Plano Profile
July 2004
p70-72
VSI challenges Preston Ridge security class as
Students turn hackers
CCCCS's "virtual offices" put hacker software to the test
CCCCD photo/Nick Young
VSI's Vice President Mike Watson (left) and Network Security
Instructor Tom Jones in the convergence lab at Preston Ridge Campus.
For years, the Internet has served as an electronic marketplace where businesses and individuals can quickly and easily purchase goods and services. But hold onto your pocketbooks: Unfortunately, Internet fraud and hacking activities make the Internet a risky place to shop.
Because they hold such critical customer information in confidence, financial institutions and others who provide electronic transaction services are prime targets for hackers. One such company is Virtual Services, Inc. (VSI), a private corporation located in Plano. VSI develops secure online transaction software.
According to VSI's President, Mike Straub, the company gets hit with "at least one hacker attack per minute" for every minute that the system is online, and that is 24 hours a day, seven days per week. That's nearly 1,500 hacker attacks per day, every day of the week. Hackers are looking for credit card numbers, bank account information, and other lucrative data that clients have entrusted to VSI.
To test its newest transaction software, VSI came to Collin County Community College District (CCCCD) this past spring. Virtual Services, Inc. brought its Personal Transaction Agent client software and its Redundant Reliable Transaction System server software--both used for securing transactions on public and private networks--for four weeks of rigorous testing by students in the college's new convergent technology lab.
The convergent technology lab simulates numerous worldwide office settings and features four "virtual offices" with equipment, such as wired and wireless LANs, WANs, videoconferencing, voice-over IP, PBX, ISDN, Interactive Voice Recognition (IVR), voicemail, unified messaging, security and general computer networking. VSI's software runs on a Windows 2000-based transaction server, like that found in the lab.
"The test coincided with a Network Security course," said Tom Jones, the class's instructor, "and students were given the opportunity to participate in the product test while learning about professional software test and development procedures."
Students were prompted to act like hackers... to abuse the interface by entering random values in the various data-entry fields, to pull down viruses off hacker websites, to simulate disgruntled employees with inside coding knowledge, to exploit Windows 2000 security loopholes, to use "port scanners" and "packet sniffers" to pry information loose from the database--basically to use any tool they could to break the system.
"VSI was eager to share their knowledge with students, and students got to take part in the development of a real-world product," said Jones.
VSI promised prizes to anyone who could succeed in compromising the system, but none of the students managed to crack the vault of data behind VSI's "highly secure Internet transaction engine."
The Convergence Lab is a high-tech lab full of nifty equipment, but the availability of people to test the product was just as important. Though the high-tech lab is full of nifty toys, machinery was not the main draw that brought Virtual Services to the convergence lab. It was people. VSI President Mike Straub admitted that "getting other people's eyes on [the software] turned out to be key for us. Student interaction was the biggest plus in this part of the development."
VSI presented a tutorial on software testing and development and led students through the installation of its client-transaction interface. Feedback was taken from students on the interface's ease-of-use. Online transaction systems, aside from maintaining a very high level of security, must also be simple enough for the average Internet surfer to use.
After interacting with students, said Straub, he and his team went back and redesigned the client's user interface. It became wizard-based, meaning that it was driven with simple pop-up windows and step-by-step instructions. For example, one rather complex login screen, with multiple, tab-through edit-boxes were replaced with a simple set of individual dialogue boxes.
"It was definitely valuable from a UI [User Interface] point of view, to see what they wanted to do and to see how they were thinking as they worked through the program," said Straub. "Seeing things from a new set of eyes gave us a fresh perspective on the software."
Students like Kathy Doyle, a program office manager with a software development company, and Cliff Lightfoot, a network security specialist, appreciated the opportunity to be involved.
"The gentlemen [from VSI] had very well-rounded testing backgrounds, and that related to another part of my job. That was very valuable to me. Quality testing can sometimes be overwhelming for a small company like ours. He gave me some very basic tools to get the job done," said Doyle.
"It gave us a good introduction to testing and stress-testing software, which is something that any good system administrator will want to do before they install an application onto their network," said Lightfoot. "I do think that it was a valuable learning experience for people in the class."
VSI joins other local companies like Alcatel, AMX, Flooring Services, Peregrine Systems, Samsung, Symon Systems and Valcom, who have used the convergence lab to test its hardware and software products.
CCCCD's convergence lab officially opened its doors in November 2002. The lab, one of the first of its kind at a Texas college or university, is available to college engineering and technology students as well as to North Texas businesses.
Ann Beheler, dean of engineering technology, said that the lab can be a valuable resource for local businesses as well as students. "When businesses use the lab, our students and faculty will assist with setup, testing, and troubleshooting. Businesses benefit from having an state of the art affordable venue to use, and our students and faculty benefit from the interaction with the businesses."
Future clients have already requested other lab configurations for their particular testing or training scenarios. CCCCD's Engineering Technology department is committed to flexible and responsive approaches in preparing the space just for them.
"It was a really good process," said VSI President Mike Straub. "They did a lot to help us set up the lab, and hopefully we gave some value back to their students, in terms of testing and management of testing. The methodology behind this testing is applicable to system administrators everywhere.
"If we had more programs to test, the [convergence] lab would be one of the first places that I would go."
Shawn Stewart is a public relations writer for the Collin County Community College District.
Contacts
Michael Straub
mstraub@virtualservicesinc.com
Forward Looking Statements:
This release contains forward-looking statements based on beliefs of Virtual Services, Incs’ management. The words "anticipate," "believe," "estimate," "forecast," "expect," "intend," "plan," "should," and "project" are used to identify forward-looking statements. Such statements reflect the company's current views with respect to future events and are subject to risks and uncertainties. Many factors could cause the actual results to be materially different, including, among others, changes in general economic and business conditions, changes in currency exchange rates and interest rates, introduction of competing products, lack of acceptance of new products or services and changes in business strategy. Actual results may vary materially from those projected here. Virtual Services, Inc. does not intend or assume any obligation to update these forward-looking statements.