RBC Student Innovation Challenge

Participated in the RBC 2020 Student Innovation Challenge and won first place for prototype!

INTRODUCTION:

As my four-month co-op at RBC comes to a close, I wanted to reflect on the absolutely incredible time I had working there. No words can really describe how much I learned while being there. The numerous connections I built and the people I met are sure to be very valuable while I advance in my career. The Co-Op program has allowed me to gain new perspectives of the cyber security industry, many of which school simply just can’t prepare you for. I think getting real-world work experience is one of the best ways to test your theoretical knowledge about a subject, so you can really put it to the test.

As part of my four-month co-op, I sat down with my manager and wrote out some goals that I wanted to achieve by the end of the term. One of them was to get involved with the RBC community and strive to engage with new people and teams on a weekly basis in order to learn as much as I could. This proved to be a challenge at first; a new job, all these new people. At first, I was pretty shy but I was quickly welcomed into the community as one of them and that made me feel at home. The subject of this post is to talk about one of the events the RBC Early Talent Acquisition team organized called the RBC Studnet Innovation Challenge.

Overview

The challenge was very well put together and was a testament to the creativity of their team. It followed the “hackathon” style approach where we were placed in random teams. The challenge presented us with a problem statement that was very relevant to current issues in our society and we had one week to build a solution to fix the problem while continuing with our daily work duties. I was placed on a team alongside 3 other people and we set out to work immediately on our idea as that was step 1. I came up with a way RBC could bring new customers to the bank while answering the challenge statement fairly well. While I’m not sure I can share the details with you due to confidentiality reasons, I can say the idea was very well perceived by my other team members and challenge mentors.

Time to build!

Once we had our idea set in place, we got to work to develop it from scratch. I was in charge of innovation with the idea, developing the website prototype, and creating a video demo. During this time, I was also learning a lot about Microsoft Azure because of my goal to get certified by the end of the term. So I thought it would be a great time to test my knowledge and actually build something practical with it. I decided to use Azure Blob Storage and host a static public website in the cloud that would be able to host our prototype designs and code. I also thought about my security background and added HTTPS support! It turned out that my hard work paid off because we were awarded first prize for the prototype category!

What I learned

How to work as a team and go from idea to working prototype in a short amount of time.

More about the Azure platform and how to build things with it.

Discovered my passion for hackathon-style challenges.

Conclusion

In conclusion, I’m really happy I decided to do this challenge. I had such a great time and not only learned so much more about RBC and building new things but I also interacted and met so many new people. I would really encourage any new co-op students to participate in these types of events/challenges, as they are an excellent way to build confidence and skills while having a great time!

THANK YOU!

Lastly, I would like to thank my team members, my manager, and everyone else who helped me throughout my wonderful time at RBC. Thank you to the RBC Early Talent Acquisition team for hosting so many amazing events like this one. I hope to continue working at this extraordinary company.

• Date: May 2020
• Author: Andrew Girt
• Category: Team Projects

Close Project

Serverless Web App

The website you are currently on is serverless! Created on AWS

INTRODUCTION:

For the longest time, I've always wanted to have my own website. As I learned more about technology, it became clear that setting one up isn't that scary. When I first found out about AWS in early 2019, The only thing I knew about it was that it was a public cloud provider. I was very intrigued to learn more about it and I made a personal goal to learn as much as I possibly could about cloud computing over my summer break. AWS was the obvious choice, as they control over 70% of the public cloud adoption amongst enterprises. During my summer I discovered just how powerful AWS truly was and I knew this was the industry I wanted to be a part of. I gained lots of theoretical knowledge of the platform but wanted to get my hands dirty and actually create something. So that's how this website was born.

