Huff: The importance of IT security in an insecure world
special to the daily
Even the most tech-savvy companies can fall victim to hackers’ sabotage. So today’s technology warriors need training and vigilance to keep malicious attacks at bay.
In March at RSA, which is the security division of global information technology company EMC, a technology-trained staff person clicked on a link in an email. RSA, credited with inventing SecurID, sells security key software solutions to a majority of the Fortune 500 companies.
As a result of the click on that email link, 40 million security key codes, many of which were used to guard important industrial and military secrets, now have to be changed. The attack on RSA was likely mounted by foreign powers intent on stealing the secret data of U.S. military contractors.
Back in Summit County, Colorado Mountain College technology student Jerry Del Valle works to unlock a malware-infected computer whose owner also clicked on a link in an email. The infection Jerry worked to unravel was meant to extort money and is commonly referred to as a fake anti-virus. It was probably mounted by a 20-something hacker from a satellite country of the former Soviet Union. The Internet users in both of these cases simply clicked on a link.
Over in Boulder, an expert in network protection, senior security engineer Chuck Little, is hard at work running simulations on and adding safeguards to his employer’s networks. Learning how to protect a network from attacks, like the ones at RSA, often begins with trying to gain unauthorized entry through a method called penetration, or PEN, testing. Chuck is experienced at this technique and many of the others associated with protecting very large networks from both accidental and malevolent exposures to attack. Chuck has consulted with some of the most security-conscious agencies in the U.S. government.
Jerry Del Valle, who has earned an associate degree in information technology from Colorado Mountain College, has gone on to gain additional certifications and is currently employed as a tech professional by Vail Associates. His passion is deconstructing malware attacks and looking beyond the obvious infections for hidden backdoors.
Chuck and Jerry are friends; they met four years ago in Las Vegas at the world’s largest technology security conference, DefCon. While the conference is famously known as a “hackers’ meetup,” it is in fact heavily attended by clean-cut professionals from agencies such as the FBI, CIA and NSA. Since that first meeting Chuck has advised Jerry’s learning path in information security technology.
“SE” or social engineering attacks are of particular interest to both men. This is the system where a cleverly worded email or Web page causes a user to accept an attacker’s attempt to launch malicious software on the user’s computer. In the case of RSA, the staff person received an email, supposedly from within the company, with the subject line of “2011 Recruitment Plan.” A link to an Excel spreadsheet was included and shortly afterwards a massive computer attack was launched against defense contractors like Lockheed Martin using stolen RSA key codes. Chuck Little’s counterparts at Lockheed Martin, however, were able to block that particular attack. Not all targets of the stolen key codes from RSA were that lucky.
Chuck Little is the featured speaker at the free CMC Tech Symposia July 28 at Colorado Mountain College in Breckenridge. His talk at 8 p.m., open to the public, follows a public seminar for those interested in what local techs do and will feature Jerry Del Valle along with other area techs who have been employed after receiving technology training from CMC. The title for Chuck Little’s talk is “Phishing, FakeAV, Social Engineering: What does it all mean to me?” “A day in the life of a local tech” begins at 6 p.m., followed by a meet and greet, attended by local IT professionals,
and then Chuck Little’s presentation at 8.
Phil Huff has been an adjunct faculty member of Colorado Mountain College since 1985. He teaches computer technology courses and has been an IT professional in Summit County since 1982. He has also attended DefCon.
Support Local Journalism
Support Local Journalism
As a Summit Daily News reader, you make our work possible.
Your donation will be used exclusively to support quality, local journalism.
If you don't follow the rules, your comment may be deleted.
User Legend: Moderator Trusted User