Lary Holland, president of NEM Technology, leads off a talk whose title says it all: "You have your firewall, but the hacker threat is already in your office-[or], the killer is already in your house."
How-To: BYOD Security Demands Mobile Data Protection Strategy
Thanks to the bring your own device (BYOD) trend, Holland says, infected computers can now bypass the firewall directly and attack from the inside. He suggests increased intrusion detection that not only monitors packets for signatures but also watches where they go and, in a sense, creates Virtual Private Networks to enforce role-based security. In other words, if an engineer logs into the network with any device, that device will not be able to ping, route to or view any of the systems, in, say, accounting. Holland also suggests user profile monitoring software to evaluate the threat of an employee who may be "checking out" another department's information on the shared folder system.
Highlights: Chance Encounters, Hearing From a 30-Year Hacker
For me, the real value attending a conference is meeting people in the hallway. One was Drew Looyenga, an account representative for Grand Rapids-based ISI.
Drew Looyenga throws real software reverse engineering puzzles and challenges at would-be employees as the first step in the hiring process.
Looyenga is here to hire, as ISI has grown from 17 to 50 in employees in just two years. GrrCon is a great place to recruit, he says, because it draws enthusiasts-people who don't just do IT but also care about it passionately.
To that end, Looyenga was handing out USB keys containing data in electric file formats so rare that they were essentially encoded-one, for example, was a compiled executable on a rare UNIX distribution. Opening the file, and showing Looyenga the output, his the first step in the job interview process, he says.
Analysis: Should Companies Hire Criminal Hackers?
I also had a chance meeting with Josh Soehnlein, a security hobbyist who built a Raspberry Pi device that senses attempts by personal equipment to join a wireless network. (He's looking for a programmer to help him extend and document the framework.) The device, which Soehnlein documents at hilt.co, sends signals back confirming that it is in fact the "home wireless network," creates connections and monitors the traffic. To the hobbyist, this is a parlor trick; to the enterprise, this is a nice way to identify and correct possible vulnerabilities from users who bring their own devices into the network.