Hacking im Labor
The IT Security Lab at FH JOANNEUM conducts research and trains employees of external companies to handle IT security emergencies. (© FH JOANNEUM / Marija Kanizaj)

Hacking in the laboratory

Natanja C. Pascottini,

IT security expert and FH Professor Klaus Gebeshuber is interviewed about security vulnerabilities in IT infrastructure, defence and protection mechanisms and hacking as a teaching unit. And he offers some important tips about IT security.

Klaus Gebeshuber has been teaching and researching at FH JOANNEUM since 1998 – initially part-time and since 2004 full-time – where he runs the recently established IT Security Lab. Prior to this he studied Electronic Engineering/Computer Engineering at TU Wien, where he also completed his doctorate in the early 2000s. In his teaching and research Klaus Gebeshuber focuses on IT security, specifically on topics such as hacking and network technologies.

Professor Gebeshuber, which security vulnerabilities are often underestimated?
Outdated software, for example, where the automatic installation of security updates, known as patches, by the manufacturer has either been deactivated or is disregarded and consequently not installed. Phishing emails with links and unsecure attachments continue to pose a problem for IT security, as does misconfiguration of services and malicious code, in other words malware or viruses, hidden in Office documents such as Word or Excel.

How can private individuals protect themselves?
Healthy mistrust doesn’t do any harm. Not all emails, WhatsApp or text messages bring good news - especially if you don’t know the sender. You should also always be careful about clicking on links. A virus scanner with automatic updates is very important for home PCs, as is installing security updates as mentioned earlier.

Large companies have in-house departments who also deal with IT security. It is different for SMEs. What should you look out for as an SME?
In addition to healthy mistrust, a virus scanner and security patches, you should also focus on the security awareness of your staff. The IT Security Lab at FH JOANNEUM in Kapfenberg offers courses, where we make participants aware of security vulnerabilities and how easy it is for hackers to exploit these and teach them appropriate behaviour for their everyday work. A security audit or what is known as a penetration test is also advisable for SMEs. We offer this too. Computer networks should also be segmented, separating office and production networks or segregating them by means of firewalls so that a successful attack on the office systems does not immediately have repercussions for the production infrastructure.

What does an external attack like this usually look like? How do you get into a system?
In principle the direct route via the internet is usually blocked by firewalls. These days attacks take place exclusively from within - through phishing emails, malicious software which has been downloaded and spam. Infected external drives are also a problem. The malware then establishes a connection to the attacker in the internet from the infected network.

Portrait
Klaus Gebeshuber teaches and conducts research at FH JOANNEUM in Kapfenberg. (© FH JOANNEUM / Marija Kanizaj)

The IT Security Lab in Kapfenberg was recently opened. What are you working on there?
The Security Lab reconstructs, in a secure environment, the entire IT infrastructure from the perimeter into the internet via office, production and control networks through to automation components and sensor technology. We simulate, as it were, the company network to test defence and protection mechanisms by reproducing hacker attacks. We also train the relevant staff at the company in incident response in the event of hacker attacks. Participants practice how to respond correctly in a real-life environment.

How are hacker attacks simulated?
We reproduce attack chains which have occurred in the past. The hacker attack on three energy supply companies in the Ukraine in December 2015, for example. Here the initial infection through modified Office documents or phishing emails is recreated. The next steps are establishing stable and secure communications with a command-and-control server in the internet, spreading the infection in the local network, exploring network gateways in production and control networks, gathering passwords and access data in the local network right up to modifying firmware and industry control programs.

How do students learn to handle hacker attacks?
Our students on the Master’s programme in IT & Mobile Security learn how to use hackers’ tools and methods in a secure laboratory environment. They are trained in both attack and defence mechanisms. You have to be able to think and act like a hacker to be able to respond effectively. Students also learn to analyse the cause of security vulnerabilities, which generally lies in poor quality software and incorrect configuration. Designing and creating secure software, or secure coding as it is known, is also a key part of the programme.

What do you regard as the most important considerations for IT security?

  • Ensure the software products and operating systems you use are up-to-date
  • Use a current virus scanner with update functionality
  • If you are in any doubt, do not click on links or open attachments - whether in emails, texts or WhatsApp messages. Exercise healthy mistrust
  • Change the manufacturer’s default password in all the devices you use
  • Segment your network infrastructure
  • Back up your data regularly