Drury University student hacks Springfield for cyber security test
Testing the city’s protections against malicious hackers, a Drury cybersecurity student attempted last week to break down the city of Springfield’s cyber defenses.
Called a network penetration test, an organization often hires white hat hackers to break into their systems.
During the test, the student attacked the network in the way a malicious hacker would, looking for vulnerabilities allowing a hacker to compromise assets. The student then wrote a report on the findings the city uses to improve its security.
Conducted by a senior as part of their capstone project, this is the second year for the partnership between Drury and the city.
“Drury’s Cyber Risk Management courses prepare students to work in the field protecting networks and we cover both offensive and defensive cyber security techniques,” said Shannon McMurtrey, assistant professor in cyber risk management.
More:Construction begins on Grant Avenue Parkway, road closures near Parkview High over summer
“It’s one thing to talk about these things in the classroom and do exercises, but it’s a whole different scenario when you’re in the real world and dealing with real networks. It’s very useful for the students to get that hands-on experience.”
To protect the integrity of the city’s network, not many details can be shared about the test, but Information Systems director Neil Slagle said the penetration test was helpful in ensuring the integrity of their system.
“We felt the testing was thorough and plan to continue this in the future. It is a great example of real-world collaboration to help grow local cyber security skills and for the city to access that talent,” Slagle said.
Speaking to the News-Leader, Slagle confirmed the students were unable to breach the city’s most sensitive information.
“We have pretty good security in the city,” he said.
Instead, the Drury student was able to hack into several unpatched desktops, laptops, or mobile devices. But those devices exploited in the test were “non-exploitable” by a potential malicious actor.
“So it was good, actually not finding anything is actually really good for us,” Slagle said. “In fact, the student told us that he thought he was doing something…