Positive Education: we will teach practical safety

Can a university prepare a student for work in the IT infrastructure of a modern enterprise? On the one hand, it is a direct task of the school. But on the other hand, we all remember the phrase: “Forget everything that you were taught at the institute” - which students meet in the workplace. Alas, education does not always keep up with reality, and in particular it concerns the sphere of information technologies, where changes occur so quickly that it is difficult for a university teacher to keep track of all the innovations. This means that a close relationship is needed between teachers and industry practitioners.

This year marks two years for the Positive Education project, a non-profit program from Positive Technologies. The goal of the project is to contribute to the development of modern, practice-oriented teaching methods for young specialists in the field of information security. To date, the program involves more than four dozen educational institutions in Russia, including Moscow State University, Moscow State Technical University, MATI, ENGECON, FEFU, and OmSTU.
')
Over the past academic year, more than 250 students from these universities have been trained on the basis of competitive materials from international competitions on practical security Capture the Flag (CTF) , Hack Quest and other competitions held by Positive Technologies.

Another opportunity that more than 200 students from different universities met this year is the practical use of XSpider and MaxPatrol security monitoring systems. Software is provided free to universities for training purposes, allowing you to demonstrate penetration tests, vulnerability search, inventory and configuration analysis of various operating systems, telecommunications equipment, DBMS, ERP systems, components of the process control system. Universities also receive methodological assistance in conducting laboratory workshops on web security (XSS, SQLI, Remote Code Execution, WAF bypass techniques) and VoIP security (detection of VoIP devices, attacks on RTP and SIP).

In 2014, MGIU (Moscow), NRNU MEPI (Obninsk), NGU (Novosibirsk), LSTU (Lipetsk), SSAU (Samara), TUSUR (Tomsk), RSUU (Rostov-on-Don) were added to the universities that use these opportunities. ), CHIK (Khabarovsk). And in the Moscow MEPI, a special course on penetration testing and vulnerability analysis is conducted by the employees of Positive Technologies themselves.

Interestingly, in some cases, the initiative to join the university to the program Positive Education came from the students . This is especially pleasant, because it means that the program satisfies the real interest of the young generation of future specialists.

On the other hand, teachers sometimes complain that Positive Education materials are complex and require additional training. However, we emphasize once again: the goal of the program is to acquaint students with the real state of affairs in the field of practical security. We do not complicate anything on purpose: this is the real work.

From the feedback from teachers

OmGTU (Omsk): “We use HackQuest / CTF materials, arrange homework on their basis - we use cjdns to create a private network analogous to the classic CTF. Good stuff. Part of the students cause a very surprised expression. And a special thank you for iBank “Big $ h ku”) - the students really like it (one of the labs + the elimination of vulnerabilities in it) ”.

SSAU (Samara): “The tasks are used as teaching examples in accordance with the directions (Reverse Engineering, Web security, cryptography and system administration). It often happens that after the CTF, it is difficult to restore the entire infrastructure for the subsequent training of students (that is, some of the tasks cannot be started at home, especially if they contain the server part). Images of virtual machines included in the HackQuest / CTF materials help in part to solve this problem. ”

VPSU (Vologda): “The materials themselves seem interesting, but, for the full use in the educational process, additional training is needed - both the teacher and the students.”

If you are interested in organizing such security courses at your university or getting the training materials mentioned, contact us at edu @ ptsecurity.com for details.