Brace yourselves, summer is coming! But this does not end the overspread of knowledge brought by Developers Connect Phillipines around the country. So just before the semester wraps up, DevCon PH landed on De La Salle Araneta University and poured down a heavy rain of information among the university’s ecstatic collegiate.
Friday, March 24. The students did not mind entering the weekend by spending just a little more of their time listening to lightning talks even until dusk. The seminar started a bit late in the afternoon. Nevertheless, the enthusiastic students learned a lot from the ever-inspiring speakers featured on that day.
An Ethical Hacker
“Warriors of the night, assemble!” No, hackers don’t yell out this dorkily phrase before committing their honest crime. They can be called cyber soldiers, the stealth warriors of the cloud. But for educational purposes and a more appropriate disambiguation, ethics iis applied. Therefore, penetration testers is a wiser industry-friendly designation.
There are three methods in the philosophy of penetration attacks. The first one is called Black Box. This is where the hacker tries to penetrate into a network without actually knowing anything about the target, it’s like starting from a blank piece of paper, and the hacker should be able to draw his way into a progressive full detailed masterpiece. This method requires an advanced hacking ability. Knowing where to come in and what to do once so is the main idea of infiltrating a network. When an attack is only made to get to know its target and there is no manipulation performed, it is called a reconnaissance attack. It’s like going on a first date without planning to take it all the way just yet.
If the ethical hacker is provided with his starting course, and they only need to fill it up, that method is called the White Box. This skips the first step of the earlier method, which is knowing the target’s profile and the main doors in their network. Companies use this method to save time and money. Since black boxing requires a demanding amount of work and time is of the essence, this method solves that constraint.
The last method, called the Grey Box, is a coalescence of the two earlier methods. There are two teams, the insiders, and the outsiders. The insiders give information to the outsiders and the latter black box their way inside. The disadvantage to this approach is the probability of overlooking other vulnerabilities since the attackers are already provided with the way in. Although mindful checklisting can be planned to avoid this problem.
The concept of these methods is narrowly defined here. But if you get the idea, you can pass a Q&A in basic networking exploit. Now that you know the three methods of philosophical hacking, you are now ready to be a hacker. Kidding. You are not. There are a couple more things you need to keep in mind. DevCon speaker Emmanuel Alcartado further adverted his ethical hacking cmd-ments to the audience:
Thou shalt not set thy goals. Only fulfill what your client tells you to do, do not wander off, remember that curiosity killed the cat. Moreover, thou shalt plan thy work, lest thou go off course. Take that checklist and jot it in your head. But when your unshakable and you really want to take a turn, thou shalt obtain permission. You should always remind yourself that you are a working professional.
However irresistible, climb on to your discipline. Thou shalt respect privacy of others. Do not break the law for your own deluded perversion. Thou shalt do no harm, your client writes your paycheck, don’t make them fire you. Thou shalt use a scientific process, like writing a case study.
When you use an application to infiltrate, and it is not yours, make sure to acknowledge its original creator and avoid claiming it as your own. Thou shalt not covet thy neighbor’s tools. And when you are done with your work, make sure everything is reported. Thou shalt report all thy hackings.
Aggressive and careless hacking is unethical. An IT expert may choose to become an anonymous assassin like those in the movies. But hacking is better a profession than a hobby, and there is always dignity is professionalism.
Securing Your Hotspot
You’re sitting at home alone watching Netflix. Despite your superspeed internet, your favorite episode keeps on buffering. You blame it on your provider. Then you look at the window and see some kids sit outside your home, with their phones by their hands. By then you realize that your sweet hotspot has been hacked.
It’s time to reset your router and keep these things in mind:
- Don’t throw the papers which came with the router’s package. RYFM – Read That F****** Manual
- Make sure your SSID is hidden. (Service Set Identifier – the name of your Wi-Fi)
- Set a difficult password. m@y13E$0meThIiiGLiK3TIIi$
- You can filter the mac addresses that can access your router
- Always update your firmware
Don’t feel bad. Those kids are not the badasses you think they are. They just had to google up ‘neighbor wi-fi hacking app‘.
