Recently, students of the Department of Information Protection, the Institute of Computer Technologies, Automation and Metrology, took part in a training course on ethical hacking at Northumbria University in Newcastle upon Tyne, the UK. The course was held within the framework of a grant provided by NATO and lasted a week.
The students spent this time with benefit, gaining new knowledge and experience, and also demonstrated their competence and skills. They checked the university鈥檚 security system for shortcomings, successfully identified unexpected problems, and submitted a report to the university. After completing the course, the students met with the Rector, Nataliia Shakhovska, and discussed important issues.
Oleksii Hrushkovskyi, a fourth-year Cybersecurity student who participated in the educational course, notes that ethical hacking is one of the tools used to ensure security at facilities, enterprises, and private institutions. Its core principle is to focus on strengthening protection against potential vulnerabilities and threats.
鈥 Relatively speaking, it鈥檚 like thinking about how to protect a house from the perspective of someone trying to break into it, Oleksii explains. 鈥 In essence, ethical hacking is the same as regular hacking, but carried out within agreed boundaries, with specific regulations and defined capabilities. First, you discuss with the client how the system may be 鈥榖reached,鈥 agree on the terms and scope of work, and then, within those parameters, provide a detailed report outlining the vulnerabilities identified and recommendations on how to fix them.
As part of the grant, both teachers and students participated in the course. According to Marta Mazurkevych, a 5th-year student majoring in Cybersecurity, international students from Northumbria University were already graduates and acted as teachers. They conducted training, held several lectures, and also consulted in case of questions related to the lecture part.
At the beginning of the course, the participants were shown the security system of the university鈥檚 cyber clinic 鈥 three connected cyber laboratories on one floor. The teachers assured that their cyber clinic was separate and isolated from other networks, but Oleksiy discovered that this was not entirely true:
鈥 They told us that we could not get anywhere and do anything, and they gave everyone the same login and password. I thought: if we have the same login data, I will see if there are any remote services, as there are several in Windows that allow remote access. Accordingly, knowing the login and password, I tried to check if I could log in to some other computer. I chose a random IP address, entered the data 鈥 and logged in to the other computer. This was the first sign that something was wrong. Then I checked if I could upload a file on it, and found that I could, because I had full access to the computer, including administrative rights. And then I just checked my capabilities 鈥 how many computers I had. It turned out that it was not only about three laboratories 鈥 I got access to the desktops of the entire floor and the floor above and below, if they were turned on. It was not really as safe there as we were told. When we reported, there was evidence that we had indeed logged in to another floor.
After the students returned from Northumbria University, the Rector of 果冻APP Natalia Shakhovska held a meeting where they discussed the experience gained and the possibilities of improving education directly at our university.
The purpose of the meeting was to gather students鈥 perspectives on new approaches to the educational process and how it is implemented at other universities, particularly in Europe. The participants also discussed the strengths of higher education in Ukraine and England, explored opportunities for integrating effective innovations into our system, and highlighted the practices that are already working successfully.
