Educational modules and research surveys on critical cybersecurity topics

Cybersecurity comprised all the technologies and practices that protect data as well as computer and network systems. In this article, we develop four course modules on critical cybersecurity topics that can be adopted in college-level cybersecurity courses in which these topics are covered. Our goal for developing these course modules with the hands-on labs is to increase students’ understanding and hands-on experiences on these critical topics that support cyber skills development for college students. The hands-on labs are designed to enhance students’ engagement and provide them hands-on experiences with real-world cyber activities to augment their cyber education of both foundational and advanced skills. We also conduct research surveys on the most-recent significant research in these critical cybersecurity fields. These cybersecurity course modules with the labs are also designed to help college/university professors enhance and update their cybersecurity course content, activities, hands-on lab exercises, and pedagogical methods, as well as emphasize the cyber skills to meet today’s pressing cybersecurity education needs for college students. Our proposed cybersecurity modules with hands-on labs will also help building the nation’s cybersecurity workforce.


Introduction
Cybersecurity comprised all the technologies and practices that protect data as well as computer and network systems. It is a huge and growing field as we are living in a world full of ubiquitous computing and more and more of our businesses and social activities are online. The wide-range applications of the Internet have changed our society greatly and made our daily life much more convenient. A serious problem with the Internet is that it is much easier for hackers to launch cyberattacks than before.
If your systems are compromised by malicious attacks, it is not only a direct vulnerability to the confidential data your company has, but it could also destroy your relationships with your clients. The consequences caused by malicious cyber attackers could be disaster and more serious for those systems implemented with new technologies such as traffic systems with self-driving vehicles. Today, the need to protect private data from malicious attacks is the highest concern of business, academic, and government. In 2018, the report of Cyber Incident & Breach Trends from the Internet Society 1 told us that the financial impact of all types of incidents can be more than $45 billion in 2018, though the results vary widely due to the different methodologies to track data breaches.
Today, more people and businesses are exposed to cyber threats than ever before.
In this article, we develop four course modules on critical cybersecurity topics that can be adopted in any cybersecurity course in which these topics are covered. Our primary goal for developing these course modules with the hands-on labs is to increase students' understanding and hands-on experiences on these cybersecurity topics that support cyber skills development for both undergraduate and graduate students. These cybersecurity course modules with the labs are designed to help college/university professors enhance and update their cybersecurity course content, activities, hands-on lab exercises, and pedagogical methods, as well as emphasize the cyber skills to meet today's cybersecurity education needs for college students.
Each course module will represent a specific cybersecurity topic in tandem with several vital cyber concepts and useful tools. The critical cybersecurity topics selected for the course modules include (1) application security, (2) web security, (3) firewall configurations, and (4) wireless networking security.
For each cybersecurity course module, we will develop a scenario-based hands-on virtual machine lab that support students' better understanding of these critical cybersecurity topics. These virtual machine labs are designed to enhance students' engagement and provide them hands-on experiences with real-world cyber activities to augment their cyber education of both foundational and advanced cyber skills. Our welldesigned labs will greatly improve students' hands-on experience in cybersecurity.
The major impact of our proposed cybersecurity course modules will be on the advancement of cybersecurity education. Our well-designed course modules and hands-on labs will provide much needed practical experience for students nationwide. This will have a big impact on the cybersecurity curriculum of Center of Academic Excellence (CAE) cyber defense designated institutions as well as other institutions in the United States. Our goal is to produce significant improvements for the cybersecurity courses in which these course modules of critical topics are adopted.
Another big impact of our proposed cybersecurity modules will help building the nation's cybersecurity workforce. Currently, there is a severe shortage of welltrained cybersecurity professionals to meet the nation's cyber defense demand and the issue is pressing. Developing course modules on critical cybersecurity topics with associated hands-on labs is vital and essential for meeting the nation's cybersecurity education for students.
In summary, the contributions of this article are listed below: We present four course modules on critical cybersecurity topics that can be adopted in any cybersecurity course in which these topics are covered; We develop a scenario-based hands-on virtual machine lab for each of these cybersecurity course modules; We conduct research surveys on the most-recent significant research in these critical cybersecurity fields.
The rest of the article is organized as follows: In section ''Research surveys on critical cybersecurity topics,'' we provide research surveys on the critical cybersecurity topics discussed in this article. In section ''Development of four cybersecurity course modules,'' we present the four course modules on these critical cybersecurity topics. In section ''Development of the hands-on labs,'' we then develop a hands-on lab for each of these course modules. Finally, we conclude this article in section ''Conclusion.''