Catching a little break on network powwow, the next speaker Denick Espares, talked about game design analysis. Graphic design cannot be interpreted as a careless art. Game designing is not an easy job. A user’s first glance at an interface could tell the future of any mobile applications. In this lightning talk, Denick aided his discussion by showing the user interface of Light Beats, a mobile game developed by Haliya Interactive.
He discussed five points to consider when making a game: Number one is highlighting important information. The user should be able to get a clue on which button or shape hangs loose and which is just a wallflower. This way, a game design does not bring confusion to the eye.
A controlling game that subsequently gives order can’t be good. Players are supposed to be given cool options. They should be the one telling the game what to do, and not the other way around. If they stay locked in on your game, inevitably users want to explore and discover more parts of it. Your game now becomes engaging. Also, challenge the user by maximizing the use of all navigational buttons to achieve a goal. It’s like beating an opponent with a combo. In short, make the controls work together to achieve a goal. Finally, a fulfilling game cannot be called as such if it doesn’t give satisfaction. Show how special a player can be by giving out rewards such as achievement tokens, medals, coins, gems, etc. But only give these rewards if the player deserves it.
There are players and there are gamers. The difference between them is their satisfaction level and profound criticism. The former can enjoy whatever’s handed to them, while the latter can be a little bit of perfectionists.
A Backbreaking Career in Network Administration
Securing a network seems easy. You might say it is the most unchallenging job in the IT industry. Maybe it looks like it, but it’s not. Network Engineers work harder than computer programmers. Developers can work alone, while network admins can’t. If they do, we wouldn’t call them security professionals. They are working in line with hackers, malwares, viruses, and other attackers.
The last speaker Daryl Solangon, a network administrator from Fujitsu, spoke about securing the Campus and Data Center. Is there a difference between the two? Let’s take this useful reference from cisco.com:
The “Campus” is where USERS (employees) connect to the network, along with all of the devices those employees use (e.g. desktops, laptops, ip phones, mobile phones, video conferencing, printers, etc). These types of applications have a wide range of bandwidth and delay sensitivity requirements.
The “Data Center” is where DEVICES connect to the network, and are mainly rack servers, load balancers, firewalls and other such devices designed to process and exchange “data”. These types of applications have relatively simple bandwidth (albeit large in quantity) and little delay sensitivity.
Unusual usage of bandwidth can be easily monitored by network administrators. This instance might be a signal in improper use of network loads. Sometimes, to prevent improper or unimportant usage of bandwidth, administrators see to it that the units connected to the network have limited accesses. Example, employees are not allowed to visit certain sites or directly download large files. Access control lists can be configured to control both inbound and outbound flow in the network. These are some things typically set in a network design.
Unlawful hackers target organizations unswiftly. They also have to follow several stages of attack to perfectly sabotage or manipulate their attackees. As described before by the previous speaker, organizations hire penetration testers to see if their network is secured enough to survive thieves in the night.
Mission Vulnerable: Public and Private
Campus Devcon is not complete without a friendly squabble from the participating audience. The Birds of Feather session brings out critical thinking and listening skills of the students while also promoting camaraderie. The topic brought the teams to cross swords on which offers a better network security, the government sector or the private sector.
Several factors including potency of risks or budget could affect the level of security a certain agency may have. But in this debate, the students must generalize the sectors regardless of specific constraints to come up with unbiased, good defenses. The speakers looked for persuasive statements and even though the crowd cheered for the boys, it was the girls that caught the judges’ final decision. Nevertheless, everybody enjoyed the afternoon and brought awesome devcon goodies. The social media winners also brought home freebies from DevCon.
Dusk settled in as the seminar finally came to its end. It was an engaging afternoon for all the attendees. The students, the speakers, and the volunteers. The knowledge gained by the students will always remind them that there is F-U-N to whichever way their IT career leads them.
If you want to solve a network security problem, a wide range of professionals at the DevCon community is available to help you. DevCon serves the Filipino IT by conducting seminars, workshops, and conventions. For more information, visit the DevCon events page.