Students from the University of Kansas School of Engineering earned first place in a cyberdefense competition. The “JayHackers” won the inaugural computer security competition at the Central Area Networking and Security Workshop, hosted by KU in late October.
The scenario for the eight-hour competition featured student teams replacing all the IT professionals from a small corporation after the employees were fired. Students had to assume their responsibilities, figure out the potential threats to various computer servers and stave off attacks from a group of professional hackers. The teams raced the clock and the others to see which team could keep networks up and running for the longest amount of time.
“I call it a network administrator’s day from hell. It’s the worst possible case that a network admin will ever face,” said Chris Seasholtz, JayHackers team captain and master’s student in computer engineering.
Each of the five teams had an hour at the start of the competition to analyze their network and make basic upgrades before the group of hackers, known as the “Red Team,” began their siege of each team’s operations. Throughout the day, teams upgraded outdated systems, installed program patches, added new users to the system, removed former users and tried to fight off cyberattacks.
“We found a lot of security flaws, so there was a lot to do. It was a real challenge,” Seasholtz said.
Each team received a point for every minute that a server was up and running – that includes an email server, web server, FTP server, chat server as well as maintaining the active directory service and remote desktop service.
Teams also received a percentage of their final score based on how well they handled everyday business tasks as well as specific and unique requests – known as injects – such as adding or removing users from the system, responding to a CEO's unreasonable IT request or cracking the password of an encrypted Wi-Fi network.
“We did a pretty good job of keeping things going, but the Red Team was eventually able to hit us hard. And that’s where we learned from our mistakes,” Seasholtz said. “There was one password that we didn’t change, and they got access and took the system down. That was pretty disheartening but also a great learning experience.”
The goal of the competition is to provide students with a platform to apply theoretical knowledge into practice and obtain hands-on cybersecurity experience.
“The competition helped me a lot, because … it’s not just reading from a textbook, I’m actually in there with my hands, learning,” Seasholtz said. “I’m able to learn from my mistakes. Instead of being told how to fix something, I can figure out on my own where I went wrong.”
KU competed with teams that included students from Kansas State University, University of Missouri-Kansas City, the University of Arkansas-Little Rock and a combined team of students from Northwest Missouri State University and the University of Arkansas. Faculty members from each school comprised the Gold Team, which provided oversight of the competition and made all officiating decisions.
The JayHackers are a group of KU students with an interest in security. The team, which is considering whether to seek official club status from KU, is overseen by Bo Luo, associate professor of electrical engineering. Seasholtz said the group is still weighing its options on participating in future competitions.
The competition was co-sponsored by the National Science Foundation, the KU School of Engineering and KU’s Information and Telecommunication Technology Center.
Team members: Trey Barton, Hutchinson; Angela Benway, Northbrook, Illinois; Blake Bryant, Fort Leavenworth; Isaac Cook, Olathe; Myung Kang, Pittsburg; Chris Seasholtz, Leawood, and Zach Welk, Gardner.