Research surveys on critical cybersecurity topics
In this section, we conduct literature reviews on the most-recent significant research in the critical cybersecurity fields discussed in this article: application security, web security, firewall configurations, and wireless networking security. We begin with the research survey in software security. In order to protect the application workloads and sensitive data of patients, E Zheng et al. 2 proposed a secure virtually air-gapped cloud application with Amazon Web Services (AWS). Implementation of this cloud environment developed in Zheng et al. 2 needs more efforts in the delivery pipeline of application and modification of automation for management. F Fischer et al. 3 proposed a method based on the idea of stack overflow to embed a security-concerned code snippet into professional application products. Code security is a complicated issue, and it is extremely hard to offer the ready availability of a secure solution to each application. H Zhang et al. 4 developed a triggering correlation model for examining network packets at runtime on devices running Android system. This article proposed a new machine learning method to find the interdependency of requests for networks which can be utilized to discover secret activities produced by malware.
Next, we conduct a brief literature reviews in web security. Huang H-C et al. 5 developed a vulnerability scanner for Web applications that can automatically produce data for penetration testing using some combinable evasion schemes. Such a vulnerability scanner for Web applications proposed in Huang et al. 5 may discover more vulnerabilities than existing ones. Marashdih AW et al. 6 proposed a methodology to discover cross-site scripting (XSS) vulnerability for web applications written in PHP by utilizing a genetical method through static analysis. The approach proposed in Marashdih et al. 6 examines XSS threats of a Web application through constructing and process the control flow graph by removing the paths on it which are infeasible. The method proposed in Marashdih et al. 6 can lessen the false-positive errors of the detection. Rahman MA et al. 7 presented an experimental analysis of Web applications focusing on e-commerce businesses to assess the security of some Web applications deployed in Bangladesh. The two vulnerability scanners utilized are Nikto and Acunetix for this study. This article claimed that most of these Web applications in Bangladesh have the security flaw of Cross-Site Request Forgery. Now, we conduct a brief literature reviews in firewall configurations. Security experts generally agree that corporate firewalls often enforce poorly written rule sets. Wool et al. 8 10 proposed a scheme of Firewall Probe and Honeypot for investigating the firewall type of malware-infected networks. By capturing network scan made on the Internet by honeypot, the malicious source can be found and the firewall probe can be deployed targeting to the source and categorize the network type into Type A (safe) ... Type E (alert). Firewalls can be investigated remotely in this way for both randomly selected networks on the Internet and malware-infected networks.
Finally, we give a brief research survey in wireless network security. Ahmad I et al. 11 summarized the security vulnerabilities in 5G wireless networks and presented solutions to some of these threats or ideas about how to protect 5G wireless networks against these new threats. This article also provided some current and foreseen security vulnerabilities on 5G and post-5G wireless networks and offered valuable ideas and future directions how to secure these wireless networks. Wu Q et al. 12 investigated the problem of integrating unmanned aerial vehicles (UAVs) into 5G wireless networks. There are several security vulnerabilities on such integrated systems. The wireless communication involved in UAV terrestrial transportation are vulnerable to jamming and eavesdropping attacks initiated by malicious wireless hosts in the system. Also, vicious UAV node could initiate jamming and eavesdropping to ground communications. Wu et al. 12 discovered these security vulnerabilities of the 5G wireless networks involving UAVs and developed effective solutions to protect such 5G wireless networks. Huo Y et al. 13 studied the problem of cooperative jamming in 2-tier 5G heterogeneous networks (HetNets), in which large-scale antenna arrays are embedded into the macrobase stations, and space diversity and dense local users are accommodated at the local base stations. Taking the state information of defective channels into consideration, Huo et al. 13 developed several efficient security algorithms that can be used to protect such 5G HetNets with distinct conditions as well as satisfying different requirements for network security using cooperative jamming.

Development of four cybersecurity course modules
In this section, we develop four course modules on critical cybersecurity topics that support cyber skills development for both undergraduate and graduate students. Scenario-based hands-on cybersecurity virtual machine labs will be designed in next section. Our cybersecurity course modules and hands-on labs strongly support the applied education programs that expand foundational and advanced cybersecurity skills development. These proposed activities will greatly help produce wellqualified cybersecurity professionals to address the pressing cybersecurity workforce shortage of the nation.

