Bill Cheswick will deny that he invented computer firewalls, but it’s what the modest computer security researcher is really known for.
He literally wrote the book on it in 1994.
Chesiwck partnered with Steve Bellovin in 1994 to publish the groundbreaking book, “Firewalls and Internet Security: Repelling the Wily Hacker.” According to his website, it was the first full book on firewalls and hacking and sold more than 100,000 copies in a dozen languages and has since been updated and reprinted.
Cheswick visited the South Dakota School of Mines & Technology last week to talk to students at the engineering school about password security and the evolving threat of hacking in today’s increasingly computer-dependent world.
In a computer network, a firewall controls incoming and outgoing traffic based on rules set by the administrator.
In this age, computer security is essential for individuals, businesses, and governments. Recent hacking incidents worldwide have shown the damage that interlopers can do when they access computer systems and databases that should be off-limits.
In March, hackers attacked the Philippine Commission on Elections and defaced the website with calls for tighter security for vote counting machines. This hack affected 55 million Philippine voters, and called into question information security issues in the democratic process.
Closer to home, the Democratic National Committee was attacked, resulting in the leak of thousands of confidential emails in July. The emails contained information about how the DNC staffers attempted to deride the campaign of Bernie Sanders. Due to this hack, several DNC chair members resigned. There are also fears that Russian hackers would disrupt the presidential election in America in November.
Cheswick was not surprised to see hacking become a central issue in this year’s presidential election.
“It is interesting that it is becoming an issue for Democracies. Not just the issue of voting machines, but that some foreign country would try to influence the election. That’s new. It brings up the issue of attribution. If the attack comes from China, is it necessarily the Chinese or is it what is called a false-flag attack? False-flag attacks are definitely something that countries do to each other.”
Often times, hackers will disguise where they are located. This can make anyone connected to the internet an involuntary accomplice to attacks.
Current Time 0:00
Duration Time 0:00
Loaded: 0%Progress: 0%0:00
“For decades, bad guys would connect from here to here to here, laundering their connections like in the movies until the attack looks like it comes from some grandma in South Dakota. She has no idea her computer is on, much less that she is on the end of a long chain of attack.”
While there is no easy solution to determining attribution, there are several steps that can be taken to minimize the risk of hacks, at least for individuals.
First, Cheswick stresses the importance of two-factor authentication for bank accounts. Two-factor authentication is an extra layer of security in which a username, password and piece of information only the account owner would have, such as a PIN number, is required.
Varying passwords is also important.
“Don’t use the same password for your Twitter and Facebook accounts. Make it long, easy to type, and write it down,” he said. “It is OK to write it down.”
Since he helped create them decades ago, firewalls have not changed much. For a dedicated hacker, they are easy to get around, he said.
“Firewalls are still a half solution. This idea that you can draw a wall around something and everything inside is safe is an illusion. There are people inside that wall and you can fool them, buy them, you can sneak people in, you can find holes in the wall. The company I started, Lumeta, mapped these corporate networks and tried to find holes in them.”
He pointed out that hackers once broke into the systems at the T.J. Maxx retail chain just by sitting in a car using T.J. Maxx’s open Wi-Fi at a store in Florida.
“They got into the whole corporate network worldwide. So the firewall and perimeter, both gone. So it has never been a high-grade form of security. It does keep down the ankle-biters.”
In conclusion, Cheswick, who is visiting universities across the country on his speaking tour, told the Mines audience: “The internet is one big bad neighborhood.”