A NEW TECHNOLOGY:

Now the concept of serverless may seem confusing. In class, we are taught that almost everything on the internet is run on a secure server somewhere in the world. So when people first hear about serverless architecture or FaaS (Function as a Service) they want to learn more. Serverless just means that someone else is managing all the servers and operating systems, all you have to do is upload your code and it will run. So it actually doesn't mean there are zero servers. This fully managed approach can save developers and customers a lot of time that would be spent focusing on the provisioning of servers and other hardware related tasks. Another huge advantage of serverless is the fact that you only pay for what you use. This means you don't have to guess about capacity. This not only saves you a ton of money, but also means that there is no such thing as unused compute power. If I could give an analogy, I currently work at Metro which is a grocery store. Serverless is like paying per pound as opposed to paying per product. Instead of paying for the entire server (product) you can pick exactly how much compute power you need and pay based off that. It is truly impressive. Along with those benefits, perhaps one of the greatest is the scalability aspect. Your application can theoretically scale to infinity and withstand the traffic. Huge movie studio corporations use serverless to host new static movie websites, this way, the site is readily available and they don't need to worry if 1000 people visit the site every minute, the website will crash.

So how does this work with a small website you may ask? Well it's very simple. AWS offers a storage service called S3. You can use S3 just as you would any other cloud storage, upload your files and access them anywhere as long as you have an internet connection. But, S3 has a powerful built-in feature called static website hosting. This allows you to setup a website using the files in your S3 bucket (folder).

The best part about this is that it's completely free. Uploading files to S3 is free and you can store up to 5GB for free. Now that we have our website files in our bucket the only thing you have to do is enable static website hosting and you're all set! Amazon will give you a free subdomain and boom! You've got your own website. Now, I wanted to go a step above and integrate more AWS services. The next section explains this.

ARCHITECTURE:

This is the basic architecture of my website. You may be familiar with some of the services listed, but if you aren't let me explain the basics. First S3 serves the content to CloudFront which is a CDN (Content Delivery Network) which also enables SSL encryption for the website. CloudFront can also cache the website's contents all around the world so that it becomes highly available for global reach. This is great if you plan on serving customers globally but is a bit overkill for a personal website. So I've set it to region-only. Lastly, Route53 which is Amazon's DNS service, hosts my custom domain (CyberAndrew.net) and connects it to our CDN via a CNAME record. Then we need to map our S3 bucket website content to our custom domain over the CDN we just created. We can do this by creating an alias in the A records in Route53. This will allow us to browse to our webiste using our custom domain. And, that's essentially it!

FUTURE IMPLEMENTATIONS:

The above image is an example of a all-in-one web application. In the future, I'd like to implement a backend database like DynamoDB and user authentication using Cognito. The whole point of this website is to learn how to use AWS in-depth and get hands-on with some of their many services. Creating a sign-in page and database is something I plan to add in the future.

CONCLUSION:

Looking back, this project was definitely one of my favourites. I learned a lot about AWS and serverless technologies and updating this website will be a priority of mine. With that being said, I hope you've learned about serverless and the advantages it brings to the table. This technology may very well be the future of computing as we know it and I think more companies and consumers should be using it. Thank you for reading and stay tuned for more!

REFERENCES:

Huge shout-out goes to A Cloud Guru, who have helped me learn AWS from scratch and who have enabled me to pass 2 AWS certifications over my summer. It took a lot of hard work but without the help from Ryan Kroonenburg and the team at A Cloud Guru, I would not be where I am today. Thank you!

• Date: July 2019
• Author: Andrew Girt
• Category: Personal Projects

Close Project

5G and the Future of Cyber Security

How will 5G impact the future of Cyber Security.

INTRODUCTION:

5G is the next-generation of cellular network technology and is quickly becoming a concern. Security being one of the biggest. I recently read an article describing how 5G will impact cyber security and make it so much more difficult for the people in the field. [1] With all the obvious advantages that we know about, it is sometimes hard to think about the repercussions that it could bring. We've all seen those videos about the next-level speeds of 5G and bandwidth, but what happens when people are able to download software faster than they are able to blink. This could pose a real challenge to the future of security and even to our health.

How 5G Works:

Before we look at the risks and issues with 5G, we first need to understand how it truly works and the differences compared to 4G. Let's first take a look at the radio wave spectrum. 4G networks use frequencies below 6 GHz. 5G on the other hand, uses ultra-high frequencies of 30 to 300 GHz. This gives us much higher bandwidth then with 4G, allowing us to get our data faster. 5G also uses shorter wavelengths, which means smaller antennas while still providing directional control. It also means that 5G can support over 1000 conntected devices per meter more than what 4G can currently support. However, where 5G starts to fall is when obstacles become involved. 5G only works well if there is a direct, clear line-of-sight between the device and the antenna. Even rain and humidity can disrupt the signal. This means we need to place the antennas everywhere in order for 5G to truly be effective. Building the 5G infrastructure will prove to be the most important task for the consortium of data companies, as this is the only way we can switch from 4G to 5G entirely.

Advantages of 5G:

Speed - 5G is said to be 100 times faster then 4G, everything you do on the internet will seem to load instantly. This could also replace typical cable-connected networks in most homes.

IoT - Where 5G really starts to shine, is when IoT devices start to become mainstream. 4G simply can't provide the suitable connectivity to handle the growing number of these devices. The IoT install base is expected to triple over the next 6 years and 5G will fuel this advance.

New Technologies - With 5G, the ever increasing rate of innovation in technology would only continue to advance faster and faster. This could create new life-saving technology that will greatly improve our world. Smart cities will start to become popular and 5G is the perfect technology to connect them.

Disadvantages of 5G:

Coverage - As we discussed previously, the standard coverage of 5G could pose a problem as the radio waves are easily absorbed by objects (solid or not). Tele-communication companies will need to place 5G antennas everywhere in order for us to use 5G reliably.

Security Risks - Talking about the security risks of 5G is perhaps the most important. While we are in the race to push 5G out, we are forgetting about the potential security risks. With the speed of 5G, cyber professionals who are tasked with responding to incidents, will become even more outpaced. Imagine malware being downloaded by an unsuspecting employee, the damage could spread throughout the entire network before they even have a chance to classify the event. The only way we will be able to combat these attacks, is to change our way of dealing with them. Incorporating forms of artificial intelligence is one way, but we must replace the old approaches of dealing with risk if we are to become successful in mitigating these attacks.

Health Risks - What are the possible health risks with this technology? There are many concerns that we have regarding the possible radiation that could lead to cancer. Especially at the rate of radio waves that 5G needs to work. These concerns are definitely real and need to be addressed before any major project should be undertaken.

The Security of 5G:

How can we secure 5G? There's only so much we can do in the industry to help protect consumers. A big cause for concern amongst security professionals will be the privacy aspect. 5G networks will allow new kinds of applications and with that comes the encouragement of information sharing. With more of our personal data being sent through the internet, our online presence amplifies, thus increasing the potential threat of identify theft or any other kind of hack. Even though 5G is more secure than 4G, we must continue to take security very seriously if we are to lessen the attack surface area. How is 5G more secure you may ask? 5G enables something called "network slicing" which allows operators to effectively fence out a part of the network for a dedicated user, thus guaranteeing speed and bandwidth and stopping anyone else from accessing that section of the network. All 5G traffic is also encrypted.

CONCLUSION:

5G has the capacity to change everything regarding how we interact with our technology, but we must not fail to recognize the risks associated with it. With 5G already starting to pop-up in certain areas and plans pressing for it to roll out more heavily in 2020, making the mistake of putting security on the side-line is something I fear. Only by knowing how this technology works and understanding the security risks with it, will be the only way we can be prepared for this next generation of technology.

REFERENCES:

•MASSON, DAVID. “Why 5G Will Make Cybersecurity so Much More Difficult.” The Globe and Mail, 28 Aug. 2019, https://www.theglobeandmail.com/business/commentary/article-why-5g-will-make-cybersecurity-so-much-more-difficult/.
•Wall, Matthew. “What Is 5G and What Will It Mean for You?” BBC News, BBC, 24 July 2018, https://www.bbc.com/news/business-44871448.
•Fisher, Tim. “5G Vs 4G: Everything You Need to Know.” Lifewire, Lifewire, 21 Aug. 2019, https://www.lifewire.com/5g-vs-4g-4156322.
•Johnson, Dave. “How Worried Should You Be About the Health Risks of 5G?” How, How-To Geek, 5 June 2019, https://www.howtogeek.com/423720/how-worried-should-you-be-about-the-health-risks-of-5g/.
•McCaskill, Steve. “5G Security: Does More Data Mean Increased Risk?” TechRadar, TechRadar, 5 June 2019, https://www.techradar.com/news/5g-security-how-more-data-means-bigger-risks.

