A Flexible Laboratory Environment Supporting Honeypot Deployment for Teaching Real-World Cybersecurity Skills

In the practical study of cybersecurity, students benefit greatly from having a full control of physical equipment and services. However, this presents far too great a risk to security to be permitted on university campus networks. This paper describes an approach, used successfully at Northumbria University, in which students have control of an off-campus network laboratory, with a dedicated connection to the Internet. The laboratory is flexible enough to allow the teaching of general purpose networking and operating systems courses, while also supporting the teaching of cybersecurity through the safe integration of honeypot devices. In addition, this paper gives an analysis of honeypot architectures and presents two in detail. One of these offers students the opportunity to study cybersecurity attacks and defences at very low cost. It has been developed as a stand-alone device that can also be integrated safely into the laboratory environment for the study of more complex scenarios. The main contributions of this paper are the design and implementation of an off-campus, physical network laboratory; a small, low-cost, configurable platform for use as a "light-weight" honeypot; and a laboratory-based, multi-user honeypot for large-scale, concurrent, cybersecurity experiments. This paper outlines how the laboratory environment has been successfully deployed within a university setting to support the teaching and learning of cybersecurity. It highlights the type of experiments and projects that have been supported and can be supported in the future.