Scanning the system: developing a custom-made security application

Mathijs Westerhof, a third-year student of ICT, major in Network & Security Engineering, at Hanze University of Applied Sciences recounts how he has built a custom-made security application during his internship at Dataprovider.com.

Why did you choose to do your internship at Dataprovider.com?

I visited a job market at Hanze University of Applied Sciences last year, and from all the companies that were present only few caught my eye. After I spoke with their representatives and did some additional research, Dataprovider.com seemed like the most suitable place for me to gain hands-on experience in security engineering.

On what project did you work during your internship?

I was assigned a quite compelling task: Dataprovider.com has a network of hundreds of servers, and I had to find a way to further secure it without making any alterations. 

I narrowed down the project to three stages. First, I did an initial research on what could be improved in the already existing security applications such as Nmap or Masscan. Then, I weighed up the pros and cons of building my own security application, and on the basis of my findings I decided to design and test a stand-alone application in Python.

What is the outcome?

My application scans all Dataprovider.com servers and detects early security flaws. For example, if the firewall of one of the servers is not configured properly or someone tries to send malicious requests to our servers, it immediately detects it and notifies the system administrator. What’s more, my application can be continually tweaked, which is not possible with the already existing applications. 

On top of that, it scans nine times faster than any other network scanning application. Let me give you an example: my application made a scan of the network in less than four hours, whereas the fastest competitor made the same scan in 35 hours. It carries considerable weight if a security application scans four times every day instead of once every two days.

Why is this important?

As my application scans much faster, the detection window for a possible security breach is significantly smaller. In other words, if an attacker finds an open port and tries to send malicious requests, the port will be closed before they finish the scan.

What was the most challenging moment for you while developing the application?

At some point I had to add another feature to the application while maintain its current speed. The main startup routine had to be completely overhauled which resulted in a very slow startup. Trying to figure out how to make the application fast again was hard. However, I managed to come up with a solution: I traded a little modularity for a greater speed enhancement.

What lessons did you learn during your internship? 

First and foremost, I have expanded my knowledge in coding and setups. I have also learned that I don’t always need to solve everything on my own: all my colleagues here shared their expertise and assisted me whenever I needed it. 

Besides, I was encouraged to learn at my own pace, and I believe this is an essential ingredient for a truly successful learning process. I tend to rush through assignments in order to meet deadlines, and then I can’t really do my best. However, while working here, I had enough time to do the necessary research and fully concentrate on my assignment: so I have developed the application to the best of my abilities.

--

Text & photography: Andriana Boyrikova, Maaike van der Post.