Summary

Overview
Have you or your students ever felt frustrated at not being able to access a favorite website or online game? Did you realize the site might have been a victim of a cyber-attack? If you aren't careful about online security, your own computer could even be used to launch the attack! In this fun lesson plan, you and your students will model one type of attack (a denial-of-service attack) and figure out how to protect the network against it (no computer programming required)!Learning Objectives
- Execute a denial-of-service attack on a model of a computer network.
- Determine quantitative metrics that can measure the impact of a denial-of-service attack.
- Design and test a solution to prevent a denial-of-service attack on a model of a computer network.
NGSS Alignment
This lesson helps students prepare for these Next Generation Science Standards Performance Expectations:- MS-ETS1-3. Analyze data from tests to determine similarities and differences among several design solutions to identify the best characteristics of each that can be combined into a new solution to better meet the criteria for success.
- MS-ETS1-4. Develop a model to generate data for iterative testing and modification of a proposed object, tool, or process such that an optimal design can be achieved.
Science & Engineering Practices
Analyzing and Interpreting Data.
Analyze and interpret data to determine similarities and differences in findings.
Engaging in Argument from Evidence. Evaluate competing design solutions based on jointly developed and agreed-upon design criteria. |
Disciplinary Core Ideas
ETS1.B: Developing Possible Solutions.
A solution needs to be tested, and then modified on the basis of the test results, in order to improve it.
There are systematic processes for evaluating solutions with respect to how well they meet the criteria and constraints of a problem. Sometimes parts of different solutions can be combined to create a solution that is better than any of its predecessors. ETS1.C: Optimizing the Design Solution. The iterative process of testing the most promising solutions and modifying what is proposed on the basis of the test results leads to greater refinement and ultimately to an optimal solution. |
Crosscutting Concepts
Systems and System Models.
Models can be used to represent systems and their interactions—such as inputs, processes and outputs—and energy and matter flows within systems.
Systems may interact with other systems; they may have sub-systems and be a part of larger complex systems. Models are limited in that they only represent certain aspects of the system under study. |
Materials

To share with the entire class:
- Timer
Needed for each group of 9–12 students:*
- Colored construction paper, 9 by 12 inches (5–8 distinctly different colors; 10 sheets of one color, 4 sheets of all other colors.)
- Scissors or paper cutter
- Server queue printout (2)
- Processing paper printout (3)
- Clear tape
- Small boxes (2) to collect 1 ½ by 2 inch cards. (Note: Some groups might need an additional set of 2 boxes)
- Permanent marker
- Student desks (6–9)
- Pen or pencil (one per participant)
* This activity works best with groups of 9-12, but can work with groups of 7-14 participants. For smaller groups, reduce the number participants acting as client and/or as Internet by one. For larger groups, add clients and ask all clients to write their name and street on each request. See Explore section for explanation of different roles.
Background Information for Teachers
This section contains a quick review for teachers of the science and concepts covered in this lesson.If you follow the news, you have probably read about cyber-attacks or hacks against individuals, companies, and governments. The results vary widely, ranging from leaks of embarrassing personal photos to identity theft or leaking of top secret information. The backgrounds and motives of perpetrators are also diverse, ranging from teenagers who just want to cause some disruption to serious criminals. One type of cyber-attack is the denial-of-service (DoS) attack. A DoS attack typically floods a server with so much traffic that it is overwhelmed and unable to respond to legitimate users. To regular visitors, the site appears very slow or not functional at all. Unlike other types of cyber-attacks, the goal of a DoS attack is not to steal confidential information. DoS attacks may be used by activists to damage the target organization's reputation or limit its visibility at a critical time; or by criminals who demand a ransom payment to allow a website to come back up.
Before you can explore how DoS cyber-attacks work, you need a basic understanding of how information travels from the client (the computer or program you use to connect to the Internet) to a server (a machine that hosts a website). The server processes requests from the client. For example, when you click a button in a web browser to load a new page, your computer (the client) sends a request to the server for the files needed to load and view that new page. A posted request passes firewalls and routers as it travels through the Internet. A router sends the request to the correct server. There, it is placed in a queue to be processed when the server has a chance. For this activity, the process will be simplified to the process shown in Figure 1.

Figure 1. In its simplest form, requests posted by a client travel over the Internet to a server, which then processes the requests.
One way to launch a DoS attack is to send the target server many (fake) requests in a short time span (for example, requesting to load the same page over and over again). This floods the server with requests so it is unable to process them in a timely way. This type of DoS attack is a good example because it is simple, identifying it is easy (requests from a particular client come at an abnormally high rate), and intercepting it could be straightforward (disregard all requests from the attacking client). Once this is understood, more sophisticated types of DoS attacks, which might be harder to detect, can be explored.
The task of cybersecurity staff is to safeguard their employer's Information technology (IT) network and its related data. This includes protecting services against DoS attacks. The ideal defense mechanisms let all legitimate traffic through, while blocking illegitimate requests without slowing down the process. In real life, compromises are often necessary. Several protection mechanisms are used. Implementing a good firewall, which can identify and disregard illegitimate requests, is often the first step. Another tactic is to increase the capacity of the network to handle requests. Although this might not intercept attacks, it makes the service less vulnerable, as it is able to handle the additional load of illegitimate requests.
In this lesson, students act out the network shown in Figure 1 without using computers or the Internet. Some students will act as clients, writing colored cards representing "requests" or information to be sent to the server. Other students will serve as the Internet, collecting and transporting these cards (requests) to the server. One student acting as the server will receive the requests and process them. A student (the guard) will initially oversee the process and can later be used to represent a firewall. One student will serve as attacker and flood the system with requests to simulate a DoS attack. Although this greatly simplifies the information flow happening in real life, it is an easy way to show how a successful DoS attack can be launched, how it affects the network, and ways cybersecurity professionals can counter the attack. Let your students be the cybersecurity personnel, identify cyber-attacks, and find creative ways to protect the service against the attacks.