So who hired the hacker?

Picture what would happen if you discovered that you had hired a suspected hacker in your IT department. Here are just a few thoughts to consider:

What can you do?

You might ask yourself a question – Is he a white or black hat? The former is an ethical hacker whilst the latter is non-ethical. What’s the difference?

As per the Wikipedia definition, An ethical hacker is usually employed by an organization who trusts him or her to attempt to penetrate networks and/or computer systems, using the same methods as a hacker for the purpose of finding and fixing computer security vulnerabilities. Unauthorized hacking (i.e., gaining access to computer systems without prior authorization from the owner) is a crime in most countries, but penetration testing done by request of the owner of the victim system(s) or network(s) is not.

A hacker is someone who seeks and exploits weaknesses in a computer system network. Hackers may be motivated by a multitude of reasons, such as profit, protest, challenge or enjoyment.

So what can you do to determine if the employee is exhibiting hacker behaviours

1) Check your that your security controls are working effectively – You might look at your firewall port profile, recent IDS, FIM, log analysis reports, etc. You could as far as undertaking a vulnerability scan of your internal network or external perimeter. The problem with vulnerability scanning is that often leads to false positives and more effort goes into sorting these out than addressing the other vulnerabilities. It usually requires a highly competent individual to undertake this. You might also want to check the employee’s authority levels.

2)  Is the Employee adhering to corporate standards?

Has he or she done something different which they claim is required to undertake security testing etc? Such things include:

– Setting up a “back door” WAN circuit which by-passes corporate perimeter security controls.

– Provision of anonymous access tools to the web and intranets etc – e.g. Tor Browser

– Weakening of security controls – e.g. replacing IMAP with POP3 on smart phones or moving from WPA2 to WEP on corporate wi-fi networks.

– Setting up new domains or networks.

I hope this has been useful.

Are Raspberry PIs a waste of money?

Introduction

This is a post which explains the reasoning behind why people should purchase a Raspberry Pi. It is not intended to be technical blog and is aimed at those who have some technical knowledge.

What is a Raspberry PI

A Raspberry Pi is a small barebones computer onto which an operating system (usually Linux) may be added. The recommended operating system, Raspbian comes preloaded with Python, the official programming language of the Raspberry Pi and IDLE 3, a Python Integrated Development Environment. This is accessible from the provided desktop and is designed for absolute beginners who wish to learn to program.

However, anyone with reasonable Linux skills can access the power of this operating system through what is know as a command line prompt. Such users can download other programming environments of their choice, such as Perl, PHP and Java.

What are the benefits of a Raspberry Pi

1) Procurement cost

2) Uses low cost common peripherals, such as micro USB power and SD cards etc.

3) The default desktop environment should get you programming in no time.

4) The Raspberry Pi user community and on-line documentation is superb.

5) It can interface easily with cameras, temperature probes and other electronics components as the backbone of say a home automation project.

6) In the hands of a knowledgeable technical person, it can be used as a powerful prototyping tool set without tying up expensive servers.

7) It is portable and can be used for such applications as remote CCTV or as an intelligent data sensor.

What are the limitations of a Raspberry Pi

1) It is a fragile piece of kit because it relies on an SD card which has a much lower life cycle than conventional storage devices. (It can use flash drives etc but the current Raspberry Pi must always boot from an SD card.)

2) It has limited computing power.

3) It does not come with a protective case and therefore may be susceptible to mis-handling and electrical or physical damage.

4) It cannot be used in a full production environment.

5) It is susceptible to security attacks if exposed to the web, without first hardening the system.

Are Raspberry PIs a waste of money?

To answer the initial question I posed, the answer is most certainly no, so long as the realities of the device are considered.