Application security
Among the seven layers of the Open Systems Interconnection (OSI) model, the application layer is the one that can be protected with the most difficulty. 14 There are two reasons for this. First, the security threats at this layer usually come from un-sanitized user inputs. Second, the application layer is the place where all the user applications reside, accessible, and exposed to the outside Internet where hackers come from. For example, for a Web application or service to work appropriately, it should be accessed via http or https protocols. The following Figure 1 shows that a Web application could be completely exposed to the Internet, although certain network security mechanisms such as intrusion detection system (IDS) or firewall systems are in place.
Developing secure applications is the most effective approach to protect them against these security attacks. Software developers should understand how to protect applications against security attacks and build defenses into the applications when they create software applications. In this module, we discuss two types of application attacks which are commonly used by malicious attackers: buffer overflow attacks and code injection attacks.
Buffer overflow attacks. A buffer is a memory space where information can be stored. It is a part of the main memory of a computer system. A typical type of application threats is the buffer overflow vulnerability. A buffer overflow usually occurs because of uncareful programming and un-sanitization of user inputs when the applications were created. In the following, we will discuss (1) how a buffer overflow works, (2) why it could be a severe security threat, and (3) some commonly used countermeasure techniques against buffer overflow attacks.
A buffer overflow occurs when a running program tries to write data outside the memory buffer because the data size exceeds the limit of the buffer. Such overflows may be caused by invalid user inputs. When a buffer overflow happens, data will be written to a memory location which is outside the buffer limit and the running program may crash or return incorrect outputs. The overwritten sections of your computer main memory might contain some critical data using by the operating system or other applications running in the system which is no longer available to that program anymore. Attackers may use buffer overflows to launch attacks by injecting malicious code into a running application and making arbitrary code execution on a remote server.
When a buffer overflow is employed by an attacker to inject malicious code in the computer memory, he or she could get the execution control of the application that is compromised. Therefore, buffer overflow vulnerabilities are severe security threats for running applications in which such vulnerabilities exist. The buffer overflow vulnerabilities may be attacked by intruders to get control of a remote computer, escalate user privilege for the attackers, or make arbitrary (malicious) code execution on a remote server. Privilege escalation can be done by attacking a buffer overflow vulnerability to execute malicious code in a running application with a system administrator's privileges.
Buffer overflow attacks on software could be avoided or alleviated with some countermeasures against such attacks. Alleviation is the course of minimizing the impact of a vulnerability before or after the vulnerability happens. Such attacks could be stopped before they happen. Of course, we also need countermeasure methods available to minimize the influence when buffer overflow attacks happen.
The most efficient action to defeat buffer overflow attacks is to stop the conditions of buffer overflow from occurring in the program source codes. For instance, if a program uses an array of 10 elements, the program source code must check to make sure that no more than 10 items will be put into the array at any time during the program execution. Proactive approaches used to prevent buffer overflow like these should be adopted in order to overcome buffer overflow threats. An alternative way of securing applications against buffer overflows attacks is to find them as they occur and alleviate the issues. This method is referred to as the reactive method and based on minimizing the destructive influence. An example of efficient alleviation is a modern operating system that safeguards some memory spaces from being over-written to. This method can stop an intruder from injecting malicious code into the computer memory when a buffer overflow attack occurred. Buffer overflow attacks cannot be prevented with this approach. However, the consequences produced by such attacks can be minimized.
Code injection attacks. Code injection is the process of injecting malicious code into applications. The injected code could gain authorized access to a private database Figure 1. A Web app is completely exposed to the Internet. and sensitive data, and change security setting in a victim system, bypassing the access and authentication control in place. Code injection attacks may crash an application that requires inputs from users during execution. Therefore, if user inputs are not correctly handled by an application, such vulnerabilities can be used by intruders to launch code injection attacks. Code injection vulnerabilities usually come from improper user input validation that should be carefully done by secure applications.
In the following, we will discuss types of code injection and some commonly used countermeasures against code injection attacks.
SQL injection, shell injection, and script injection are the main types of code injection attacks. SQL injection is an approach that used by hackers to gain unauthorized access to a private database, retrieve, and modify sensitive data in the data. It allows attackers to gain access to a remote victim system with root users' or system administrators' privileges. Shell injection is referred to as Operating System Command Attacks. Applications with shell injection vulnerabilities employ user input to create system commands that will be run by processes that belong the OS. A part or the whole of such system commands could be formed via Web forms. If the user inputs received from these Web forms are not properly validated, the application is most likely vulnerable against shell injection attacks. For such vulnerable applications, attackers can inject malicious system commands into a victim system, and then execute these commands on the victim. Script injection allows intruders to inject malicious code into the interpreter program of the server-side scripting. XSS is the most commonly used type of script injection by attackers. With such attacks, arbitrary scripts can be injected into a website that requires high level of security, such as websites of financial institutions. An intruder could employ a web browser to inject malicious client-side script into a trusted website to launch a script injection attack.
A lot of countermeasures to defeat code injection attacks have been proposed for both software and system architectures. Examples of such countermeasure approaches are (1) validation of user inputs and (2) the use of parameters.
Software developers are always supposed to utilize the available application programming interfaces (APIs) in the library for the programming languages they use for development of applications. The programming language that is the most vulnerable against code inject attacks is PHP. Attackers can easily execute arbitrary malicious PHP code on a remote web server using the privileges of the underlying web application and incur severe damage on the web server. Through code injection, hackers could upload a backdoor program to the remote victim web server. With such a backdoor program running on a victim web server, intruders can gain unauthorized access to the victim system with root users' privileges and then manipulate the victim as a root user and access the sensitive data in the databases on the victim system. Any applications running the victim server are now compromised by the attack. The intruder can also utilize the compromised victim server to spread out phishing emails or launch other types of malicious attacks.
One of the fundamental causes of code injection threats is the un-sanitized inputs provided to the PHP library function eval(). PHP programs that have to call this library function eval() must be carefully written. For those applications that do not need this vulnerable function anymore, the function and the ''e'' modifier for preg_replace() should be disabled by installing the software patch Suhosin with proper configuration to harden PHP programs. After such a software patch (developed for PHP engine) installed with proper configuration, all the eval() functions used in your PHP programs could be cleaned up and most of the malicious PHP code and backdoor programs can be removed while the program is interpreted by the PHP engine.
In summary, we presented in detail the following two commonly used types of application attacks: (1) attackers may use buffer overflows to launch attacks by injecting malicious code into a running application and making arbitrary code execution on a remote server, and (2) attackers may use code injection attacks to inject malicious code into running applications.

