Introducing Jim's Corner

In his blog, Jim Palmer shares his expertise on network security and emphasizes the need to address everyday vulnerabilities that can pose a risk to organizations, helping IT professionals become more effective defenders of network security.

Hi!

My name is Jim Palmer. I am a Senior Product Solutions Architect for RUCKUS Networks. What is a Senior Product Solutions Architect exactly? Well…it’s a bit of a lot of things, so it’s better if I explain what I actually do.

You see, I consider myself a radio person who happens to work in Wi-Fi®, and sometimes I dabble in security. I’m not a hacker or a “security professional,” and I barely claim to play one on social media; my love is wireless in general, but I realize I can’t just do wireless without really being concerned with security (which I am). In the past, I have written some blogs and other papers focused on security. Network and computer security interest me because, as an IT professional, we are all part of the “security solution.”

We really can’t avoid it, nor should we try.

It’s with this background that I introduce “Jim’s Corner” to the RUCKUS Networks world. While I have seen the question come up on various social media platforms about RUCKUS Networks and how we secure networks, I’ve never been able to answer that question until now. RUCKUS takes security very seriously but trying to answer that concern without being a “security company” can be a challenge.

But now, I have the opportunity to write about networking, security, and how RUCKUS secures networks!

Now while I’m not a security professional, I do have some credentials that state that I’m a radio and wireless networking professional. As part of becoming a wireless networking professional (CWNE #304), I had to pass a wireless security professional exam; this is where my interest really started.

One of the many things I learned as part of the Certified Wireless Security Professional course was that while there are scary threats in the world, things that we need to worry about and be concerned about; there are many more things that don’t make the news, things that can secure networks from both everyday threats and the one-in-a-million kind of threat (think of being struck by lightning while being bitten by a shark. I call this the Possible Vs. Probable Problem.

For example, and a fairly famous and recent one at that, is it possible that our uranium enrichment plant could be targeted by a highly skilled, highly trained, very well-funded three-letter agency using enough scary exploits in an attack that it is still referenced to this day ?

Stuxnet’s deployment against Iran in 2010 proves that it IS possible.

But at the same time, ask if it’s probable that this same three-letter agency is going to come after us?

Probably not.

Now, this isn’t to say that someone reading this is immune to such a risk. That risk is always a possibility. But whether you are a target of “Advanced Persistent Threats” (APT) or not, the stuff I’m going to talk about applies to everyone equally—networking, wireless, and security—from three-letter agencies to Fortune 500 companies to the small startup company with four employees.

In other words, the company size doesn’t matter, as every company has to deal with similar security threats (even if the scale of threats could differ). And fundamental to all companies and people is that we don’t like it when people can “breach our defenses and peek behind the curtain of our business.” And, finally, these companies all depend upon IT, in general, to accomplish their business goals.

Now, let’s get back to the Possible Vs. Probable Problem. What we need to do as IT professionals is understand the difference between what can happen and what is likely to happen, and then help those around us, either professionally in our day jobs or at night with our personal lives, to understand that difference. While it is likely that your organization or personal lives could be the target of an attack, there is a fundamental truth that needs to be understood, a truth that will be a guiding principle of what Jim’s Corner is going to cover:

Attackers, whether a three-letter agency or a bored teenager, are more likely to break into your organization through an unsecured door or open window than they are to expose their super-secret, never-before-seen, specialized digital weapons that they spent a lot of time and/or money to develop. Why expose the really cool tools when a simple hammer is all that is needed?

Recently, at a conference called SAINTCON, Jayson E. Street gave a keynote address where one of his closing thoughts focused on this same concept. His point was while we are all fascinated by zero day attacks, there are still vulnerabilities that are over 10 years old that are being ignored.

Jayson is famous for breaking into banks (technically their networks) all over the world. He does this at the bank’s request and while under contract with the bank so it’s all totally legitimate. What Jayson was highlighting during his presentation expressing is that while attacks like Stuxnet’s utilized multiple previously unknown exploits (known as 0-Days) to shut down a nation’s air-gapped uranium plant, that isn’t the norm.

Before we worry about the stuff that makes the news, we should first worry about all the normal, ordinary, average, boring stuff that is littering the ground (no longer “low hanging fruit” since it fell to the ground around the tree), but could eventually get you onto the news if it isn’t addressed! We aren’t ready to play in the realm of the three-letter agencies while the fundamentals remain unaddressed. Before we attempt to climb to the top of the tree, or even examine the stuff on the first few branches, we need to focus on the stuff littering the ground.

Specifically, things like:

  • Is your network designed to the newest standards?
  • Are your networks patched and up to date on the latest firmware?
  • Do you still use outdated encryption on your wireless networks?
  • How often do you change the passwords for your encrypted wireless networks?
  • Do you have a process for removing credentials for employees no longer with your organization?

It is in these areas and more that RUCKUS Networks really cares about building networks and securing those networks.

This is where I come in, a Senior Product Solutions Architect.

During one of my first encounters with some malware in the wild (a point-of-sale bug called PoSeidon), a friend of mine called me an “accidental blue teamer” and I’ve kind of latched onto that. In the Information Security (InfoSec) world, a “blue teamer” is someone who is tasked with defending the network while a “red teamer” is someone tasked with attacking the network to discover its weaknesses before an actual attacker does.

What I realized during that experience was that, as an IT professional, even if I’m not on the InfoSec team, I am still a blue teamer. As network architects and engineers, we are the first line of defense in the InfoSec world based on how we build, update, and operate the network. We aren’t blue teamers by accident; we are blue teamers by design, and by simply embracing that fact and learning better ways to build and run our networks, we can make our entire organizations more secure, helping out those poor InfoSec blue team guys by securing the ”fruit off the ground.”

Hopefully, you will join me as I regularly post articles here about networking, security, Wi-Fi, some breaking news, and even some random musings about technology in general. While many of us have stumbled into the Wi-Fi world by accident, we aren’t in this alone. People like me, and companies like RUCKUS Networks, really are here to help you out in your new role as an accidental wired and wireless network security defender, or “blue teamer” for short.