Computer networks & information security: hacking is no complex science

By Jeremy Fain, December 20, 2006

We students have had during the last 3 weeks a learn-by-doing course on network security. Basically, what happened is that we had the class split in 2 groups: attackers & defenders.

I was one of the defenders. We did a pretty good job trying to build a fortress (but a fortress from which one may work properly, that’s more tricky) against our mates’ attacks using firewalls, on both hosts & networks, IDS like Snort, antiviruses & system updates.

The attack team tried to make use of freely available software exploits, and hardware or human tricks like watching one’s password or using key loggers to leave a troyan on the system. In other to abide by French laws on system break ins, we had altogether had a VPN (Addendum: thanks to Jean-Sébastien for making me realize I had made a mistake: we had actually devised a private network, not a virtual private network granting access at a distance) to avoid interference with the outside world. Defenders had WinXP machines, attackers had Debian and Ubuntu (a friendly sort of Linux).

What I learnt in these past few weeks from this extremely interesting course is that hacking is no complex science. I used to watch these kids arrested for hacking the, say, CIA website and say “wow, these guys are genius”. Not at all: many free and not free hacking tools are available. The same goes for defensive stuff.

Although I’m far from being a techie (I wish I were ;-) ), I have to say this course has been one of the richest we’ve done so far in terms of learnings, on top of being fun and useful.

To move on to another topic, I recently talked to a friend and Harvard MBA alumni, he told me that “case studies were not perfect but the less ineffective way of learning they had found so far”. Well, I quite disagree: hands-on learning curve is much steeper provided that it’s backed by solid foundations. Learning-by-doing methods, when they can be applied, represent in my opinion the future of Education.

Adddendum: got an e-mail from Sarah 2 minutes after I posted this note; yes you did recognize me, I’m the guy wearing the ugly purple t-shirt. I know I look tired, & I actually am.

Unlike

Related posts:

  1. Social networks a complex competitive advantage?
  2. ENSIMAG: France's most advanced computer science school
  3. Towards a more generalized Storage & Security industries convergence? Proof is the EMC acquisition of RSA Security
  4. "The Art of Computer Programming": Donald E. Knuth on computer science and its maturity
  5. Now sharing classes with engineers: Information & Communication Technologies + Project Management

categories CIO, Education, Entertainment, Europe, Friends, Internet, Networks, Security, Software, Storage, Telecommunications, VoIP, open-source, operations

This website uses IntenseDebate comments, but they are not currently loaded because either your browser doesn't support JavaScript, or they didn't load fast enough.

One Response to “Computer networks & information security: hacking is no complex science”

  1. Kari says:
    December 20, 2006 at 09:46

    Cool excercise, but of course true hackers make their own tools. But script kiddies armed with point-and-click tools are of course a larger threat than sole hacker who on the other hand is much more dangerous.

    I hope that class also tought that security is not just a collection of technology.

    The CIA hacking guys are only geniuses if they’re not caught =)

Staypressed theme by Themocracy