Why Oregon Needs Secure Networking Engineers

Yesterday, the Oregon University System recently disclosed a news release about a security breach (PDF here) in three of its universities. This security breach means many Oregonians may have had their credit card information stolen, and shows just how necessary it is for Oregon to rely on Oregonian network engineers to keep data safe.

These three universities contracted a box office management service (for things like theatrical events) to a company called Vendini. While it’s easy to blame a whole company for the security breach, we have to ask: who’s really responsible?

Vendini is a company based in San Francisco, where network engineers are hired in the ten thousands and demand is incredibly high. Great, it’s the land of opportunity—but with that many people getting hired, you’re more likely to have a few bad eggs.

What we need are good network engineers living in Oregon, so we can keep services like this local and premium.

But more to the point, what is a network engineer?

Nobody uses laptops with both hands, in pictures. Here's a network engineer.

Computer networking engineers come in two flavors—architects and administrators—and their job is to design/implement or maintain computer networks for many kinds of companies or organizations.

Often, someone is hired to be a network architect, and once the job is done they will become the administrator—that’s why we just call the job “network engineering,” since the job winds up looking like the engineering design process. It also means they often work full-time for the same company, rather than working for a centralized firm and selling their services.

One of the most critical jobs of a networking engineer is to make sure their network is safe and secure. Obviously, the networks for Vendini were not. Does that mean they’re a bad company? Of course not.

But it does mean that their networking engineers have their work cut out for them—because they store credit card information and addresses, they need to keep their data safe from hackers by whatever means possible.

Oh, and as it turns out: Oregon has the highest mean annual wage for network architects, at about $115,520.

Read on:

Advertisements

Be secure like a boss—the true geek passwords

I

nternet news sites have been going crazy over how vulnerable our passwords are, these days. Hackers are having a relatively easy time accessing databases of passwords by the millions.

The cool thing is that even if they have the password, it’s protected by something called a hash. Hashing basically means that the password you type is translated into a long and messy string of text (check out this explanation for more details) that can’t be read by the naked eye.

There’s a way around it, though: if a hacker has the hashed password, they can use brute-force guessing. Basically, a password cracker can guess the password, run it through the hash algorithm, and see if the result matches with the messy hash they stole. If it matches, they know they have the correct password.

Especially smart crackers make custom PCs specifically for this brute-force method. They stack together tons of GPUs (used for graphics processing, normally) and have them rapidly generate millions of guesses—millions—per second. Faster than a supercomputer could have done it, just ten years ago. They, in essence, start with guessing “aaaaaaaa” and seeing if that matches, then “aaaaaaab,” then “aaaaaaac” and so on, until they get a match.

Needless to say, the longer your password is, the better. So what’s the best way to make a very secure password?

If you ever go into IT work—administering computer networks and stuff—you’ll probably be required to have a ridiculously long password. Something like 30 characters. Oh, and it gets better. It has to have upper-case, lower-case, numbers, and symbols. And some people have trouble memorizing a 10-character password—that’s why they do something stupid like “password11.”

And, let’s be clear: that’s a stupid password. We don’t like throwing that word around, but right now we mean it.

But our intentions are pure: we want you safe. When you start having credit cards and online bank accounts, secure passwords are a huge deal. A huge deal. So start getting good habits now.

But we digress. The best way to make a secure password is not to make a password at all. Instead, you make a pass phrase. Observe:

I'm in LOVE with eating 12 donuts.

Notice that we have symbols, upper and lower-case text, and numbers. And it’s long.

Come up with a long pass phrase like this, and you won’t have to worry about being cracked, because longer passwords require exponentially more time to guess. Think of it like this. If you have a one-character password, there are something like 94 things your password could be (including everything on your keyboard). But if you have two characters, it’s 94*94. Our pass phrase is 34 characters. Do the math and tell us what 98^34 is. (hint: it’s big)

(That’s the last time you’ll ever see us blockquote a sentence about donuts, by the way)

It pays to be on the right side of cyber security.

screenshot of BRAIN virus in action

This is what BRAIN looks like, on an MS-DOS machine.

We linked to a mini-documentary about the first computer virus a while back, called BRAIN. It’s a pretty benevolent virus made by two Pakistani guys, way back in 1986.

 

Not all viruses are that benevolent, though. And the people who make them aren’t as friendly as the kind-hearted guys who made BRAIN, who gave their contact info in the virus itself so people could contact them if infected.

Today, a few notable groups on the internet have been responsible for a lot of big-time hacking and causing a lot of trouble. A lot of those people got arrested, recently, and rightfully so. They were doing something called DDoS, which is basically attempting to shut a website down by flooding it with more users than the servers can handle. Some of them may also have been responsible for hacking the Playstation Network a while back.

Engineering, including software engineering (and one could argue that hackers ‘engineer’ their way past security), is about helping people and making the world better. Increase the awesome. Decrease the suck. These cybercrimes are neither of those.

Some people claim it’s about the thrill of solving puzzles. But that’s not true. If it were, these people would stick to sites like notpron (“the hardest riddle available on the internet”), which do require coding knowledge to solve, and instead use their coding powers to do things like programming quadrotors or finding a new use for their Kinect.

Here’s a pretty good video about the history of viruses, a quick rundown an what the big ones do, and a few examples of viruses. You can see that they used to be lighthearted, for the most part. Not so much nowadays.


He talks about being prepared, and protecting against cyber criminals.

Ask your CS teacher what he or she thinks about hacking. They’ll probably tell you something like “don’t.”

Seriously. If security is something that intrigues you, better to work on the side of good by using the same skills to find flaws in the system you’re supposed to protect. That’s called Information Systems Security (just read up on the certification subject matter; look interesting?).

If you’re looking to get certified, look into the Security+ certification. It’s only 100 questions with few other requirements. If you do well they’ll probably waive the recommended 2 years experience. Stuff like this looks good on a resume.

And there’s really good money in ISS. Which is a bit better than jailtime, isn’t it?