Posted on April 19, 2017
NetSec hosts digital capture-the-flag competition
By: Victoria Drysdale
BREAKING IN: NetSec winning team displays a plaque to be engraved and hung in Walter Light Hall.
Queen’s Network Security Team (NetSec) recently hosted its first cyber security competition in which undergraduate students applied their knowledge of cyber security to defend a network of their own design.
Over the past year, NetSec members attended labs and lectures led by graduate students to learn the ins and outs of network security. The students learned penetration testing and defence for limited networks to prepare them for the final capture-the-flag competition.
The group of students was divided into two teams and tasked with identifying flaws in their opponent’s network configuration which allowed for system infiltration and exfiltration of sensitive data.
NetSec president Michael Tanel, described the experience as valuable in preparing for a real-life situation.
“Everything you’ve learned is put together in a six-hour period,” explains Tanel. “You split up into attackers and defenders on your own team, so some people are monitoring your network for suspicious activity and some are doing the attacking. It pretty much models a real world situation. One of the reasons they teach the attack techniques is because in order to defend, you need to learn how to attack.”
The goal was to capture tokens from the opposing team. The winning team diverted malicious incoming traffic to a honeypot, a special isolated scapegoat machine on their network designed to bait or fool attackers.
“Everything looked the exact same,” says Tanel. “They would break in and generate tokens and things would seem completely normal.”
The final score was tallied at 5-3. Upon validating the tokens, the judges revealed that the leading team had been fooled. Four of their tokens were taken from the honeypot, resulting in a 1-3 win for the opposing team.
Tanel encourages anyone interested in computers to get involved in NetSec.
“I would say definitely do it,” he says. “It’s a great experience and I’ve learned a ton so far.”
NetSec has enjoyed a renewed popularity in recent years. Queen’s electrical and computer engineering professor, Tom Dean believes it’s largely due network security becoming more apparent.
“I have a retired photographer friend who is talking about network security,” says Dean. “She never would have thought about it eight years ago. It’s much more visible now. . . Mobile phones are no longer dumb things. They’re now a computer you hold in your hand that just happens to have a phone app. There’s a lot more awareness of the risk that goes with that connectivity.”
Despite rising interest in network security, Dean says people too often fail to take the steps needed to protect their data.
“Part of it is difficulty,” he says. “Part of it is how it changes how things are done. Part of it is how inconvenient it can be. Part of it is awareness.”
“People don’t realize to what extent they’re sending information and the consequences that could be involved,” says Dean.
He also suggests using a strong password, with more than 10 characters.
“It is reasonable to brute-force any password up to 10 characters,” he says. “It doesn’t matter if it’s uppercase, lowercase, or uses symbols. It has to be longer. You should also be turning on two-factor authentication as much as possible.”
Tanel says he plans to use his time with NetSec to promote awareness about personal online security and to help students from all disciplines learn more about network defence.
“I have hope it’s going to become a very big thing,” he says. “It would be nice to see a lot more first years involved. Next year we hope to set up a similar competition and to involve neighboring universities.”
NetSec will start up again in September, 2017 and welcomes all levels of knowledge and experience. To get involved, email email@example.com.
To learn more about protecting yourself online visit http://www.queensu.ca/its.