• Date: August 31, 2019
• Author: Andrew Girt
• Category: Research Project

Close Project

OpenVPN Project

Created my own custom VPN using the OpenVPN framework

INTRODUCTION:

Virtual Private Networks (VPNs) are a type of technology that gives you the ability to create a secure and encrypted connection to another network. Let’s use the internet as an example. Think of it as a tunnel that your web requests must go through in order to receive a response from another web server. Instead of your information being sent through unsecured networks, the VPN will conceal it with values you can set, such as location and system information. The most popular use for a VPN is using it for secure browsing of the internet, as well as accessing services that would not usually be allowed in your country.

For this project, I set out to make my own secure VPN instead of just buying one. We all know there are many options out there for VPNs but the same question is always asked. Even though we are using a VPN, the provider still might be collecting all our network traffic and we would never know. That is where creating your own has its advantage.

During my research of this project, I decided it would be best to make a list of everything I needed to get officially set up and running so I could be more organized.

REQUIREMENTS:

1. Web Server - Something preferably cheap and fast so that my web traffic won’t be affected. I have experience with web servers from hosting Minecraft servers when I was a kid so this shouldn’t be too hard.
2. A good tutorial - Now I think it’s safe to say not many people can truly create a VPN from scratch. As in coding everything by themselves. So I have to find a framework and tutorial that can assist me and give me the necessary tools to create the VPN.
3. Putty - In order to SSH into our virtual host, we need to use Putty or another application that will allow us to connect remotely.
4. A good music playlist - Make sure to have your best Spotify playlist at the ready so you can truly focus and wire into your work.
5. Patience - We’re definitely going to run into problems along the way so I grabbed a coffee and made sure I wasn’t doing anything the rest of the day.

RESEARCH:

While doing my research, I found an excellent tutorial from a new website I recently encountered called Digital Ocean. The best thing about this site is that it also provides extremely affordable hosting options called Droplets which are essentially virtual machines in the cloud. The cheapest option is $5/month and has incredible speeds thanks to their data center in Toronto. So with that, I think we can check off the requirements for this project and get started!

When selecting a droplet from Digital Ocean, they give you plenty of options of customization including operating system, memory, hard disk space, etc. I have chosen to use Ubuntu 18.04 as my OS because that’s what the tutorial has outlined as the best option to use.

CONFIGURATION:

Once the droplet is setup, Digital Ocean will provide you with the server IP address and from there, we can SSH into our machine. Next, we have to initially set up the machine and make sure everything is working. First, I created a user account and performed system updates (apt-get update, etc). Second, we need to grant permissions to our new user account so that we can run sudo commands through it. Lastly, we are going to set up a firewall on our machine, this is a good thing to have in place just as the first layer of security. (Throughout this project, I also wanted to incorporate as much security as possible into the VPN. This is a good mindset to have for any of your projects.)

Note: We will also need a 2nd machine (Droplet) to act as a certificate authority (CA) machine. This will ensure a more secure way of signing your certificate requests for the hosts. Although it is possible to use one machine for both tasks, it is recommended that you use two standalone servers for this security risk. Once you have the 2nd machine setup, you should do the same initial configuration mentioned in the above paragraph.

Once both machines are set up, it’s just a matter of following the tutorial really. The majority of the commands are easy to follow and I didn’t run into many issues. The tutorial does a good job of explaining the steps as you go through them, and that way, it’s not just a basic tutorial telling you what commands to type in but not actually explaining what they do.

