October Blog Post: IT & Internet Security

It goes without saying, security in IT is very important, without network security financial information for every person that uses a bank could easily have their information stolen and sold on a black market. A job in in network security can easily earn you six figures a year, and there is an ever increasing demand for network security analysts and the like ever increasing in a world that is moving many of its data to the cloud.

Plot of the salary for IS professionals throughout the US.

At Jeved management we have to worry about our online storage accounts with services such as Box and Dropbox being secure in the event of an information leak from the company. IT needs not worry just about the actual information being stored with the services being secure, but the databases owned by the companies that contain the financial and log-in information for each of the employees, as with any website that the company has its employees use.

Folder hierarchy for Jeved Management on their Box account.

In order to efficiently and effectively manage its employee's passwords, Jeved has an Enterprise account with a service called LastPass that allows the employees to have their passwords saved in a centralized database, and the IT at Jeved can set restrictions on passwords that require them to be complex.

As you can see Jeved is only using about 8% of the available features, it will be my job to setup and configure the rest of those features.

I am writing about network security and its role in IT as my research has been leading me towards articles that deal with having secure networks, but also due to a Cyber Security Fair that I attended at Cal Poly Pomona in which speakers presented on the importance of making sure things are secure in an age where there are increasing security threats everyday.

Cyber Security Fair Flyer.

An interesting and quite fun part of the Fair was on the idea of penetration testing which is where a company will hire a consultant to try to break into their system by any means necessary to find any security flaws that may exist. This included a hands on activity that made use of a $35 dollar computer the size of a credit card called the Raspberry Pi.

The Awesomeness that is the Raspberry Pi, I do own one, but I use it as a media center.

We used the Raspberry Pi to exploit weaknesses in a target computer to show how easy and scary it is for a "bad guy" to break into a computer or network and steal information or just wreck havoc. This presentation taught me that making sure your devices are up to date and have any security updates installed as our target computer was a desktop with Windows 7 that had little to no updates installed. This definitely showed the importance of making sure things are up to date as Windows 7 is what the computers at Jeved use, and is not an outdated OS either, meaning there are many more people in the world that are vulnerable to exploits.

A screenshot of metasploit being used to exploit a server, the very last line states that the user id # of the terminal that the exploit was able to open on the target server is id # 0, otherwise know as the root account which also a hacker to have full control over the server D: