Network security is as strong as its weakest link

Back in 2001 I was lucky enough to be sent to a conference in Las Vegas for a computer security training session called ‘Detecting and Preventing Computer Related Fraud and Abuse.’  After 3 days of a boring lecture on how easy it is to steal information from computers, the instructors had a little surprise for us.  They had a “Professional Hacker” hack into the hotel’s network, find the laptop the instructor was using and take control of it while the hacker was on the phone.

I admit the guy was good, he found the computer in about 5 minutes and took complete control of the laptop.  The instructor then challenged the class, he asked for someone to come and protect the computer from the hacker.  I silently stood up and walked to the front of the class to the laptop and asked the gentleman on the phone if I could again have access to the laptop so I could change a few things.  I went into the network settings looked around, didn’t really change important, just enough so the computer would tell me “You must now restart your computer to apply these changes.”  I then informed the gentleman on the phone that I was going to restart the computer and then it was all his.

As the laptop was rebooting I unplugged the Ethernet cable right at the Bios posting and showed it to glass as they started laughing and clapping at the simple fix.  All the time the hacker on the phone was listening to everything that was going on.  He then assured me that it would be much quicker for him to find the computer since he had already written down the MAC address, the IP address of the computer as well as opened up a backdoor on the computer so he could find it easier.  I assured him that he would have a harder time finding the computer than he did last time.

All the time he was trying to find the computer again he was narrating what he was doing and as time passed you could tell he was getting more and more frustrated as to why he could not find the laptop he already hacked into.

Finally he got upset and started begging me over the phone to tell him what I did.  I simply told him “PC Security is a balance between functionality and accessibility.  The more functionality you have, the more accessibility someone else has from the outside world and vice-versa. This computer has lost all of its functionality on the network so naturally you are going to lose accessibility to it.  I unplugged the network cable, hack past that.” The class lost it, the instructor was laughing so hard he had tears rolling down his face.

The gentleman on the phone was none too pleased and after a few choice words to myself and the class he hung up.

  • Fifi

    lol lots

  • Mtbkrbull

    ahhhh air gap security

  • scottb

    trying so hard not to laugh my head off as i sit in the office