----------

More Informative Education & Distance Learning Related Articles

Here are a few more Education & Distance Learning related articles you might also find interesting...

FBI Academy: 25 years of law enforcement leadership

America Online and Fathom Announce New Alliance to Expand AOL's 'Online Campus' Learning Center

Cultural and linguistic diversity and the special education workforce: a critical overview

News Briefs - Princeton Review Inc.,Massachusetts Department of Education - Drexel University, Campus Pipeline Inc - Brief Article - Statistical Data Included

IQ and economic success - intelligence quotient



More Article Categories
You'll find more Education & Distance Learning articles in the following categories... 

"Distance Learning"


Archived Education & Distance Learning Discussion  Categories

Also be sure to check out the following categories of archived discussions...

Distance Learning
Medical Education

Home | Education & Distance Learning Articles | Article

Guardians of the Firewall: NetShapers battles to keep computer barbarians out of company networks and on their side of the moat - Cover Story

Greater Baton Rouge Business Report - March 13, 2001

Computer hackers often do what they do for fun, or just because they can. That is, they invade and disrupt the systems and Web sites of companies and organizations, either to create a little random havoc or for motives of malice or profit.

The homegrown tech talent that drives Baton Rouge-based NetShapers Inc. gets some joy out of what it does, too.

NetShapers is in the business of disrupting and creating havoc for hackers.

The local Internet development and consulting company, founded in February 1998, does the jobs usually associated with Web developers--Web design and hosting, e-commerce and database development--but has made network security its market positioning point.

That niche has helped the young company make solid growth gains with some fairly high-profile clients, including the. Louisiana District Attorney's Association, local fast-food chain Raising Cane's, Hollingsworth Court Reporting, Louisiana Companies, Industrial Specialty Contractors and the law offices of Keogh, Cox and Wilson.

And in keeping with that niche, NetShapers has recently released a firewall program called FrontDoor--sort of an electronic junkyard dog of its own design to patrol the fence lines and gates of client systems and keep the techno riffraff at bay.

Firewalls are programs or system setups that allow strict control of who and what gets into a system via the Internet.

NetShapers President and CEO Peter Sygula likens firewalls to a moat and drawbridge protecting a company's network castle.

His company also designs virtual private networks, or VPNs, for clients. VPNs use encryption to make Internet communications as secure as internal network systems, and NetShapers' FrontDoor can also serve as the controlling system for such a network.

The Web development end of the business also boasts some recognizable names, including Casino Rouge, the Louisiana Association of Insurance and Financial Advisors, the Greater Baton Rouge Association of Realtors and Southern Medical Corp.

The security aspect is key in that part of the business, too, as Sygula has passed up contracts when companies wanted to skimp on the security of their Web site design.

"There's no reason for us, as professionals, to do that," he said. "People pay us a good bit of money to use our expertise."

The company, made up of four partners, two employees and three regular subcontractors, also brings in some of its money working the other side of the fence, in a way.

NetShapers from time to time takes on the trappings of its hacker and cracker foes to do a little electronic breaking and entering.

But only at the behest of the break-and-enteree.

Such contracts, in which companies hire NetShapers to test their existing network security, could never be the full basis of the business, since they come along only about three to four times in a given year.

They are, however, opportunities for NetShapers to view what the Internet criminals and pranksters of the world see when they size up a system for attack.

Role playing

NetShapers' security assessments take two forms: open and covert.

Open analysis does not involve as much poking and prodding, and is more of a general look-see into potential weaknesses in a network, Sygula said.

"Those are not normally as effective as the covert, in which no one knows what's going on except the administrator who hired us," he said.

The initial step in the covert process one of the standard scouting measures hackers employ. "The first thing we would do, which we would do with any security contract, is do a port scan," Sygula said.

"Ports" are the individual addresses in a network, which hackers can check for weaknesses vulnerable to programmed exploits. Exploits are packets of data camouflaged as routine user requests or responses, but coded to do such things as crash servers or gain access to the system.

"On a covert hire, you're looking for one hole that's going to get you in a system," Sygula said.

If the initial break-in doesn't work, NetShapers pulls out the stops; making use of the great low-tech tool of the hacker--social engineering. Social engineering is the current term for conning employees of a company into giving up passwords or other key information useful for breaking into a network.

The methods range from pretending to be the systems administrator to rummaging through the company dumpster to getting personal information about ployees to make educated guesses about their likely passwords and system ID Sygula said.

"Nine times out of 10, that's how you get in," he said. "It works like a marvel."

Sygula calls the dogs off on such contracts before they get too personal. "Once you gain access to the servers, that's where we usually call it quits."

Though the companies contracting with NetShapers are paying Sygula to do his best to get in, the clients are often more annoyed than appreciative when his team succeeds.

"They kind of feel cheated," Sygula said. Many administrators hire NetShaper to either check behind another company's completed work or on the assumption that the networks in place are airtight, and they do not like being disabused of that belief.

For the most part, though, NetShapers' stock in trade is beating the, bad guys, not being the bad guys.

Know the enemy

Hackers, oddly enough, freely provide some of the best information on the methods and the e-tools of the trade.

