JACKSON HOLE, WYO – Jackson Hole native Ben Bernard was caught red-handed hacking into a college network recently. He won’t be going to jail, however. He’ll go to the head of the class.
Bernard helped hack the North Dakota State University campus network as part of the recent ‘HACK NDSU’ event. The event is the first-of-its-kind opportunity for college students to test their hacking skill against campus network security measures in a perfectly legitimate and sanctioned event that will help bolster the security of the campus network in the future.
The exercise is called a penetration test. Basically, testers—in this case a group of NDSU students—pretend to be the bad guys to see what they can access. They track the issues that they find so they can be fixed before real bad guys use them for nefarious purposes. The exercise was led by experienced local professional penetration tester Tim Jensen of AppSec Consulting and carried out under the watchful eyes of NDSU Chief Information Security Officer Enrique Garcia.
“The event gave students a unique opportunity to test out and demonstrate their skills in the real world,” said assistant professor Jeremy Straub. Straub is also the associate director of the NDSU Institute for Cyber Security Education and Research and helped plan the event along with Garcia. “If students, on their own, did the types of things they got to try as part of HACK NDSU, they could be expelled or even arrested. The opportunity to have real penetration testing experience on their resume gives our students a big leg up, as compared to students from other schools, in getting security industry jobs.”
The event spanned two evening sessions. During the first, Jensen, Bernard, and the other students scanned the network for vulnerabilities and carried out some limited attacks. During the second, focus turned to exploiting the potential vulnerabilities that the scan found—basically showing that the issues could actually be hacked.
“I participated in HACK NDSU to learn more about networks are attacked and defended in a real-world setting,” Bernard said, hoping to learn more about the current state-of-the-art in attacking and defending networks.
Jensen and the students found a number of issues, but the NDSU network was relatively secure overall. Jensen said it compared favorably to other networks that he has performed penetration testing on.
“There are always vulnerabilities on any network,” Garcia admitted. “It’s better that our students find them than somebody else. I think it’s great to have the students work in a real-life situation. There was a lot of interest and questions.”
The experience builds on coursework offered at NDSU related to ethical hacking, network security and other cybersecurity topics. Students can pursue a special recognition in cybersecurity as part of a bachelor’s degree in computer science, a graduate certificate in cybersecurity or an option in cybersecurity as part of NDSU’s M.S. and Ph.D. programs in computer science or software engineering.
North Dakota State University is leading the state’s efforts in cybersecurity education through the NDSU Institute for Cyber Security Education and Research. Research and educational activities are conducted in a new 1,200 square foot dedicated cybersecurity facility within the Quentin Burdick Building on the NDSU campus.