In February, we welcomed four enthusiastic applied computer science students (networking specialisation) from Erasmus Brussels University of Applied Sciences and Arts. They applied their accumulated knowledge by performing various tests on the security of the Belnet network under the supervision of our Security Analyst Raf. We'd like to let them tell us themselves about their experience.
Did the project consist mainly of technical testing, or did you take a broader approach?
"Our project could be divided into four different phases, each with its own approach. In the first phase, the reconnaissance phase, we went looking for everything we could find online about Belnet. From what can be read on social networking sites like LinkedIn, to public information on public websites, to checking the domain name Belnet in the tool Maltego."
And after the online information check, did you dive into the technical analysis?
"Yes, that's when the real work started! In the second phase, also called the scanning phase, we became more technical: we scanned open ports, domain names, the name servers ... In the third phase, the exploitation phase, we were challenged by our supervisor Raf to penetrate a virtual environment – which we succeeded in doing! – and so we entered the final phase, also called the post-exploitation phase. That's where we analysed all the network traffic and as well as what interesting information can be found, once you're already in the network: what protocols or technologies are present? How far can you keep penetrating?"
Sounds like a very exciting hands-on experience! What was the most instructive aspect for you?
"What offered great added value for us was the exploitation phase. The penetration into the virtual environment was of a higher level than anything we had done before. What's more, this immediately posed the biggest challenge in the project, as we did not have much experience in this. Thanks to Raf's great guidance, we were able to take further steps each time. Anyway, it's very interesting to test out some things outside the academic environment.
We were also presented with an additional assignment during our weekly project day at Belnet. For example, we drafted a phishing email that was then sent to internal employees as a test to see how high the alertness level was. What were the results? There were barely any clicks and the email was very often reported as spam. So, a successful test!"
How did you end up with Belnet as an organisation for your project?
"It was our networks tutor who made the connection with Belnet. This is the first time this university project has taken this form, and our tutor also greatly appreciated that we came up with an original approach and project content."
After the project at Belnet, another internship will follow, and then ... graduation already beckons. What are your further plans for the future?
"Penetration testing (testing for vulnerabilities in the network) and networks are the areas where we see ourselves continuing to work anyway. The project is the perfect warm-up for the upcoming internship. Our training is very hands-on, so we look forward to getting to work after an enjoyable break and possibly further on-the-job training to keep up with the latest developments in the field."
Many thanks for your hard work and good luck in your future careers!
Davina Luyten is communications officer at Belnet. She has a background in translation, journalism and multilingual corporate communication. At Belnet, she focuses on external communication, public relations, crisis communication and security awareness. She has participated in the GÉANT project since 2020, where her involvement includes the annual cyber security awareness campaign.