Daily Diary of IT Summer School in St.Petersburg, Russia

The Summer School for master’s degree students in IT security area organized by ENGENSEC project in St.Petersburg, Russia was finished successfully. The IT Summer School took place from 18 to 31 July,  2016 in the Bonch-Bruevich Saint-Petersburg State University of Telecommunications. The IT Summer School gathered the best students from partner universities: Blekinge Institute of Technology (Karlskrona, Sweden), Wroclaw University of Technology (Wroclaw, Poland), Kaliningrad State Technical University (Kaliningrad, Russia), P.G. Demidov Yaroslavl State University (Yaroslavl, Russia) and Bonch-Bruevich Saint-Petersburg State University of Telecommunications (Saint-Petersburg, Russia).

Such courses as Advanced Network & Cloud security, Digital Forensics, Web security, Penetration testing and Ethical Hacking were provided for students. ENGENSEC experts developed all these courses. The Summer school teachers are representatives of Blekinge Institute of Technology (Karlskrona, Sweden), The German Federal Criminal Police Office (Wiesbaden, Germany),  Kharkiv  National University of Radio Electronics (Kharkiv, Ukraine), Kaliningrad State Technical University (Kaliningrad, Russia), Saint Petersburg State University of Telecommunications (Saint-Petersburg, Russia), Saint-Petersburg Institute for Information and Automation of the Russian Academy of Science (Saint-Petersburg, Russia) and «Training center «Echelon» (Moscow, Russia).

The amazing culture program was prepared for students. They have a possibility to visit the world famous places and museums in St Petersburg such as Hermitage and Winter palace, Petergof, Pushkin, St. Isaac’s Cathedral, etc.
The first course of Summer school is Advanced Network & Cloud security. The course took place on 18 – 20 July 2016. The teacher is Igor Ushakov from Saint Petersburg State University of Telecommunications (Saint-Petersburg, Russia). He told students what is going on in advanced networking, including VXLAN overlay networks, network programmability and software-defined networks, using Cisco ONEPK solution and basic fundamental skills in virtualization.

The second day of the teaching was devoted to the practice laboratory. The laboratory works were a series of tasks, connected with Cisco equipment (hardware and virtual), network programmability, overlay networks, virtualization and cloud networking. The tasks of laboratory work was CSR virtual router deployment, support and manage customs with limited authorization rights in data center, create and check the completion an overlay network (VXLAN based) above existed DC interconnect.

The students were divided into 7 groups. Each group consists of international students. The fastest group is a winner. Case study is about the creation of virtual machine, migration of VM on another tenant with more resources, configuring VXLAN between CSR Cisco 1000 virtual routers. In case of completion the task students need to make backup of VM to geographically remote data center.

Final result of laboratory work was a configured topology, where all the tasks, have been done. As a result four teams were the leaders. The first place is belong to team 1:Robert Pawlas, Alferov Roman, Arshinov Alexander, the second place – team 2: Marcin Kacperek, Oskar Edbro, Zaika Ilya. The third place was shared between team 4 (Wojciech Sobczak, Oskar Henriksson, Knyazev Vladimir) and team 5 (Erik Olsson, Baranova Daria, Ovchenkov Aleksei).

All students-winners were congratulated. Winners received special medals with their names during special ceremony in a boat tour. The tour was through the central rivers and canals of St. Petersburg. Students saw the most famous palaces in St. Petersburg, including the Shuvalov, Sheremetev, and Yusupov Palaces, the Strelka (“spit”) of Vasilyevsky Island, the Winter Palace, St. Isaac’s Cathedral etc.

“Digital Forensics” course took place took place from 20 to 22 July 2016 at the Bonch-Bruevich Saint-Petersburg State University of Telecommunications. The course was devoted to the different theoretical aspects of the digital forensics, including forensic basics, Windows artefacts, file systems and network forensics. In practical part students got tasks to find artefacts in different web browsers (Internet explorer, Mozilla Firefox, etc), to perform the network forensic investigation based on a true story of web mail account stealing, and to recover a password from a crypto container. In addition, the students got an overview about LiveForensic, especially creating and analysing a RAM Dump with volatility. These topics were presented by Andrey Chechulin (SPIIRAS, Russia), Cemil Yesil (Hessen police, Germany), Anders Carlsson (BTH, Sweden). This knowledge will be useful for a pentesting course and for general improvement of the IT skills.

The “Web Security” course took place from 25 to 26 July 2016 during St Petersburg Summer School. OlenaTkachova from Kharkiv National University of Radio Electronics of course presented the theoretical part. The theoretical part includes an overview of the main principles of client-server architecture functionality, actual threats, vulnerabilities and attacks that took place on client and server side. Olena focused on foundation principles of web security and countermeasures, which give ability to prevent attacks and develop secure web applications. The vulnerabilities and attacks that affect to web applications at the network, host, and application levels were enumerated and identified. Sergei Syroezhkin from Kaliningrad State Technical University provided the practical part. The teaching tools as WebGoat from OWASP and Pentestit from penetrating testing laboratory were used in practice exercises. Students have learnt and tried apply on practice such type of attacks as SQL- injection, cross-site scripting and Server-Side Request Forgery.

The course “Penetration testing and Ethical hacking” took place fron 27 to 28 July 2016. The course teacher is Alexander Dorofeev from Autonomous non-profit organization «Training center «Echelon». Students focused on the main stages of testing the safety of information systems during these two days. The study cases include the collection of information on the Internet for testing, either vulnerability analysis, which takes place manually or using special scanners.
The laboratory work was focused on the exploitation of vulnerabilities in network services. Beginners ethical hackers intercepted network traffic, picked up passwords, exploited web-apps attacks, gave an administrative access to specially prepared vulnerable machines.

The closing ceremony of  IT Security Summer School was on Friday, 28 July in Bonch-Bruevich Saint – Petersburg State University of Telecommunications.
Anders Carlsson (general manager of the ENGENSEC project), Igor Ushakov (Advanced Network and Cloud Security course developer), Irina Karimova (head of International Cooperation Department) and Georgii Mashkov (Vice-Rector for International Cooperation) congratulated students with completion, thanked for their participation and wished to achieve great results during the further education.

All students who took part in IT Summer School received an official certificate that provides 3 extra ECTS credits.

On the last day, students and teachers were invited to the special party. Everybody felt the unique atmosphere of friendship and warm-heartedness. Students became close to each other during these two weeks of cyber security school. ENGENSEC students will remember these summer days and keep their great memories about St. Petersburg city.