Posted on June 21, 2018

NetSec logo (Linux penguin and open laptop)

I asked two of last year’s organisers, Evan Bonneau and Mahad Amir, to explain the ins and outs of NetSec to someone who doesn’t know much about it.

‘We are a relatively new Queen’s design team,’ says Evan. ‘We try to figure out how to allow people to communicate online, without unauthorized entities getting access to those communications. We help students improve their skills by educating them on theory and providing practical exercises. Network security is one concept that isn’t fully covered by the curriculum so we are trying to fill in those informational gaps.’

The culmination of a year at NetSec was the Cyber Defense exercise at the end. Students split into teams, each team hosting their own services on a network that the organisers have spent the semester creating. Within each of the competing teams there was a red team (in charge of performing attacks) and the blue team (in charge of defending their servers from being compromised). That turned into a whole day of performing attacks, trying to deflect them and keeping score, with team b coming out victorious in the end. The trophy, if anyone is curious, is an old motherboard with a knife sticking out of it.

It’s easy for an outsider to think this is a club for students practicing to be hackers. Evan is quick to correct this assumption. ‘Our group would be classified as “white hat hackers”, meaning we learn how to use potentially malicious techniques but only in a non-malicious way. We teach the students to perform cyber attacks because it is the best way to identify how systems might be vulnerable to them as well as how to prevent the attacks from happening. The end goal is to learn to build secure applications.’

I then asked Mahad why it seems that so many people care about network security.

‘With the Facebook/Cambridge Analytica news breaking recently, it is definitely an increasingly apparent issue,’ he says. ‘People are willingly giving their data to those that would exploit it, simply because the consequences aren't obvious. Through the data that we provide to these corporations they are able to create a complete and invasive picture of us. It is important to be aware of why a company might want your data and to not provide them with it if you do not agree with it.’

‘The Equifax breach that happened recently also points to a large problem. A person's life can be ruined by identity theft and only a few personal details are required for a criminal to pull that off. Keeping these details secure, especially for a company that makes these details its business, is important.’

Evan assures me there are other reasons for joining, career advancement being one of them.

‘From a future career perspective, basic network security knowledge can be very attractive to potential employers. It shows that you know what you’re doing from a security standpoint and teaches you a new level of responsibility for what you are creating as a programmer. This summer I’m going to be working in Ottawa on a government security project and I wouldn’t have felt comfortable tackling something like that if I hadn’t gotten this background.’

So who should consider dedicating their time to this club? ‘Anyone who wishes to learn about security on the internet should look into NetSec,’ Mahad says. ‘I especially encourage anyone who wants to write software to join. Being aware of the techniques and mindsets used to break into networks and software will be extremely helpful in building secure applications.’

Evan agrees. ‘We encourage everyone to come and try – male, female, experienced in coding or completely new to it. The commitment can vary depending on how much you want to put into it. Last year the team would meet in Prof. Tom Dean’s lab for an hour or two on Saturday afternoons. Professor Dean was always there to support us or offer help if we needed any. We also provide plenty of resources for learning outside of those hours. We are going to keep updating the content and have slightly more advanced options for those in the group who are more experienced. It can seem intimidating fresh of the bat, but it gets easier very quickly and we’re here to provide support. People that have stuck with NetSec have found it awesome.’

To learn more, join the NetSec group on Facebook or read the article about last year’s competition here.

Alisa Darbinyan, June 2018