Are Closed Digital Training Networks Vulnerable to Hackers?
Thinking Like a Hacker: Infiltration
Seemingly, one of the things that a closed digital training networks would be almost invulnerable to is infiltration. Typically when one hears the word infiltration it conjures up images of a hacker sitting in a dark room, slumped over a keyboard of course, hacking into a Defense Department computer thousands of mile away. It is important to realize, especially with respect to a closed digital training network, that an insider attack is much more likely to occur. In his definition of an insider attack Einwechter describes that it is “a crime perpetrated by, or with the help of, a person ...view middle of the document...
Currently, in this student’s digital training network it has been found to be sufficient to utilize the deployment of Windows standard user accounts on all the systems that the Air Force student’s access and admin accounts on the lesson developer systems. A standard account is sufficient because as stated by the Windows website, in reference to standard user accounts, “A standard user account lets a person use most of the capabilities of the computer, but permission from an administrator is required if you want to make changes that affect other users or the security of the computer.” (n.d.).
While access and account rights are not the only way to limit the threat of insider attacks, it is the starting point. Along with level of access one must also look at other important ways to mitigate insider attacks. For instance training on security practices is one notion that the military and the Defense Department have done extensively. Just for general computer access one must pass several security trainings. Additionally, firewalls are also a method that be used to limit insider attacks despite the fact they are generally associated with limiting outside attacks. Firewalls can be used to protect delicate equipment such as physical database systems and different types of servers from internal attack (Einwechter, 2002).
Thinking Like a Hacker: Insertion of Malicious Code
Much like the previous section, the very nature of a closed digital training network would give the impression that it would be almost impervious to malicious code. Worms, viruses, and malware are usually thought to be the concern in the domain of systems connected to an outside network, namely the internet. Approaching the problem of malicious code like it is not a problem on a closed network may end up being a critical mistake especially if the indications are there but they are dismissed because the systems are not connected to the outside world. As stated by Patterson in his explanation of the sometimes undue focus on the internet as a culprit in accounting for malicious code “there is only one way out of the corporate network and the guiding principle is to watch the one-way-out closely” (2013).
Thinking like a hacker, how would one introduce malicious code into a closed digital training network? Almost everybody owns a device which they bring into their place of work every day and would be unremarkable even if connected to a system in broad daylight. Smart phones and similar devices, such as tablets, can be used as a container for a near limitless amount of malicious code and can usually be plugged into any system under the guise of charging the battery. Unless there is a specific rule in place disallowing the use of cell phones in the work place most IT and security personnel would probably not even bat an eye when confronted with a cell phone data cord plugged into a system on a closed network, they may even be the ones doing it. If one were inclined to...