Web security
In this module, we develop a course module on web security. The applications over web-based infrastructure are called web applications. Nowadays, web applications dominate the application over the Internet. A web application uses Browser-Server structure. It involves a web browser, such as Internet Explorer, Chrome, or Firefox; communication protocols, such as HTTP or HTTPs; and a web server. A user's request can be sent via a web browser to a web server. A typical web application may have a database server involved which can be accessed indirectly by a user through a web server which connects to the database server. Web servers act as a window between your network and the rest of the world.
HTTPs is a HTTP over TLS (Transport Layer Security)/SSL (Security Socket Layer). It is communications protocol for secure communication over a computer network widely used on the Internet. Along with the development of online shopping and secured email, more and more sensitive transactions occur on the Internet. Those sensitive transactions require the authentication of the visited website, protection of privacy, and integrity of the exchanged data. HTTPs was developed to meet all the requirements. It provides authentication of a website and protects against man-in-the-middle attacks. Bidirectional encryption of communications between a client and server is also provided in HTTPs. This protects against eavesdropping and tampering attacks. It can ensure that the contents of communications between a browser client and a web server site cannot be read or forged by any third party. The details on how HTTPs works and interacts with TLS and SSL are beyond this article. Interested readers can refer to some professional books/websites related to computer network security. 15 Nothing is absolutely secured if it is accessed. The world's most secure website is the one turned off. As long as a website provides accessing to the world, the site is at risk. However, web security is relative. For the same website, different applications running would put the website at different risk levels. If a website has few network resources of financial values, is set up with tight permissions, and the web server is patched and updated in time, the security of this website is relatively high. On the contrary, if a website runs critical applications to process sensitive information, such as credit card or identity information, or is old and maintained by an underfunded or outsourced IT department, its security is relatively low. Technically, a web application may accept and handle any request without validating its identity and allow scripts or SQL statements to be executed on the site to access database server in response to client-side requests. All the web-based forms, scripts having weaknesses or bugs may bring risks to the website.
Web security is also called cybersecurity involving protecting information by preventing, detecting, and responding to attacks. It includes web server security, data security, and web application security. Data security will be discussed in this section, and web application security will not be presented in this article.
A web server normally running powerful, flexible, and multiple applications is naturally more subject to web security risks. Any web server with multiple open ports, services, and script languages is also vulnerable because it has many points to be attacked. What a web user could do to protect themselves is to recognize the security risks and to be familiar with web security terminologies including Hacker, Virus, Worms, Trojan horses, Ransomware, KeyLoggers, and Firewalls.
The word ''hacker'' has long been understood negatively. Hacking actually involves computing skills to find vulnerabilities from a system, penetrate a system, and be able to remove evidence of access to a system. 16 Similar to the case that doctors who might criminally abuse their knowledge to harm humans, a hacker who knows some special offensive hacking skills might also misuse the techniques, but we should not define the term hacking by its misuse. In web security, hacker normally refers to the people who seek to exploit weakness in software and computer systems for their own benefits.
Computer virus is a malicious code that, if executed, would replicate itself, modify computer system configuration, affect other program, and insert its own code. Data files, computer boot sector, and utility programs could be the targets of virus. Computer virus can cause a huge cost to the world. It can reach up to billions of dollars due to system failure, wasting computer resources, corrupting data, and increasing maintenance costs. There are more than thousands different types of virus. The first computer virus called ''Elk Cloner'' was made by Richard Skrenta in 1982 when he was a high school student. A college student from University of Southern California wrote his paper ''Computer virus-Theory and Experiments'' which was the first paper to describe the feature of a self-reproducing virus systematically. 17 A computer worm is a malware that can replicate itself to reach other computers through the Internet spreading. Worms can propagate freely without user's intervention. Once a victim computer is infected, the worm would attempt to find and infect other computer targets. Trojan horse virus is also a malicious code but pretends to be legitimate software which can trick some unexperienced computer users to install, and run it secretly. According to the actions that a Trojan can perform on a computer system, Trojan malware can be classified to Backdoor, Exploit, Rootkit, Trojan-Banker, Trojan-DDoS, Trojan-Downloader, Trojan-IM, Trojan-Ransom, Trojan-SMS, Trojan-Spy, Trojan-FakeAV, Trojan-Mailfinder, Trojan-Dropper, Trojan-GameThief, and so on.
Obviously, Ransomware is a form of Trojan that has around since 1989. It can infect a target computer by encrypting the owner's personal files, and then contact the victim to exchange cash by offering a key to decrypt the files.
KeyLoggers are software that can monitor user's activity such as keystroking. Modern KeyLoggers can not only record keystrokes on keyboard, but also record mouse movement and clicks, menus that are invoked, and take screenshots of the computer infected. Firewall is a mechanism for content regulation and data filtering. It can block unwanted traffic from entering the sub-network and prevent subnet users from use of unauthorized sites.
Data security is to protect computing data from three aspects: privacy, integrity, and authenticity. Privacy is to keep information private. If Alice sends a message to Bob through the Internet, the privacy also called confidentiality, here, means nobody else except Alice and Bob can access the message. The most popular way to implement privacy is to encrypt the message by a secret key which is known only to Alice and Bob.
In modern computer communication over the Internet, secret key can be distributed over the Internet through Private Key and Public Key approach. CA (Certificate Associate) center can enable public key published legally. So in this communication scenario, before Alice sends the message out, she must obtain Bob's public key from CA, encrypt the secret key with Bob's public key, then send the key to Bob. As long as Bob receives the encrypted secret key, he can easily decrypt it and send an acknowledgment to Alice using the decrypted secret key. So Alice and Bob can communicate each other to guarantee the privacy between them.
Data integrity is to make sure that the data delivered over the Internet cannot be replaced or modified. Maintaining the data integrity of any communication is vital. MAC (Message Authentication Code) is a short piece of information used to confirm that a message was sent from a sender and was not changed. MD5, SHA-1, SHA-2, and SHA-3 are the hash functions to generate MAC code to implement Data integrity.
If Bob receives a message from Alice, Bob needs to know if the message is sent by Alice. This process is called sender Authentication. The simple php code, \?php mail(alice@yahoo.com, ''Hi from Steve Jobs'', ''Hi, I am Steve Jobs'', ''From:stevejobs@apple.com''); ?., can make Alice believe that Steve Jobs sent her email. It is obviously not true. Due to the nature of Simple Mail Transfer Protocol (SMTP) protocol, anyone can send email from anyone's address without knowing the sender's password. This would cause a big chaos in the Internet communication. The solution is to authenticate that an email originated from the sender's domain. Digital signature is used for this purpose. Digital signature is a technique which combines MAC and Public-Key Infrastructure. We continue to use the scenario that Alice sends a Message to Bob as an example to demonstrate how the sender is authenticated. Alice first uses any hash method, such as MD5, to generate the MAC code for the message sent to Bob. A new message is formed by adding the MAC code the message. Alice second encrypts the new message using Alice's private key and the secret key. After Bob receives the encrypt message, Bob uses the secret key to decrypt it to make sure that the privacy is implemented. Then, Bob uses Alice's public key to decrypt it and get the original message and the MAC code generated by Alice. Sender Alice is authenticated since only Alice holds her private key. Bob runs MD5 for the received message to generate a new MAC code and compares with the received MAC code. If the two MAC codes are the same, it indicates that data integrity is implemented.
Today, since almost everything relies on computers, the Internet, and websites, maintaining privacy, integrity, and authenticity of data security is vital. For example, in online banking, the banker side needs to know you are the user to login to the bank system, and the password is not accessed by any third party, and the communication contents are not altered.
In summary, we gave a detailed discussion on various topics in web security in this module. The security provided by HTTPS was discussed. We also explored web server security, data security, and web application security. Computer viruses, worms, and KeyLoggers were briefly discussed as well.

