Drury University student attempts to hack city of Springfield in cybersecurity partnership


SPRINGFIELD, Mo. (KY3) – Drury University has teamed up with the city of Springfield to ensure its network is protected from malicious hackers.

The process is called a network penetration test, and it is when an organization hires white hackers to break into their systems.

This is the second year of partnership between the city and the university. The test is conducted by a senior as part of his main project, and a faculty member oversees the process. During the test, a student attacks the network in a way that a malicious hacker would do, looking for vulnerabilities that would allow the hacker to compromise property. The student then writes a report of the findings, which the city uses to improve its safety.

Springfield Information Systems Director Neil Slagle says the idea behind that network penetration test is to detect any problems.

There is one test that was done externally from the city system. Slagle says the city then gave students access to the internal part of the system to see what could be vulnerable to an attack on cyber security.

“We only had a few things that he thought we should concentrate on, but mostly he said we had a pretty solid network,” says Slagle.

Springfield leaders are making the necessary changes to make the systems more secure.

“These feats occur throughout the year,” says Slagle. “It takes time for patches to come out from some of the different manufacturers, and as soon as those patches come out, then we take them and we will patch those systems, so it’s just an ongoing process. We actually fix the code inside a certain network device so that the device is practically resistant to hacking. ”

Shannon McMurtrey, an assistant professor of cyber risk management at Drury University, oversees a student in charge of attacking the city’s network system.

McMurtrey says the rise in ransomware has put pressure on organizations to continually upgrade security.

“There is no perfect security,” says McMurtrey. “Security is not a destination. It’s a journey. So you’re never at the point where you can print it 100% safe. “

“Drury’s cyber risk management courses prepare students to work in the field of network security, and we also cover offensive and defensive cyber security techniques,” says McMurtrey. “It’s one thing to talk about these things in the classroom and do exercises, but it’s a completely different scenario when you’re in the real world and you’re dealing with real networks. It is very useful for students to gain that practical experience. ”

The goal is not only to keep this partnership annual but also to expand it.

McMurtrey says he hopes to include other types of cybersecurity, such as social engineering.

“Instead of trying to hack computers, we hack people,” McMurtrey says. “You can call customer support and convince them that you work in technical services for the city and that you need to enter this address and visit this URL, and you are actually trying to deceive people. If they fall for it, it could put them at risk again. ”

It is not just large organizations that can fall victim to this. McMurtrey says both small businesses and people can.

“Maybe they have intellectual property that’s kind of the heartbeat of their organization,” McMurtrey says. “Have good cyber hygiene, only good passwords, two-factor authentication, use of a firewall. There are some basics that small businesses can and should do. ”

McMurtrey says that if a password can fit in your head, it’s not a great password when it comes to a strong password.

“Especially if you use it again on multiple accounts,” says McMurtrey. “We really need to have very unique, long passwords that we use for each account.”

Even more important than the password is the inclusion of two-factor authentication.

“So even after you enter the password, it asks for the code from your authentication application or something that is sent to you via text or otherwise, so that even if someone has your password, they still don’t have access to your account,” he says. McMurtrey.

The Center of Excellence for Cyber ​​Security in Missouri provides a partnership framework, 501 (c) (3) established to enhance workforce development and cyber security training. MCCoE also provides internships and employment opportunities for students studying cyber security.

“The city is very excited to have conducted our network penetration testing in the city in partnership with MCCOE and Drury University,” says Slagle. “We thought that the testing was thorough and we plan to continue it in the future. It’s a great example of working together in the real world to help develop local cybersecurity skills and bring the city access to that talent. ”

McMurtrey also serves as a faculty advisor at the Drury University Cyber ​​Defense Club, which recently placed in the top 5% of the nation in the National Cyber ​​League Team Competition.

To report a correction or typo, email digitalnews@ky3.com

Copyright 2022 KY3. All rights reserved.

Comments are closed.