Thursday, April 28, 2005

Computer Security

I am on a one week hands-on training course this week studying hacking techniques. VERY interesting stuff! Over the past few days, I have gotten hands-on practice with a number of hacker tools, and learned how to do reconnaisance on a prospective victim, how to compromise the victim's computer system, how to install a back-door in that victim's computer, and how to hide my own tracks. Yesterday, we learned about denial of service attacks and distributed denial of service attacks ("if you can't beat them, you can still squash them"). Today, I'll be learning about using Trojan horses to inject harmful payloads into a network and how to hide my presence on a victim computer, and tomorrow, the whole class will practice what we've learned with an electronic game of "capture the flag", attacking a group of victim servers at the front of the classroom and each other.

For most people, this type of class would be just interesting, but for me, it is also really stressful. You see, I'm an IT director - the guy that would have to answer to our CEO and the Board of Directors if a hacker ever did break into our network. In my role as an IT director, I am responsible for over 70 computer servers and seven hundred PCs across our company, and for me, going through these techniques and learning hands-on how a hacker could compromise them is disconcerting to say the least. Yesterday, while the instructor was teaching, my mind was swimming with thoughts of a hacker using one of these techniques on one of my systems. Even writing this post and talking about what I've learned this week makes me feel stressed.

The type of knowledge I am learning this week can be very dangerous in the wrong hands, but can be very powerful in the right hands. Next week, it will take me a few days to fully absorb what I've learned and to grasp the ramifications for my company's network. But, then, I will be able to make changes, fix vulnerabilities, and my company's computer systems will be stronger as a result.

Learning about hacking techniques is a bit like the movie The Matrix. When Morpheus met Neo, he offered Neo two pills - a red pill, and a blue pill. Neo could either take the blue pill, and wake up in his normal life thinking everything was okay, or he could take the red pill, and learn what the world was really like. This week, I feel like I've just taken the red pill. I know a lot about computers, and many people consider me an expert in my field, but I feel today like everything I know has just been turned upside down on its head. I don't think I will ever think the same after this week.