So, I just returned from an amazing security training out in San Francisco, California. It was the SANS 401 course which was much better than I could have ever imagined it would be. The course started out a little slow with Stephen Sims going over some basic networking concepts. Seeing as I’ve spent most of my life learning about networking and how TCP, UDP, and routing protocols work, it was a bit boring to me. But after we got through that the course started to get exciting. The 6 days were split up into 6 core areas that covered a wealth of information about security.
- Day 1 - Networking Concepts
- Day 2 - Defense in Depth
- Day 3 - Internet Security Technologies
- Day 4 - Secure Communications
- Day 5 - Windows Security
- Day 6 - Unix Security
Some of the highlights from the course were definitly some of the off things that Stephen Sims talked about. He discussed an IE6 exploit with IFrames that has since been patched. As strange as it was though, about 10 of the 18 people in the class had machines that were still susceptible to the attack. Not only did he tell us about the exploit and show it in action but he delved into the assembly code that caused this attack to work. It was much deeper than I ever would have imaginged a network security class would have taken it. On top of this, we went over just how easy it is to crack WEP security (which I tell people all the time) but also the tools that are required to crack WPA using a brute-force attack.
The scariest thing I realized in this class though was how simple it is for people to get their hands on the tools that are necessary to make out these attacks. Things like ARP poisoning and using rainbow tables to crack LM Hash passwords are as easy to come by as a MySpace account… Alright, maybe not that easy… I mean some people who don’t read have MySpace accounts and unfortunatly, I don’t think these applications are made to be optimized for Text-to-Speech engines. Someone with a few days to read up on these techniques can start cracking WEP keys, sniffing network traffic and taking your personal or business information in a matter of minutes.
I’ll write more on some of the topics that were covered in this course soon. For now, I’ll leave you with one word of advice. While you can not ever truly protect yourself from all forms of attacks and keep your information safe from all prying eyes, one of the best things you can do for yourself is patch and update. Patch and update everything — from Windows to Mac OSX to Office to Mozilla Firefox, download the updates. I know it can be a pain and take some times but it’ll be worth it.