Firewall configurations
A firewall is a system that blocks unauthorized access to or from a private network, usually an internal local area network (LAN). 18 It is software or hardware device that filters all traffic between a private internal network and an untrusted network-usually the Internet. A firewall not only safeguards a local system or network against network vulnerabilities, but also affords access to the outside users through wide area network (WAN) and the Internet. In the following, we will present the design of firewalls, types of firewalls, and what a firewall can or cannot block. 19 Network administrators use firewalls to safeguard networks or systems of networks against various network-based attacks. A firewall implements a set of security policy that is specifically defined to treat the malicious activities that might occur. A security policy defines a set of rules that determine what network traffic is allowed to go through the firewall. An example of a security policy to only allow some Internet Protocol (IP) addresses or some sub networks to access a protected internal LAN. Firewall systems impose predefined security rules controlling what network traffic will be allowed and what network traffic will be blocked. Next, we discuss types of firewalls and give a brief description for each of these firewall types: packet filtering, state inspection, circuit-level gateway, and application proxy.
Packet filtering firewalls. This type of firewall system checks every packet coming into or going out from the network and allow it to pass through according to some predefined rules by users. A packet filtering firewall is very efficient. However, it is hard to configure this type of firewalls. Packet filtering firewalls deny or allow packets to pass merely according to the basis of the source and destination IP addresses, and the source and destination port numbers in the packet headers. Therefore, the details of the content in the packet's data field are beyond the filtering capability of this type of firewalls.
Stateful inspection firewalls. A packet filtering firewall checks packets one at a time, allows or denies it to pass through according to predefined rules by users, and then checks the next one. A stateful inspection firewall keeps track of state information across packets in the data stream coming from a network. The decisions of rejection or acceptance will be made based on the saved state information of a connection containing many packets.
Circuit-level gateway firewalls. A circuit is a logic connection that exists for a certain period of time and then disconnected. A circuit-level gateway firewall permits a network to be an extension of another network. An application of this type of firewalls is a virtual private network (VPN). The circuit-level gateway firewall verifies the connection when it was established, and then all the following data transferred between the two communication parties are not examined anymore by the firewall. In the seven-layer OSI model, a circuit-level gateway firewall is typically implemented at the session layer and it serves as a virtual gateway between the two Transmission Control Protocol (TCP)/IP networks connected by the gateway firewall.
Application proxy firewalls. Packet filtering firewalls only check the headers of packets, not the details of their data payloads. However, there are bugs in some complex applications. Applications usually require privileges of all users because they function on behalf of all users. An application that contains errors could produce many harmful outputs when are running with all users' privileges.
An application proxy firewall acts as a proxy server that connects to the Internet, makes the requests for Web pages, or connections to servers, and so on, and receives the data on behalf of the host behind it. An application proxy firewall is a type of gateway that hides the actual IP address of the host behind it so that this host is protected by the proxy firewall. The capabilities of firewalls rely on the fact that an application proxy could be set to permit only some types of network traffic to go through. For example, only HTTP, HTTPS, or FTP traffic is permitted to pass through the firewall.
In summary, we defined what a firewall is and discussed how to configure a firewall in this module. A sample of firewall configuration was given in a table. Then, we discussed four commonly used types of firewalls and gave a brief description for each of them.

