Posts Tagged ‘hacking security systems’

Security System Dealers & Hackers

Tuesday, March 12th, 2013

Why does your security dealer seem to know more about computer hacker culture and activities than your comfort level finds necessary?

Because they need to be.

The answer to “Why?” can be grasped with some well informed information.

Understanding what a hacker actually is, and the various activities they involve themselves with can help shed some light on the subject.

The word hacker has taken on a meaning for many people, mostly due to mass media, as some one who engages in illegal computer and network activities.

In my mind, the word hacker is synonymous with the word tinkerer. Some one who is curious about technology, exploring it, and often modifying it to better suit their needs. Many hackers write computer code and therefor can look right into the heart of programs and see were the flaws are. Then they can fix them and make them better and more secure, (good guys), or use them for crimes (bad guys).

Ham radio operators are a classic example of the above, they were the first real electronic hackers. Building and modifying their own radios to make them better, more powerful, etc. Then, as our nation developed a public telephone system, people began to explore that (and sometimes exploit it). Then came computers. Then came networks. Then came the Internet. People began acquiring personal computers.

People (hackers) saw this vast landscape of interconnected computer networks, and being curious by nature, just had to explore it!

As hackers began exploring, many ran afoul of the law when they trespassed into other people’s networks. Some learned their lessons and stayed within the law. Many went on to careers in the budding field of computer and network security. They founded companies like Kaspersky, Symantec, Norton, Gibson research, McAfee, etc. Some hackers went on to careers in crime. Some hackers found some middle ground.

Hackers are generally and VERY loosely classified by their activities. White hat hackers are the good guys, black hats are the criminals, grey hats operate in the gray area between legal and questionable. Depending on personal ethics, some hackers change hats as suits the situation.

White hat hackers are often employed by computer security companies to find out what the black hats are doing, and find patches and fix flaws.

When a black hat “hacks” your computer, it is often a exploit (“hack”) that uses a vector (entry point) that was either a recently discovered software or hardware flaw, or a computer that was not updated with the most recent security patches, or a component that is connected to the network but not properly configured for security.

Security dealers not only daily connect security devices to existing home and corporate networks, but these days are in fact installing security systems that are wireless and hard wired networks in themselves.

Some times security dealers are creating the vector for the black hats by installing equipment that requires doing things like opening ports in fire walls. Does the dealer really understand what the consequences of their actions could lead to? They will when it is explained by the prosecution in a court of law.

I believe security dealers owe due diligence to their customers by playing the part of a white hat. Don’t expose your customers to an electronic attack while trying to protect them from a physical attack. That means learning a bit about hacking. And computer and network security in general. If you are not sure, partner with an IT specialist.

Today I am an electronic security system dealer. I design, sell, install and service CCTV systems, access control systems, intrusion detection systems and fire alarm systems, often integrated across corporate networks . Years ago I was in an Army Ranger unit. We were made to study Soviet tactics and doctrines. We actually learned to service and fire Soviet weapons (don’t ask where they came from). We were learning how the enemy operated so we could anticipate their actions.

The same logic applies to the security business. Security dealers should know the tactics of criminals, and that includes criminal hackers.

Security dealers that routinely deal with corporate networks and IT departments are expected to know the basics of computer and network security. If they can’t prove that they know what they are doing, the IT people will consider them a possible vector, and show them the door.

All security dealers should be ready to put on a white hat when needed. I’m not advocating that dealers spend years learning computer security skills, but I am advocating that if you don’t know what you are truly doing, then don’t!