COMMENTARY--Sometimes the best way to pick up on new trends is to get out and meet people face to face.
It was nice to meet some of T&B's readers face to face at Information Security World last month--for the Lab it was a successful show for multiple reasons. As mentioned we met and received feedback from readers, met the general public many of whom had visited from places as far away as Darwin and Cairns. A bonus for us of course was meeting the product vendors--getting to know them is a boon to improving product delivery to the Labs and acquiring general product information.
At the show our live anti-spam tests ran flawlessly and we were able to show visitors to the stand the vendors' software in action as it vetted e-mails. Our "Hack the Firewalls" competition took a couple of days to iron out all the bugs.
All the vendors had installed their firewalls by early the second day, each defending one of our target servers. We had three systems set up, one with Windows XP and the other two with Linux. We also provided an Access Point with connection specs to allow "hackers" to work remotely. The object of the exercise was to get past one of the firewalls, all of which were configured for typical business functionality (not to a paranoid level) and read the contents of a TXT file on the server located in the "hacked" directory. A successful hacker would win a DVD player.
Sadly on the second day we found that Linux did not like our system's Intel motherboards integrated LAN, one system was connecting but with monstrously long ping times. The easiest way around this problem was to simply plug in very cheap Realtek NIC's, which Linux immediately recognised and ran flawlessly.
Oh, and our Linux installation included a very comprehensive array of hacking tools to make the job a little easier.
If anyone still thinks that security is an overblown issue, the rampant worm problem recently should have been a brutal reality check. RMIT has firewalls in place that blocked the worm, but given the size of RMIT and the fact that students and staff bring hundreds of notebooks into the uni each day and connect up it came to pass that an infected PC unleashed the work internally. The RMIT IT staff were flat out last week trying to bring the situation under control. At times we had sporadic Internet access at best.
So why didn't our IT staff have internal procedures to stop this type of outbreak?
Well, the short answer is they do, but there is that little problem of human nature: a proportion of the campus population does not pay much attention to little details such as insuring their anti-virus signatures are up to date or that they have the latest OS patches installed. In this instance their lack of diligence was rather forcefully illustrated.
Where possible we keep all our systems up to date with the latest anti-spyware, anti-virus, and patches. Sadly at times there are exceptions. If we are running a long-term test, for example, and a new OS patch is released in the middle of testing it may not be possible to apply the patch without potentially affecting the test.
Where possible we try and isolate these systems from the Internet but we did contract a Linux worm earlier this year on one of our live test servers that caused us some grief. We had to reinstall Linux, without the patch, and continue testing to ensure all our results remained valid but we were a bit more cautious about isolating the server in question.
If you didn't get a chance to meet us at the last event, interested readers will be able to catch up with us on October 13 and 14 at Storage World at Sydney's Convention & Exhibition Centre Darling Harbour.
Steve Turvey is Lab Manager of the RMIT IT Test Labs, and can be reached at stevet@rmit.edu.au.
Subscribe now to Australian Technology & Business magazine.