Wireless networking security
In this module, we introduce the basic concepts of wireless networking, the operating modes and different types of wireless networks, vulnerabilities of wireless networks, and security protocols to protect wireless networks. In a wireless network, a host connects either to a base station or to another wireless host through a wireless communication link. Different wireless link technologies have different transmission rates and can transmit over different distances. A wireless host can be a laptop, personal digital assistant (PDA), smart phone, desktop computer, or other wireless devices. For wireless networks operating in the infrastructure mode, the base stations are the core components of the wireless network and responsible for sending and receiving packets to and from the wireless nodes. The wireless networking nodes within the communication range of a base station utilize the base stations to relay packets between them and finally send the packets to their destinations. A cellular network is an example of wireless network that operate in the infrastructure mode in which the cell towers are the infrastructure nodes. An 802.11 wireless LANs is another example of infrastructure-mode wireless network in which the wireless routers are the access points (APs)-the infrastructure nodes. Wireless networks can operate in two different modes. Wireless hosts associated with a base station or an AP are referred to as operating in the infrastructure mode, since all the basic network functions such as routing and IP address assignments are provided by the network to which a host is connected through the base station or the AP. In the ad hoc mode, wireless hosts have no such infrastructure with which to connect. In the absence of such infrastructures, the wireless nodes themselves must provide not only their own functions, but also networking services such as routing, IP address assignment, and Domain Name System (DNS)-like name translation.
Types of wireless networks include 802.11 wireless LANs, 802.15 Bluetooth technologies, cellular networks, and wireless ad hoc networks. Among these four different types of wireless networks, 802.11 wireless LANs and cellular networks operate in the infrastructure mode, whereas 802.15 Bluetooth networks and wireless ad hoc networks operate in the ad hoc mode. For the wireless networks operating in the ad hoc mode, every node not only performs its own functions locally, but also serves as a router of the network for packets forwarding as well as perform other networking services such as IP address assignment.
Next, we discuss the security vulnerabilities of wireless networks. Since wireless communications use a section of the radio spectrum, the radio signals are available to any devices within the range. Wireless links are not be as safe as communications with wired links due to the more vulnerable radio signals that are exposed to every wireless device around. These wireless links utilize predefined radio frequencies known to everyone, so malicious intruders may intercept the wireless packets or impersonate a communication party through man-in-the-middle attacks, for example. Similar to traditional wired networks, wireless networking is also subject to threats of confidentiality, integrity, and availability, which will be discussed in detail below: (1) Confidentiality. In wireless networks, the wireless signals can be received by anyone within the range of transmission. Therefore, malicious hackers can easily intercept sensitive data conveyed over wireless links. On the other hand, there are also malicious sources of security threats in wireless networks. This type of integrity violations is the malicious attacks with the purpose of revising the payload data of intercepted wireless packets. For unencrypted wireless traffic, a hacker may impersonate one end of the communication and involve in the conversation with the other end user. Another vulnerability of wireless networks is that when a wireless network user receives two radio signals, he or she usually chooses the stronger one for use. So if a hacker's wireless router intercepts a radio signal from a sender and then impersonates the receiver to transmit a stronger radio signal back to the sender, appearing to come from the receiver's wireless router, then the intruder is able to impersonate the receiver and communicate with the victim sender.
(3) Availability. There are three issues regarding availability of wireless networks: (1) the first problem of availability happens if hardware or software component is not working. For example, a battery-powered hardware is out of power, or a software component is out of date and must be updated due to some fatal bugs; (2) the second issue of availability with wireless networks is that a user loses some accesses to certain networking services. For example, slow services offered by a wireless network. There are many possible reasons for this: interference generated by nearby transmitting nodes simultaneously, severe background noise produced by nearby constructions, service demand exceeding the receiver's capability, and so on; and (3) the third issue of availability of wireless networks is the possibility of rogue wireless connection. For example, private owners of personal Wi-Fi hot spots do not want to share their access with other people in range.
Next, we introduce the security protocols of protecting wireless networks: Wired Equivalency Privacy (WEP), Wi-Fi Protected Access (WPA), WPA2, and the newest technology for wireless network security-WPA3.
WEP. The first countermeasure for securing wireless networks is the protocol WEP released in 1997. The design for WEP intended for radio communication is to provide privacy equivalence to traditional wired communication networks. As the first encryption algorithm for the 802.11 standard used in the wireless environment, WEP was designed to prevent intruders from snooping on wireless data as it was transmitted between wireless hosts and APs. However, from the very beginning of WEP design, it lacked the necessary countermeasures to accomplish this goal. Cybersecurity experts identified several severe flaws in WEP in 2001, eventually leading to industry-wide recommendations not to use WEP for wireless security. The weaknesses in WEP are so severe that a WEP connection may be cracked with available software in a few minutes. WEP uses the RC4 (Rivest Cipher 4) stream cipher for authentication as well as encryption. It uses an encryption key shared by the wireless users and the APs. A brute-force attack with certain software against a 40-bit key may work very quickly. Even with the key length 104 bits, the flaws in the RC4 stream cipher can be easily defeated by some tools such as WEPCrack and aircrack-ng.
Here is a summary of the weaknesses in WEP: WEP design does not use efficient encryption algorithms; WEP does not authenticate users correctly; WEP lacks effective controls over unauthorized data access in wireless networks; Availability to authorized users not guaranteed by WEP.
As a result, the security provided by the WEP protocol for wireless networks is not acceptable.
WPA. In 2003, the Wi-Fi Alliance released WPA as an interim standard, while the IEEE standards committee worked to develop a more advanced secure protocol WPA2, as a long-term replacement for WEP. The WPA protocol is designed to overcome the well-known flaws that have been found in WEP. Many features in WPA directly address the vulnerabilities of the WEP protocol. WPA fixes many flaws of the WEP protocol using much stronger encryption, encryption keys with larger size, and more secure integrity check are involved.

