The third batch of files was the hardest yet. It started with specifications for physical access control systems. Door mechanisms, camera placements, even locks and keys. All for a large office building that Arebecca also had been given the architectural drawings to. It was in the banking district of Paris.
Next came the network controls. Configurations for new computers and servers, and also for the systems that were designed to protect them. One document was a list of rules for firewalls. Part of it defined the network topology, which Arebecca could barely understand. Part had lists of port numbers that were allowed into the network. And part of it was the justification for the ports and which applications needed them. It was mind-numbingly dull, but at least the French, German and Chinese mostly agreed with each other.
She ended up cancelling all fun with Sabby in order to spend the weekend working. By Monday she was onto the client's logging procedures. All the data captured by the cameras, door controls and every other system got recorded on log servers. This was where the different languages had some differences. There were off-site storage locations in France, Germany and China.
By the time the meeting with Nick rolled around, Arebecca was exhausted. She felt like she knew more about information security than anyone else in the world. The meeting started in the student union, then moved to the library again, and Arebecca didn't have the energy to impress. Jeans, t-shirt and flip-flops were pulled on just before she left on Wednesday morning.
This time they went up to level 6, but did not use the student computers. Nick got his laptop out and they sat together on a wide desk near a window. It looked out to an old-looking tower in the middle of a patch of grass.
The lesson, Arebecca had decided that she really was now a student again, was about remote attacks. Nick went through port-scanning the university network using an application on his machine. He pointed out the port numbers that were vulnerable to attack. One was a port for remote administration, somewhere in the five thousand range.
"I didn't see that port in the firewall rules document," Arebecca was quite sure that there had been no ports starting with a 5.
"Yes, this is an old application on their web server that really shouldn't be used any more. It's one of the problems running a large network. You have to keep everything up to date, and get rid of old, insecure stuff. This was exploited by shr34dhe4d in 2007, there's no reason for it to be still in use. Let's see what we can do."
Arebecca noticed that whenever Nick mentioned any names, it was always a weird nickname. And it always seemed like he knew them.
"Who is Shreadhead?" she asked.
"Oh, an old white-hat hacker in the US," Nick was typing as he talked. "Works for a big security firm now. Here's the problem, take a look."
He'd loaded an application on his laptop, and Arebecca could see that he'd typed in the address and port number that he'd found in the scan. He typed a few more commands. He never used a mouse. Always typed everything.
"What's that program, John the Ripper?"
"It's a password guesser. It can brute-force the password for the admin account. There, we're done."
"It guessed the password already?"
"Well, it's not running on this machine. I've got it on running on a rig somewhere else. A much more powerful machine. It just checked over ten to the twenty passwords in a couple of seconds." He typed a few more commands while he talked. "It's driven by some very clever code that Em down at Sussex came up with. "
"Who's Em?" Arebecca asked.
"Em? Oh, she's just, er, she's someone who I used to, er, work with."
YOU ARE READING
Egress Point
Mystery / ThrillerArebecca has finished school and thinks she's found the perfect job. She can spend the summer partying, and maybe even take a trip to a Mediterranean island with her best friend. But when the contract suddenly ends and her manager disappears, she r...
