The objective of this paper is to describe the successful deployment and operation of a student managed, isolated network "Sandbox" laboratory used for teaching Information Technology (IT) Security System Engineers. Laboratories for training Network Engineers have previously been deployed in IT education, frequently using a standard operating system base configuration in order to facilitate re-imaging for new classes. We have elected to employ a mujlti-platform environment that utilizes bothWindows and Linux operating systems. The Sandbox is called such because it is a creative experimental area physically isolated from all other networks including the Internet. Experimentation with every class of vulnerability such as viruses, worms, parasites, malware, and Denial of Service attacks is evaluated, mitigated and controlled. Having a strictly Linux-based environment as others frequently have done avoids the escalating problems introduced by Windows platforms. We have elected to study and experiment with multiple OS environments and confront the challenges that Windows presents. The Sandbox security laboratory has served as a test-bed for executing security labs created by students concurrent with the running of two different upper-class and graduate university-level IT security courses. Students created both the lectures and the labs used in these security courses. The first course was a very comprehensive course in all topics of network, internet and web security. The sescond course dealt with identity management, data privacy and identity theft. Students architected the network topology and built the Sandbox. The Sandbox is designed in a modular fashion to facilitate the creation of multiple network nodes with firewalls, IDSs, and associated servers, routers and switches. A student Security Team was organized to administer the Sandbox. Security Best Practices were developed to ensure consistent management of the Sandbox and its security policies. IT undergraduate and graduate students have learned that the role of a Security Systems Engineer involves not only technology, but also responsible management of policy and Best Practices concepts
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.