WPA2.
As an extension to the WPA protocol, the WPA2 standard was ratified by the IEEE standards committee in 2004 as the 802.11i standard. Since its release, WPA2 has been steadily growing in usage. Like WEP and WPA, WPA2 also provides enterprise and personal versions. WPA2 was considered as the most secure wireless security standard available for wireless networks since then. The similarity of WPA and WPA2 include the use of the 802.1x/Extensible Authentication Protocol (EAP) framework as the infrastructure to provide mutual authentication and dynamic key management and designed to secure all versions of 802.11 devices.
The major difference between WPA and WPA2 is that WPA2 utilizes Advanced Encryption Standard (AES) for encryption. AES is a block cipher, whereas RC4 is a stream cipher.
The block size used in AES is 128 bits for both plaintext and ciphertext. Also, three different key sizes are used in AES: 128, 192, and 256 bits, each of which is used in different rounds or iterations of the algorithm with a total of 36 rounds involved in AES. The encryption provided by AES is so secure that it will take millions of years for a brute-force attack to break AES' encryption. The WPA2 protocol also replaces the Temporal Key Integrity Protocol (TKIP) employed in WPA with a better authentication mechanism-Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP). Figure 2 shows how WPA2 authentication works.
However, WPA2 also has vulnerabilities that have been discovered by security experts in wireless networks. A major vulnerability of WPA2 is that people could break the WPA2-Personal passphrase by guessing the password if simple password is used by a user. Once a hacker guesses a simple password correctly, he or she can then decrypt the captured wireless packets. Therefore, if a user uses a simple password, then the security provided by WPA2-Personal passphrase can WPA3. The newest technology for wireless network security is the WPA3 protocol, released in 2018. The critical new features added to this brand-new security protocol for wireless networks are the much better protection for simple passwords used by users, encryption for personal and open networks provided for individual users, and for enterprise networks, more secure encryption is also implemented in this new technology.
WPA3-Personal. WPA3 protocol offers encryption based on Simultaneous Authentication of Equals (SAE) by replacing the Pre-shared key (PSK) authentication method used it predecessors. SAE offers much stronger encryption than PSK. Therefore, if attackers use bruteforce or dictionary-based attacks, the security provided by WPA3 on personal networks works well and can defeat those attacks. But if a wireless user utilizes a very simple password, a hacker can easily guess the password and gain unauthorized to a private wireless network.
WPA3-Personal offers encryption on personal wireless networks for each individual user. On a WPA3-Personal wireless network, it is impossible for a user to sneak or eavesdrop the wireless traffic of other users protected by WPA3-Personal protocol. Even if a hacker has successfully guessed a user's password, he or she cannot obtain the session keys used for encryption, and thus cannot decrypted any wireless traffic. Therefore, all encrypted wireless traffic is still protected. Figure 3 shows the WPA3 connection flow chart based on SAE encryption.
WPA3-enterprise. For better protection of wireless networks used for business, an additional layer of security with a 192-bit key is implemented in the enterprise version of WPA3 protocol-WPA3-Enterprise. This new security feature is essential to those enterprise wireless networks that are deployed in a sensitive environment and require high-level security and protection.
A significant security feature included in WPA3-Enterprise is Wi-Fi Enhanced Open. With this new function, 802.11 conversations between the APs and the wireless hosts in open networks are encrypted with different keys for different connections. The encryption on each wireless link is different. The underlying technology is referred to as Opportunistic Wireless Encryption (OWE). With WPA3-Enterprise, Protected Management Frames (PMF) is employed to protect the wireless traffic of management activities between the wireless hosts and the APs. Another function of Wi-Fi Enhanced Open is that it protects the wireless users from sneak the network traffic or launch attacks with each other. Therefore, attacks such as session hijacking are not possible to be performed by hackers on wireless networks with WPA3-Enterprise protocol implemented. Table 2 below summarizes the security features of WEP, WPA, WPA2, and WPA3.
In this module, we reviewed some basic concepts related to wireless networks, presented the two operating modes of wireless networking, and discussed different types of wireless networks. Finally, we explored the vulnerabilities of wireless networks, and the protocols for securing wireless networks.

