Here’s more about how I’ve been training, how it relates to LIMS and how I might have over-trained. In this post, specifics on cybersecurity and hacking.
Originally, I’d written about my training efforts in Non-LIMS Training. I’d planned to use this to write more posts, here, but then ran into a stumbling block, which I wrote about in Overtrained and Overthinking.
Cybersecurity and Ethical Hacking – The Story
The story I’d planned to tell was set quite a long time ago. My group received a computer to set up for a training course. We were on a tight deadline. Unfortunately, no-one gave us the login information and we couldn’t find the right person who had that. We didn’t have the operating system media to reinstall so we couldn’t just create a new system with new logins.
Previous to this, I’d briefly done some extremely low-level UNIX system administration. By “low-level” I mean to say that I did only the VERY basics of administration. I was no expert – not remotely close to being an expert.
With that EXTREMELY limited knowledge, I hacked into that computer. After all, we owned it, we were required to use it, and had a tight deadline. Yes, with such low-level knowledge, I was able to hack in.
Cybersecurity and Ethical Hacking – The Point
You might be thinking that that was quite a while ago. Surely companies better secure their systems so that someone with so little knowledge wouldn’t today be able to do that.
For the most part, you’d be correct. But only for the “most” part. On the other hand, as security has become more complex, so have the methods of hacking.
Cybersecurity and Ethical Hacking – LIMS, ELN, LES, LIS
One point that keeps coming up is this – there are many more insecure items out there than we realize. When you learn a little about these topics and you look out on the internet, you’ll start to realize some of the things we find with a simple search aren’t really meant to be public. You’ll also start to notice behaviors that are due to mistakes in security.
For example, if you found a great article by doing a simple internet search but gave other people the link and they couldn’t read it – that’s a security error. You weren’t meant to see it, either.
Keep this in-mind, too – it’s not only about you securing your systems but in those people who have access to your system or data to do so. If you upload your system to your software vendor or if you give them a login to your systems, you want to be certain that their systems are secured as well or better than your own are.
And Now We’re on the Web
It’s not just that more and more of our systems can be accessed using web browsers but also that some are actually put out onto the web for login. Some LIMS, ELN, LES or LIS systems are now accessible via the web. Yes, I found some available right from my web browser.
Now, whether that’s truly secure, whether there should be apps or other methods added-into the security, maybe once you try to login to those systems there are more layers added to secure them, but those are all the types of issues that are important to consider.
If You’re Really Interested
Some of your eyes have already glazed-over on this subject. For those of you interested in learning more about security, let me throw a few buzzwords at you and you can look them up just to get a taste of some of the hot topics out there:
- SHA-1 is dead
- Hash Collisons
Then, if you’re still at it, combine the two to read about has collisons and SHA-1.