They circulate underground magazines dedicated to sharing the latest tricks and weaknesses in common security systems and even exchange information on secret Web sites.

"These guys have conventions," Sygula said.

The underground Web sites are often protected by a security firewall, which users must defeat to establish their hacker credibility before entering.

"The Internet becomes a very handy tool for us, especially its anonymity," Sygula said.

Just as systems with security weaknesses allow hackers to move through a company's network masquerading as legitimate users, so, too, does the anonymity of the Web allow NetShapers' security designers to travel through the underground sites masquerading as hackers.

Those who spend their time breaking into the systems of others are quite touchy about their own security. Hackers are also more focused on securing their own systems than anyone else on the Internet, Sygula said.

"Hackers are more paranoid than the people they attack," he said. "Knowing that has helped us with our system."

Hackers' fears, of being found out make them skittish when their own tools are turned against them, Sygula said. They almost always have an intrusion detection system set up, and a simple return port scan will generally chase them off, he said.

For more persistent intruders, Sygula has a nasty little trick called a "honey pot." In setting up a honey pot, NetShapers will take the real system under attack off-line and replace it with a system that appears identical to the electronic invader.

The twist in the faux system is it traps attackers by holding the Internet connections linking the hacker to the network longer than the legitimate system would, allowing the security watchdogs to track back to the originator of the attack, line by line.

"That gets exciting," Sygula said. "That's when you know somebody's kicking at the door."

Most intruders will be able to break the connection before they are found out, but knowing an intended target has the power to identify a hacker is usually enough to push them to seek easier prey, he said.

If Sygula's company has become a pain for some hackers, they have only themselves to blame, because, while Sygula always had a bent for computers, it was chasing e-foxes out of the techno-chicken coops that gave him the direction his career has taken.

Getting blooded

Sygula was still a student at Louisiana State University when the security bug bit him good and hard.

"It started off with me working for a company called Data Research Unlimited," he said.

Sygula was systems administrator for the company in the heady dot-com days of 1997. "The two years from '97 to '99 is where the Internet experienced its biggest boom. We were dealing with servers that were processing a lot of traffic."

And, in the world of the Web, more traffic equals more danger.

"We were getting hacked on a regular basis, and I had to do the forensics on attacks," he said.

In early 1998 Sygula decided to strike out on his own with fellow LSU student Jerry Barnett, a friend since their days at Scotlandville Magnet High School, and a third partner, Ryan Hebert.

"The three of us decided we had enough skill sets to make a goof it," Sygula said.

NetShapers was born as a Web design company and started, in. stereotypical fashion, in the spare bedroom of Sygula's apartment. "We basically went broke pretty fast, because four grand doesn't go very far,", he said.

Business picked up enough by May 1998 that the fledgling company did not have to join the ranks of the dot-corpses.

1 2 3 Next »

If you would like to discuss any of the issues raised in this article with hundreds of other Education & Distance Learning enthusiasts from around the world, please feel free to visit the discussion forums & post a message.

Education & Distance Learning Discuss this article in the discussion forums now.

Popular Education & Distance Learning Discussions From The Past

Photo of Rich Mentoring at Greenwich? (3 posts)
by Frederick Davis - Last post on: 01-23-04 17:16
"Roy," I see Rich Douglas mentoring, and the background is green alright, but is it the Greenwhich once owned and managed by the poacher-turned-gatekeeper, John Bear? Incidentatlly, I couldn't find any of Bear's 3 unaccredited affiliations on his circledance webpage. He seems to like runni... (Read More)

Intergel Complications (1 posts)
by kr0 - Last post on: 06-21-04 08:04
This may be of interest to some. There seems to be an investigation going on about the safety of Ethicon Inc.'s Gynecare Intergel adhesion prevention solution. This is a product commonly used in gynecological surgery that may have some harmful side effects. A number of people have had complicatio... (Read More)

Online R.N. (1 posts)
by Ratty - Last post on: 09-06-03 00:10
I know i've been asking alot out of you guys here and i haven't been able to contribute much. I do appreciate the help, and i'm kinda desperate now so i'm gonna ask for more advice. after talking with a friend who recently graduated with her r.n. i decided that going for an r.n. would allow me t... (Read More)

Re: Afraid -- postbacc choices (2 posts)
by Jon Steiner - Last post on: 07-20-03 09:10
First Scott: Thanks for responding. > How old are you now? 45? 50? Why do you want to do an MD/PhD? I'm 32. I want to study how gene therapy can be pushed forward into the clinical realm. I think a combination MD/PhD would be just the ticket to do this. Incidentally, my interest in t... (Read More)



You must register before posting in the Education & Distance Learning discussion forums. It's free & only takes a few seconds. Please also remember that no advertising is allowed...
Enter The Forums Here

 

 
Education & Distance Learning | Education & Distance Learning Forums | Bookmark Us | Website Directory | Articles | Forum Archives | Contact
Copyright -education-today.com -Education & Distance Learning - All Rights Reserved
 

0% credit cards | MPAA | Share Prices | Personal Car Finance | Car Credit