Over the last few years, many universities and educational institutions have introduced computer security related courses to their degree programs. The majority of these courses feature intensive laboratory activity based on live experiments of attack and defense techniques by means of team games organized as "cyber-wars". In this paper we argue that, although it is a useful tool for teaching and learning these techniques, the exercise paradigm does not cover all the aspects of security relating to a real-world scenario, with it not allowing students to experience the realistic needs of maintaining network services. In this paper we present the "role-game of the Internet" which was designed as part of the lab activity of our Network Security Course. In our game, instead of fighting against each other, student-teams had to cooperate in order to accomplish a list of business-like tasks over a simulation of the Internet while preserving the security and availability of featured network services.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	R. T. Abler, D. Contis, J. B. Grizzard, and H. L. Owen. Georgia tech information security center hands-on network security laboratory. IEEE Transactions on Education, 49(1):82--87, 2006.
	2	Sergio Caltagirone , Paul Ortman , Sean Melton , David Manz , Kyle King , Paul Oman, Design and Implementation of a Multi-Use Attack-Defend Computer Security Lab, Proceedings of the 39th Annual Hawaii International Conference on System Sciences, p.220.3, January 04-07, 2006  [doi>10.1109/HICSS.2006.115]
	3	Art Conklin, Cyber Defense Competitions and Information Security Education: An Active Learning Solution for a Capstone Course, Proceedings of the 39th Annual Hawaii International Conference on System Sciences, p.220.2, January 04-07, 2006  [doi>10.1109/HICSS.2006.110]
	4	I. M. H. Armstrong. Incorporating vendor-based training into security courses. In Systems, Man and Cybernetics (SMC) Information Assurance Workshop, 2005. Proceedings from the Sixth Annual IEEE, pages 172--175, West Point, NY, USA, 2005. IEEE.
	5	John M. D. Hill , Curtis A. Carver, Jr. , Jeffrey W. Humphries , Udo W. Pooch, Using an isolated network laboratory to teach advanced networks and security, Proceedings of the thirty-second SIGCSE technical symposium on Computer Science Education, p.36-40, February 2001, Charlotte, North Carolina, United States
	6	Prabhaker Mateti, A laboratory-based course on internet security, Proceedings of the 34th SIGCSE technical symposium on Computer science education, February 19-23, 2003, Reno, Navada, USA
	7	Rahul Tikekar , Thomas Bacon, The challenges of designing lab exercises for a curriculum in computer security, Journal of Computing Sciences in Colleges, v.18 n.5, p.175-183, May 2003
	8	Brian Tjaden , Brett Tjaden, Training students to administer and defend computer networks and systems, Proceedings of the 11th annual SIGCSE conference on Innovation and technology in computer science education, June 26-28, 2006, Bologna, Italy
	9	G. Vigna. Teaching Hands-On Network Security: Testbeds and Live Exercises. Journal of Information Warfare, 3(2):8--25, 2003.
	10	Paul J. Wagner , Jason M. Wudi, Designing and implementing a cyberwar laboratory exercise for a computer security course, Proceedings of the 35th SIGCSE technical symposium on Computer science education, March 03-07, 2004, Norfolk, Virginia, USA

• ACM SIGCSE Bulletin
  Volume 40 ,  Issue 3   September 2008