November 19th, 2017
 
Home
About Us
Buildings
Our Sponsors
News
Links
Contact
 

Sirti Bestows Award of Honor
October 21, 2010. Billie Moreland, PhD, of Billie Moreland and Associates and Steve Simmons, PhD, E...

Triangle %u201CGraduates%u201D at Sweet Sixteen
The Idea (1994)
In June 1994, while on a layover in the San Francisco airport, Dr. Steve Simmons cam...

  More News

 

05/31/2004 - Security Event Marks TINCAN Anniversary

The Inland Northwest Community Access Network (TINCAN) celebrated its tenth anniversary at a breakfast at the Ridpath Hotel on Tuesday, May 25. TINCAN is a community network that provides education and support for social, economic and community development through the use of computer technology and telecommunications. The celebration featured Chey Cobb, CISSP who spoke on "Low-Tech Attacks in a High-Tech World."

Cobb was former Chief of Computer Security for the National Reconnaissance Office (NRO), is the author of two books on network security. She writes a weekly on-line column "Safe and Sound in the Cyber Age" that explains security issues in plain language for everyday computer users. Now an independent security consultant, Ms. Cobb advises small to medium size companies on Risk Analysis, Security Policies and Procedures, Security Architecture, and Risk Management.

Cobb's talk was chock full of real-world examples based on her long experience in computer security. She emphasized that the majority of all security breaches were not due to sophisticated hacking by the "black hats", but were more apt to be low-tech security breaches that occur through carelessness, theft, or "loose lips." She pointed out that security mechanisms such as anti-virus software, firewalls, intrusion detections systems, VPN's, encryption, and heuristic systems are all helpful and necessary. However, the best and most costly security mechanisms can be for naught if there are unchanged default passwords. For example, one can find through Google, pages and pages of Cisco router default passwords. If the Cisco user doesn't change the default passwords, anyone can have access using the default.

Then there is the concept of "social engineering." This term is used by all cyber security people, and it means manipulating, usually duping, the people employed by a company to get access to the computer files. Cobb had several examples of looking the part, acting official, and just walking into a company where she got the employees to simply tell her anything she wanted to know.

Theft is another security problem --- laptops, cell phones, and paper simply walk out the door. Most computers and auxiliary devices can be locked or password protected, but many are not. Then there are the papers people simply leave on their desks or throw, unshredded, into the trash. Cobb related that she had worked in a number of security situations with a number of "spooks", and these spies gleaned more information working as janitors that they ever did with high-tech surveillance devices.

The ultimate in low-tech security breaches may be eavesdropping on conversations. "Hanging out in the bar during a conference can yield all sorts of inside information," says Cobb. It seems that people everywhere like to brag or complain, and will tell much more than they should. A "spy" need only sit nearby and take notes.

Wireless networks are notoriously unsecured. Cobb found the wireless connection in her hotel to be completely unsecured --- as was the "incredibly strong" wireless connection she found in downtown Spokane. A scan showed four other wireless users connected in the hotel, and had she chosen, she could have accessed their computers. Instead, she made certain that they couldn't find her. She did this by activating "Zone Alarm", a free personal firewall.

Other simple wireless security measures would include changing the default service set identifier (SSID) and default password. The wireless user can also turn off their Media Access Control address (MAC) addresses, and turn on Wired Equivalent Privacy, (WEP). Then the wireless user can check for "rogue" access points. NetStumbler is a good screening tool to find out "what else is out there."

Cobb stressed that security, even in this high-tech age, is still more about people than machinery.

Billie Moreland
 
» News Archive
Search:  

Sirti Bestows Award of Honor
Triangle %u201CGraduates%u201D at Sweet Sixteen
Triangle Concludes Newsletter Operations
ISAGA 2010 Conference Slated at Riverpoint
Terabyte Tidbits
Education Robotics Expands in Region
Terabyte Tidbits
Triangle Welcomes Caelus Consulting
Area High Schools Join Robotics Competition
Terabyte Tidbits
Triangle Welcomes Apple Guy
Fine Solutions Offers Flexible ERP
Lewis and Clark Robotics Faces FIRST Showdown
Terabyte Tidbits
Interlink Debuts Surveillance System
Spokane Entrepreneurial Center
Terabyte Tidbits
EWU Computer Science Celebrates 25 Years
Terabyte Tidbits
Triangle Welcomes Spokane Web Communications

1