H

 

Red vs. Blue: CS students compete in cyber‑security showdown

- January 15, 2015

Working together to analyze the network traffic for the "Red Team vs Blue Team" game: (Back row, left to right) Aimee, Aaqip, (Front row, left to right) Deric, Revanth, and Sara. (Nick Pearce photos)
Working together to analyze the network traffic for the "Red Team vs Blue Team" game: (Back row, left to right) Aimee, Aaqip, (Front row, left to right) Deric, Revanth, and Sara. (Nick Pearce photos)

When they graduate, many H Computer Science students may end up on the front lines of one of the 21st century’s ongoing battles — between the hackers seeking to infiltrate global computer networks and the IT professionals tasked with defending them.

And thanks to a unique classroom exercise, students in Nur Zincir-Heywood’s Network and Design Management course will be more than ready to take up arms and join the ranks of the defenders.

Dr. Zincir-Heywood manages the Cisco Network Security Teaching Lab in the Faculty of Computer Science. Each term, she teaches a group of graduate students about cyber security, building up to a game that takes place over the last two weeks of the semester.

On the battlefield


 “In 2005, I had the idea that students might learn more by participating in an active environment where they could put their knowledge into action,” she says. “So, I challenged my students to a friendly game and divided the students into two competing teams: red and blue.”

Similar to military games and practices, the red team acts as the attacking enemy, while the blue team acts as the home defender.

In a nutshell, if the attackers successfully infiltrate the network of the blue team and either crash the computer or install their own user account on the blue team’s computer, then red prevails. If the blue team successfully prevents this from happening, they earn the victory.

Dr. Zincir-Heywood’s teaching assistants, together with the Faculty’s technical support team, prepare the lab for battle. During the four weeks leading up to the game, students prepare by researching, installing and configuring any necessary program they might need. Dr. Zincir-Heywood teaches the relevant concepts through out the term and during the final two weeks of the term the game is played



“We are equipping our students with the most up-to-date skill sets and techniques necessary to be strong defenders in this world of cyber security,” she explains. “To do this, we must first teach them to think like an attacker — in other words, to understand the potential vulnerabilities of a system that needs defending.”

The scenario changes slightly each year, but it offers few, if any, limitations to the students. They can use any of the tools they’ve learned in class, and they’re tasked with thinking strategically and creatively to elevate their level of attack or defence.

The attacks may be quite complex or incredibly simple, as in “the lazy guy attack,” where students prey on others who simply have not removed their saved passwords from their computers.

CISCO raises the bar


Earlier this fall, Cisco — one of the world’s leading companies in networking technologies — contributed a range of equipment and technologies towards the new Cisco Network Security Lab at H University. With new routers, switches, security tools and desktops, it has essentially become just like a brand new lab.

The Cisco boxes housed in the lab fall into two categories: switches and routers. Switches are used for local area network connectivity — connecting computers to each other so that they can communicate in a lab environment — while the routers are used for wide area network connectivity (connecting local area networks to each other to form the Internet).

The new lab makes it possible to try new software and build more realistic network topologies, as well as isolate the lab from the main university network to run activities such as the hacking exercise.

The new computers and a dedicated space gave students the comfort to think outside of the box. The winning team didn’t just download a code from Dark Internet web sites and run it on the game machines, or launch a standard Denial of Service attack. One student, Aaqib, found a way to switch wires on the equipment to make specific computers unavailable. Another, Aimee, set up a webcam to capture people typing in their passwords. The students were motivated and excited to fight with any tools they could use.

“It was more like using all those codes as ingredients and making a new cake,” says Dr. Zincir-Heywood.

In this year’s class, it was team red who prevailed — but the battle lines will be redrawn the next time Dr. Zincir-Heywood teaches the course.