Development of the hands-on labs
In order to help students to digest the critical cybersecurity topics discussed in the above four courses modules quickly and thoroughly, we develop a scenario-based hands-on virtual machine lab for each of these course modules. These virtual machine labs are designed to enhance students' engagement and provide them hands-on experiences with real-world cyber activities to augment their cyber education.

A hands-on lab on application security
In this subsection, we develop a scenario-based handson virtual machine lab for the course module of application security presented in section ''Application security.'' We redesigned and modified Lab 10 (Analyze and Differentiate Types of Malware & Application Attacks) of Security + Lab Series on NDG NETLAB+. 20 For readers' convenience, we use the same network topology as the one designed for this standard lab series available on NDG NETLAB + . In this lab, students will exploit the Shellshock vulnerability on a Linux system using an environment variable. Upon completion of this lab, students will be able to exploit the Shellshock vulnerability on a Linux system using environment variables.
Lab instructions. 9. If your system is vulnerable to the Bash ''Shellshock'' bug, the above command will produce the following output: the Linux system is vulnerable to shellshock shellshock Linux system vulnerability test 10. Otherwise, you will see the following message on the output: shellshock Linux system vulnerability test 11. Therefore, the Ubuntu system in the topology is NOT vulnerable to the shellshock vulnerability. The Ubuntu system is up to date.
Explanation of lab results. We defined an environmental variable e to be '(){:; }; echo the Linux system is vulnerable to shellshock', and then run bash with the command 'echo shellshock Linux system vulnerability test'. But the semi colon (;) outside the pair of curly-brackets {} allows ending one command and entering another on the same line so indeed the function could have had more than one command. The colon (:) is a no-op. It ran the command (echo the vulnerable to shellshock) after the function definition instead of just defining the function. Basically, it did not stop after the function's definition and instead went on to run other commands (during the function definition) by starting a new process due to the command ''bash -c.'' A hands-on lab on web security In this subsection, we develop a scenario-based handson lab for the course module of web security. In this lab, students first use Wmap from Kali Linux to scan a web server to find vulnerability. Second, students use Metasploit Framework (MSF) to exploit the web server, get the control of the server, and upload the necessary tools to hack the server. Third, students lunch

A hands-on lab on firewall configurations
In this subsection, we develop a scenario-based handson virtual machine lab for the cybersecurity module of firewall configurations. We redesigned and modified Lab 1 (Configuring a Windows-Based Firewall to Allow Incoming Traffic) of Network Security Lab Series on NDG NETLAB + . 22 For readers' convenience, we use the same network topology as the one designed for this standard lab series available on NDG NETLAB + . In this lab, students will set up services on virtual machines in the internal network that will be used by hosts from the external network; configure the firewalls between the internal and the external networks to allow certain incoming traffic or outgoing traffic; and test whether or not the firewall system is properly working. Upon completion of this lab, students will be able to understand firewall configurations, know how to configure the network address translation (NAT), and understand security policies implemented by a firewall.
Lab instructions. Log into your account on NDG NETLAB + , load the network topology for the Network Security Lab Series.

Conclusion
In this article, we presented four course modules on critical cybersecurity topics that can be adopted in college-level cybersecurity courses in which these topics are covered. Our hands-on labs are designed to offer college students hands-on experiences with real-world cyber activities and provide them career-ready cyber experiences. Students are able to learn both foundational and advanced skills from our well-designed cybersecurity course modules and hands-on labs. We also conducted literature reviews on the most-recent significant research in these critical cybersecurity fields. It is important for college students to learn and appreciate these recent significant research outcomes and augment their cyber education. As for future research directions related to this article, we will develop educational modules and conduct research surveys on other critical cybersecurity topics such as cloud computing security, IoT security, and cyber physics security.

Declaration of conflicting interests
The author(s) declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.

Funding
The author(s) received no financial support for the research, authorship, and/or publication of this article.