After you have completed all the commands and setup. You can choose what device(s) you wish to transfer the .ovpn file too. I created 3 separate client files for 3 devices I wanted to use the VPN for. Each device had a different method of transferring. Once you have the .opvn file on your host device, you need to download the actual application that will allow you to activate the VPN. The VPN we just built uses the OpenVPN framework and library so you need to find an application that supports it. Luckily, they should all be free because it’s an open-sourced project. Now I will go through the process of setting up a VPN on my Mac computer. I used an application called Tunnelblick which was free and supports OpenVPN. Once I got it, I had to transfer the file from my windows computer (Where I created the VPN) to my mac. Linux distros have an easy method of transferring files through the terminal by using SFTP. One command later and you have the file on your desktop.

TESTING IT OUT:

Now we actually need to test to see if the VPN does its job. This can be achieved in a few ways. The first is just looking up “What is my IP” on a search engine and the IP should point to the actual IP of your Digital Ocean server. This makes sense because if we set up everything correctly, all our web traffic will be passing through the VPN before it routes to the internet, thus, our public IP address will be that of the server. Next, we should check if our location is still be leaked. You can do a WHOIS search and see basic information about an IP and the location associated with that address. My public IP now points to Toronto (Where the server is located) and says my ISP is Digital Ocean. Lastly, we can do a DNS leak test for final validation.

Tunnelblick connecting to my mac

Weird, I don’t live in Toronto. The VPN seems to have worked! (I decided not to share my IP in this screenshot for my own security, but I can ensure you, my public IP now points to my Digital Ocean server IP)

Yep, definitely seems to have worked. This site says my ISP is OpenDNS, which is the framework I used to create my DNS configuration in the server.

WHAT I LEARNED:

This project taught me a lot about the Ubuntu OS and command syntax, I’m way more confident now on how to make my way around Linux and having more knowledge about permissions and command use. This was definitely a project that will prove to be useful for me. I’ve always wanted a VPN, but now I can say I created one myself for the same price as a coffee. The best thing about this is I can disable the server whenever I want to save money, So that $5/month I mentioned above, only is true if you leave the server running 24 hours a day. Overall, I’m very happy with how this project turned out and this certainly won’t be my last security project. Stay tuned for more!

REFERENCES:

“Pricing on DigitalOcean – Cloud Virtual Machine & Storage Pricing.” SQLite vs MySQL vs PostgreSQL: A Comparison Of Relational Database Management Systems | DigitalOcean, DigitalOcean, http://www.digitalocean.com/pricing/.
Drake, Mark. “ How To Set Up an OpenVPN Server on Ubuntu 18.04.” Digital Ocean, DigitalOcean, 24 May 2018, http://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-18-04.
Ellingwood, Justin. “ Initial Server Setup with Ubuntu 18.04.” Digital Ocean, DigitalOcean, 27 Apr. 2018, http://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-18-04.

• Date: February 13, 2019
• Author: Andrew Girt
• Category: Personal Project

Close Project

SIEM Project

Security Information and Event Management Research Paper

INTRODUCTION:

Security Information and Event Management (SIEM) is a type of software that can collect, log and filter data about an organization's network traffic in real-time. It has the ability to detect incoming security attacks and alert the company’s analysts before major damage can be inflicted. This information is all displayed in a centralized hub that makes troubleshooting and fixing problems much more easier than before.

OVERVIEW:

To first understand how a SIEM functions, we need to look at the history of them and how they have evolved. SIEM’s have been around for over a decade but is now entering a new phase. With big data becoming more and more prevalent in technology, the principle of SIEM’s have been focused more on the collection and logging of threats to an organization and filtering them according to threat level and importance. The best way to describe SIEM is to think of it as a hub for all your network traffic. You can use it to view anything and everything that goes through your network, or narrow it down to just security-related issues. You can filter searches based on a number of different factors such as operating system, cloud vendor, firewall events, type of attack, etc. These are all organized for you automatically based on the pre-set rules you set in place. For example, say my job was to identify and respond to incidents relating to Linux events. I could narrow down the search to only events within the last 24 hours and set it to alert me when malware is detected. The system would cater the menus appropriately to show me this information, in which case it would show me information about the source, destination and time of the attack. Some SIEM’s can even recommend steps to take in neutralizing the threat. Once I have fixed the problem, I can set the tag on the event to complete, thereby letting the other analysts know the problem has been fixed.

