SCIA-120 Hands-On Labs¶
Course: SCIA-120 Β· Introduction to Secure Computing
Frostburg State University β Department of Computer Science & Information Technology
Lab Program Overview¶
This lab series provides 13 hands-on, Docker-based exercises that complement the SCIA-120 lecture materials. Each lab is self-contained, requires no special hardware beyond a personal computer, and uses Docker containers to create safe, isolated environments for exploring real security tools and techniques.
What You Need
- A computer running Windows 10/11, macOS, or Linux
- Docker Desktop installed β Download here
- A terminal (PowerShell on Windows, Terminal on macOS/Linux)
- Approximately 1β2 hours per lab
Lab Philosophy
These labs follow a learn-by-doing approach. You will run real security tools against real (but isolated) systems. The goal is not just to complete the steps, but to understand why each tool and technique works the way it does.
Lab Schedule¶
| Lab | Title | Topic | Difficulty | Time |
|---|---|---|---|---|
| Lab 01 | Docker Basics & the CIA Triad | InfoSec Fundamentals | β | 45β60 min |
| Lab 02 | Linux File Permissions & OS Hardening | OS Security | β | 45β60 min |
| Lab 03 | Password Storage: Never Store Plaintext | Cryptography | β | 45β60 min |
| Lab 04 | Network Reconnaissance with Nmap | Network Security | β | 45β60 min |
| Lab 05 | Packet Capture & Traffic Analysis | Network Security | ββ | 45β60 min |
| Lab 06 | Firewall Rules with iptables | Network Security | ββ | 45β60 min |
| Lab 07 | Encryption in Practice with OpenSSL | Cryptography | ββ | 45β60 min |
| Lab 08 | Securing a Web Server with HTTPS | Internet Security | ββ | 60β75 min |
| Lab 09 | Web Vulnerabilities: SQL Injection | Secure Programming | ββ | 60β75 min |
| Lab 10 | Malware Sandbox: Safe Behavior Analysis | Malware Analysis | ββ | 45β60 min |
| Lab 11 | SSH Keys & Access Control | Authentication | ββ | 60β75 min |
| Lab 12 | Log Analysis & Anomaly Detection | Security Practices | ββ | 60β75 min |
| Lab 13 | Capstone: Harden a Containerized Application | All Topics | βββ | 90β120 min |
| Lab β BST in Java | Binary Search Tree in Java | Data Structures | ββ | 60β75 min |
Learning Progression¶
The labs are organized to build on one another:
Labs 01β04 β Labs 05β08 β Labs 09β12 β Lab 13
Foundation Networking & Application & Capstone
& OS Basics Cryptography Detection Integration
Labs 01β04 introduce Docker, Linux fundamentals, and basic cryptography. Labs 05β08 cover network security and encryption in practice. Labs 09β12 tackle application vulnerabilities, malware analysis, and incident detection. Lab 13 integrates everything into a real hardening exercise.
Assessment Structure¶
Each lab is worth 100 points:
| Component | Points |
|---|---|
| Screenshot submission (minimum 6β10 per lab) | 40 |
| Analysis/mapping table or code comparison | 20 |
| Reflection questions (3β4 per lab) | 40 |
All screenshots must be: - Clearly labeled (e.g., screenshot-03d-hash-comparison.png) - Show your terminal β not generic internet images - Submitted through the course LMS by the due date
Difficulty Guide¶
| Symbol | Level | Description |
|---|---|---|
| β | Beginner | No prior Linux or networking experience needed |
| ββ | BeginnerβIntermediate | Basic command-line comfort helpful |
| βββ | Intermediate | All prior labs should be completed first |
Technical Troubleshooting¶
Docker command says 'permission denied'
On Linux, add your user to the docker group: sudo usermod -aG docker $USER then log out and back in.
A Docker image fails to pull
Check your internet connection. If on campus, ensure the campus network allows Docker Hub access. You can also try pulling from a different network.
A port is already in use (e.g., port 8080)
Another application is using that port. Either stop the other service, or modify the Docker -p flag to use a different host port (e.g., -p 9090:80 instead of -p 8080:80).
Container commands run but nothing seems to happen
Run docker ps to check if the container is running. Run docker logs <container-name> to see error output.
I accidentally left a container running
Run docker ps -a to list all containers, then docker stop <name> and docker rm <name>. To clean up everything: docker system prune -f.
Academic Integrity¶
Important
All lab work must be your own. Screenshots must be from your own computer β do not copy screenshots from classmates or the internet. The tools and techniques in these labs must only be used against the local Docker containers in the lab environment. Scanning, attacking, or probing any system you do not own is illegal.
Review FSU's Academic Integrity Policy before beginning the labs.
Quick Start¶
Ready to begin? Start with Lab 01 β
If hello-world runs successfully, you are ready to start Lab 01.
Labs authored for SCIA-120 Β· Frostburg State University Β· Spring 2026