The Importance of Security at CUM
Last week, I gave a speech at Merida University in his cultural week for students. It was a pleasure return to the University where I studied IT engineer for three intense and funny years. Therefore, when they told me to give a speech about security to students, I said absolutely yes because I was there, sitting and watching speeches a long time ago, and I liked to see how was the real world at enterprises. This has been an opportunity to tell them that they are lucky because as Merida University is small without many students, they have teachers for them, they can have tutorials and a close relationship with teachers and, as a result, they are not another number.
|Speakers at Merida University|
I was the first speaker and my speech was called “Attacks to defend you” where I wanted to show that many times we have to know how attackers work if we want to apply security measures for protecting our organizations. Therefore, I chose the last Apache Struts Vulnerability to show them how easy is to attack a web application with just a network analysis tool like Nmap and the programming language Python. After attacking my Hello World application successfully, I showed them two security tools to protect vulnerable systems. The first one was the Intrusion Detection System (IDS), based in Suricata, of Alienvault which alert us when there is something abnormal or network is behaving anomalous. The second tool was the Intrusion Prevention System (IPS) of FortiGate firewall which is able to block attacks and protect us against vulnerabilities, like the Apache Struts Vulnerability. Applying an IPS profile to firewall policies is the the best thing to protect our services while the development team apply patches and fix vulnerable systems.
The second speaker was José Brieba from CPIIEx. He told us about the importance of being together to fight against intrusiveness in our profession. He also highlighted that most IT engineers don't want or don't want to know about this organization because we enjoy with a low unemployment rate, and we think we don't need this kind of organization. I'm totally agree with him and we should, all together, fight for improving our profession.
The next speaker was Pipe Pablos from CPIIEx too. He spoke about phases that an IT engineer has to take for getting evidences, preserving evidences during custody and presenting evidences to a judge. In addition, he remarked the importance of language and behaviour when we have to speak with lawyers and judges in a court of law.
Last speaker was Juan Baeza, researcher at UEx, who show us challenges about forensic analysis to find out who was the bad guy, like CSI series. He used forensic analysis tools like Wireshark to search mails, passwords, nicknames, etc where he explained, step by step, how to get evidence to demonstrate that the bad gay was guilty.
Last 20 minutes was for the Q&A where students asked all kinds of questions. Although speeches were too good, I think this last minutes were very interesting for students because they had many concerns about what to study to work as a security analyst, forensic analyst or to develop software in a secure way.
Regards my friends; the best way to improve will always be to read, study and test.