Vamsi Chemitiganti shares hacker insight with students
January 18, 2005
Vamsi Chemitiganti talked about network security from a hacker's perspective Jan. 13 in University Crossings. Chemitiganti has been working in the field for over six years as a programmer and network administrator for Siemens.
Currently he is designing a Hospital Information System for Siemens. These are impressive credentials that led to a terse discussion of hardening a computer network.
The term hacker may or may not conjure up the false connotation of a bad guy trying to hijack a computer; that definition actually belongs to a cracker.
A hacker is someone who would rather test an operating system for security holes so that they can be fixed, rather than commit any malicious acts. The reason for the confusion lies in the media and movies calling criminals hackers.
Misnomers aside, crackers exist because they like the challenge and because computers are insecure.
What leads to this insecurity? Lack of education and bad design are the cause of the problem, according to Chemitiganti. People are simply unaware how vulnerable their computers are and as a result don't take the time to harden their computers.
Also, new vulnerabilities open up all the time and it is tough to keep up with them. He also noted that poor software design leads to holes in programs.
It is important that software developers take responsibility for their own products and make security a top issue. He joked that "Security is an extra feature in Microsoft products." Security should be as fundamental to the design of software as functionality.
He then went over some mass-mailing programs and described the steps that someone would go through to take over a weak system. First they scan their target and enumerate information about what programs the computer is running. Direct access can be obtained through password cracking or social engineering. Once in, they give themselves full access so that they can gather more passwords and information about the system. Then, just before they would get caught, they leave backdoors on the computer so they can control it whenever they want, from wherever they want.
Popular tools that crackers use are scanners, like Nessus, that will give up information about the system. This includes which operating system it is running and which ports are vulnerable. They also try to crack passwords with password crackers and use Trojans which hide little malicious programs in legitimate programs such as Notepad.
These open up a backdoor, letting the attacker get onto the infected system whenever they want.
In order to protect against such attacks, defensive measure like firewalls and intrusion detection systems (IDS's) can be implemented.
Firewalls block unwanted connections and IDs are proactive programs that can tell when an attacker is on a system and take a specified action against the attacker.
Leasing links to your website will boost your search engine visibility
Of course, an IDS is overkill for a home machine, but firewalls are valuable tools for the home as well as the office.
If you find yourself on a computer that has already been compromised, there are a few things to keep in mind.
Don't bother patching or running a virus scanner. If you are already infected, it is already too late. It is suggested that you rebuild your computer and start anew.
Source: The Triangle.org
Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.
You can link to the
Internet Security web site as
much as you like. Read our section on how your company can participate in our
reciprocal link exchange program
and increase your rankings
in the major search engines such as
Site optimized by Pagina+™
Powered by Sun Hosting
Search engine keywords by Rank for Sales
Development platform by My Web Services
Internet Security.ca is listed in
Global Business Listing