Pen testing for educational purposes

[dimkovtrajce () yahoo com]

Hi, in my university we try to set an exercise for first year master students in computer security in which they need 
to compromise a system using social engineering and technological skills.

we are looking at a multistep scenario, in which they need to gain physical possession of the device(for ex. laptop or 
pda) and extract encrypted data from it. They will get points at each checkpoint. 

The students come from 3 host universities where they get their other classes, so my guess is that we will need to set 
3 samples of the same exercise, or make the exercise somehow distributed.

Since you have much more hands on experience, can you give us any tips or ideas for setting the exercise, so the 
students get interested in taking more security courses?

Thank you in advance,
Dimkov Trajce