Be secure: Think like bad guys - Network World

Skip Links

DNSstuff.com
Get information about your IP
IP Information
50+ On-demand DNS and network tools

Security

Videos

rssRss Feed
Get instant email notification when white papers, webcasts, executive guides are added to our library.  Stay informed and up-to-date with the latest on IT Technologies with Network World's Resource Alerts.
Audio

Crackin' the Kraken bot. Listen now!

Network World's Newsmaker of the Week

Wireless dangers at airports. Listen now!

Network World Panorama

Additional Resources

RSS

FEATURED REPORTS

Executive Guide: Storage Heats Up HP

Get the latest on storage technologies that allow IT professionals to better cope with new IT demands. Learn how storage technologies can help you successfully tackle e-Discover, regulatory compliance, green data center initiatives and the data explosion. Get all the details now.

RSS

FEATURED WEBCASTS

Get Real-world Advice on how to Cost Effectively Consolidate your Data Center Novell

Discover the benefits of paravirtualization in this informative webcast today. This server virtualization-themed webcast not only explores how to improve virtualized server performance, but provides real-world user examples, explains how to optimize workloads and discusses the future of server virtualization. Focus on only the themes that interest you or watch all six consecutively for a full picture of how you can lower your costs significantly through consolidation and virtualization. Register below to learn more and be entered to win an Archos 605 Portable Media Player.

IT Buyer's Guides

View All Buyer's Guides

Free Newsletters

Sign up and receive the latest news, reviews and trends on your favorite technology topics

Save The Date!
What They Are Saying

So, the OpenOffice.org Community has announced the public beta release of OpenOffice.org 3.0, a new version...- Microsoft Subnet

Join the Discussion

Be secure: Think like bad guys

By Ellen Messmer , Network World , 04/11/2005
  • Social Web 
  • Email 
  • Feedback 
  • Close

ORLANDO - Security managers at last week's InfoSec World conference say they're combating the risks posed by outsider attacks and insider exploits by thinking - and sometimes acting - like hackers.

JP Morgan Chase, The Hartford Financial Services Group, the Mayo Foundation and Maven Security Consulting detailed procedures that call for stealing a page from the hacker playbook. These methods include war driving on wireless LANs (WLAN), phishing to test network security and teaching hacking techniques to software developers as a form of training.

Jack Mogren, senior network security architect at Mayo, the Rochester, Minn., healthcare organization, said he war drives to find security holes in his wireless network, which will grow this year from 1,300 to 1,700 Cisco Aironet access points.

"I hop in my Jeep and drive around the buildings doing wireless scans," said Mogren, holding up an antenna based on a tin can that he bought for $18 on eBay. The setup may be simple - a laptop running NetStumbler or other WLAN sniffer software and a jerry-rigged antenna - but it's identical to what a hacker would use. And it works.

He can detect rogue access points that employees - many who are researchers - may have installed without authorization. When he finds security holes, the Mayo Foundation's IT staff takes steps to ensure the proper equipment - with the appropriate authentication and encryption controls - is put in place.

Ethical phishing catches on

The Hartford, which has 35,000 employees, also is using stealth tactics in nabbing the bad apples in its midst.

"[Y]our employees are your biggest threat," said Matthew Fiddler, assistant director for information security at The Hartford in Connecticut, who spoke on security issues. "We had one guy tunneling porn, a lot of porn - 53 megs."

Based on suspicions, The Hartford's IT staff swept the employee's desktop computer to remotely scoop up the porn evidence using the forensics tool, Encase Enterprise Edition , which can remotely monitor and capture data without the employee knowing.

1 | 2 | 3 |  Next >
Comment
Login
Forgot your account info?
Add comment
Anonymous comments subject to moderator approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.
First Name
Last Name
E-mail
Zip Code