Wireshark
- Building and using virtual machines with Virtualbox
- What is ethical hacking (and why you absolutely must stay ethical!)
- The critical difference between white-hat and black-hat hackers (and why you must be a white-hat always)
- How to capture passwords over a network.
- How to capture saved passwords in a browser.
- Where are Windows and LInux passwords stored?
- How Rainbow tables work
- How to crack passwords using John-the-Ripper and Ophcrack
- The phases of penetration testing – reconnaissance, scanning, exploitation, maintaining access
- Building a virtual penetration testing lab with Virtualbox
- The difference between NAT and host-only networking and the critical importance of using host-only for this work
- Basic reconnaissance tools – Google, whois, host, netcraft, metagoofill, test emails
- Scanning for open ports and services with Zenmap
- Using Nessus to find vulnerabilities in running services
- Using Armitage to exploit vulnerabilities, including keylogging and privilege escalation
As with Camp Code, this was an ambitious list of topics. However, if all the concepts are presented with a nice balance of technical theory and immediate practical application, and if the students are motivated to learn (and these students certainly were), all this material can be covered rather well, even in just two days. Admittedly, though, we could have used an extra day or two, because there are so many cool things to learn!
The point of these camps wasn’t to make the high school students experts in software development and information security. If they go on to study Computer Science in college, they’ll have that opportunity. The reason we offered these camps is because we feel these are critically important concepts for students to learn so that they are prepared to meet today’s and tomorrow’s challenges. We’re not going to be using computers less as time goes on. We’re not going to become less dependent on software applications and computer networks over the next years and decades. Rather, it seems a certainty that computing will become even more a staple of our daily life than it is today. High school students need to be exposed to these concepts now, despite how little most high schools cover them. And more of them need to know that Computer Science is an extremely important and wonderfully exciting field to study, that it isn’t by any stretch sitting in a cube and coding all day long. That is why we offered these camps, and that is why I have provided a basic outline of the topics we covered. These messages need to become as commonplace as “it is important to know how to read”, because the consequences of not hearing these messages are almost as profound. If anyone wishes to see my more detailed notes, just send me an email, and I will share.