Another big part of future security analysis will be the implementation of more advanced IPS systems. These systems are a huge part of detecting and stopping threats before they occur. I’ve done some research and it seems that more vendors are starting to combine these systems with others. Palo Alto Networks has combined their advanced firewalls with built-in IPS and operation rules. This allows organizations to put in place security policies in their firewall to only allow certain things to get through based on the company’s security policies. What is interesting, is the sheer amount of options that vendors are giving us with regards to choice. Additionally, some SIEM’s have advanced user monitoring. The biggest security risks of the future won’t come from the outside world, but within your organization from employees that don’t understand security and/or are not trained to spot malicious intents from hackers. With user monitoring, you can pinpoint exactly who and where something happened, giving you the resources to report on the issue.

During my time researching for this project, I came across a number of different vendors that offer SIEM solutions for commercial and public use. I was able to access AlienVault’s free demo of their USM system which is essentially their version of SIEM. This demo was surprisingly very detailed and well-thought-out. It displays all the things that a real SIEM would have and allowed you to interact with the system in real-time. Investigating alerts, incident response, generate reports and asset management were all included. Testers have the ability to investigate threats and search for solutions all in one, place making the experience seem very real. Here are some pictures from the dashboard.

AlienVault USM Dashboard – Displays general info about alerts and recent events

This makes it easy to understand what’s going on, I like how the graphs are clear and easy to analyze. You can also see sensor activity based on pre-set configurations.

An alarm was triggered 2 minutes ago! We can see here that it’s malware and the priority is set to high. This means we should investigate the problem ASAP.

Another example of an alert. This time someone is trying to brute force into our system. Let’s respond and see what we can do.

RESPOND:

It seems the person is from China and has a source IP of 121.18.238.98. The page also tells us the client is using a fake version of Putty. To see what we could do, the system also reveals a recommendation for mitigating the problem and future ones from happening.

The Future of SIEM's:

The future of SIEM’s cannot be described so easily. Many things could happen. I think with the adaption of more cloud services within companies, we'll start to see more cloud-based solutions for monitoring and managing threats. Another aspect will be how artificial intelligence integrates with SIEM’s and the advantages this could bring. The number one goal of SIEM’s is to give us the intelligence on how to mitigate security risks from spreading and responding to those risks accordingly. I think SIEM’s will continue to improve over time, combining the use of many popular systems to create an organized central hub for all data to be displayed.

CONCLUSION:

With the SIEM market being valued at over $2 billion, it’s safe to say that the importance of intelligence matters to companies. This technology is something I find very interesting and I think the evolution of SIEM’s will only get exceedingly better. I hope that I will get to work more with this technology in the future, to help provide a secure world for all of us. That’s the goal at the end of the day.

SOURCES:

“DarkTrace and SIEMs.” BlueKarmaSecurity, bluekarmasecurity.net/wp-content/uploads/2017/05/How-is-Darktrace-different-from-a-SIEM.pdf.
“The SIEM Buyer’s Guide.” Splunk, 2018, http://www.splunk.com/pdfs/buyers-guides/the-siem-buyers-guide.pdf.
AlienVault. “Let’s Get You in the Driver’s Seat!” Incident Response Process and Procedures | AlienVault, http://www.alienvault.com/thank-you/usma-live-demo-site.
Malik, Javvad, and IDG Contributor Network. “The SIEM Is Evolving.” CSO Online, CSO, 12 Dec. 2017, http://www.csoonline.com/article/3241808/data-protection/its-not-your-parents-siem.html.

• Date: February 2, 2019
• Author: Andrew Girt
• Category: Research Project

Close Project

Coming Soon

...

...

• Date:
• Author:
• Category:

Close Project