Hackers, security pros talk penetration testing, social engineering

By Matthew Heusser, CIO |  Security, penetration testing

Lary Holland, president of NEM Technology, leads off a talk whose title says it all: "You have your firewall, but the hacker threat is already in your office-[or], the killer is already in your house."

How-To: BYOD Security Demands Mobile Data Protection Strategy

Thanks to the bring your own device (BYOD) trend, Holland says, infected computers can now bypass the firewall directly and attack from the inside. He suggests increased intrusion detection that not only monitors packets for signatures but also watches where they go and, in a sense, creates Virtual Private Networks to enforce role-based security. In other words, if an engineer logs into the network with any device, that device will not be able to ping, route to or view any of the systems, in, say, accounting. Holland also suggests user profile monitoring software to evaluate the threat of an employee who may be "checking out" another department's information on the shared folder system.

Highlights: Chance Encounters, Hearing From a 30-Year Hacker

For me, the real value attending a conference is meeting people in the hallway. One was Drew Looyenga, an account representative for Grand Rapids-based ISI.

Drew Looyenga throws real software reverse engineering puzzles and challenges at would-be employees as the first step in the hiring process.

Looyenga is here to hire, as ISI has grown from 17 to 50 in employees in just two years. GrrCon is a great place to recruit, he says, because it draws enthusiasts-people who don't just do IT but also care about it passionately.

To that end, Looyenga was handing out USB keys containing data in electric file formats so rare that they were essentially encoded-one, for example, was a compiled executable on a rare UNIX distribution. Opening the file, and showing Looyenga the output, his the first step in the job interview process, he says.

Analysis: Should Companies Hire Criminal Hackers?

I also had a chance meeting with Josh Soehnlein, a security hobbyist who built a Raspberry Pi device that senses attempts by personal equipment to join a wireless network. (He's looking for a programmer to help him extend and document the framework.) The device, which Soehnlein documents at hilt.co, sends signals back confirming that it is in fact the "home wireless network," creates connections and monitors the traffic. To the hobbyist, this is a parlor trick; to the enterprise, this is a nice way to identify and correct possible vulnerabilities from users who bring their own devices into the network.


Originally published on CIO |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

SecurityWhite Papers & Webcasts

See more White Papers | Webcasts

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness