Kerry Cox Jr. of Simplified Network Solutions talks about his recent work with Project Sierra, data encryption, the risks often overlooked in our ever-connected world, and how working for the government has helped to shape his career and views on the importance of Internet security.
Cameron Philipp-Edmonds: Today we are joined by Kerry Cox Jr. He’s going to be speaking to us about Project Sierra. Kerry, to start things off, can you tell us a little about yourself and your role at Simplified Network Solutions?
Kerry Cox Jr.: Yes. Like you said before, my name is Kerry Cox. I actually started Simplified Network Solutions because I became concerned about how easy it is for people to pretty much snoop or spy our private lives. Currently, I’m working for the Department of Defense as a network engineer and also as an information security officer. What that entails is me giving a lot of training in the latest techniques as far as to what hackers are doing—how they eavesdrop and what tools they’re using.
Project Sierra came from a combination of different things. The whole NSA, Eric Snowden leak, talking about all the information that they were capturing by Googling on the Internet, which was a problem. It was a problem but it wasn’t the problem. Having said that, with my job, I get a lot of training. I was, as far as training, to get certified in CEH:certified ethical hacking. All that does is just keep up to speed with everything's that's going on out there on the Internet.
While starting with this training, I ran across a couple of tools that were out there. At the time they’d been out there for about two years, all the Shodan HQ. If you're not familiar with Shodan HQ basically it does on the civilian level what the NSA was doing, in my opinion. That's just my opinion only. I don't know what the NSA is says because I don't work for them.
What it was doing was it was cataloging all IP addresses of all connected devices in the entire world regardless of what your region is and it was auditing your security posture. That went with your digital router, your file server at home, your computers. Your web panel is the biggest issue. Security cameras that businesses use, and even a couple of government agencies that were exposed to this type of audit.
I dug a little deeper into it and Forbes put out an article saying exactly what this web site does. If you're technically savvy enough you can tailor the software into querying this database of IP addresses and security postures and getting it to exploit anybody that you want. To me that was the biggest issue that I saw at the time as far my training was concerned, because a lot of these hacker techniques are outside the region of the average user who just post an Instagram picture.
What this did was it lowered the barrier of entry into either one just going into random people's networks, their home networks, and doing whatever it is they want to do or it could even target somebody if they were exposed. If I were a malicious hacker, and that's the term we use: hacker. If I were malicious, and let's say I were an ex boyfriend or something like that, the first thing I would do is just look for my target's IP address on this web site and if it's up there, then I'd see if it already has a security posture that is being audited from that target.
Having said all that, I personally encrypt all my traffic leaving from my house to the Internet with a site-to-site GRE route. It was pretty difficult to use, even with what I do for a living. I've been doing this for about ten years, a little more than ten years. The first time, it took me about a month to find the proper hardware for the proper service to put all this stuff together and then I kind of let it go.
Then, I wanted to go back to it and there were some updates that went out and it still took me another two weeks of understanding to get it to a working condition. That's where I got to the point where I am now with the Kickstarter. That's why Project Sierra was started. It is, in a nutshell, a consumer-grade networking encryption device for the average user, with a touch-screen interface. So instead of uploading or installing different type of running configurations or sig files to the router and then try to set up a VPN. This will do it automatically from a touch-screen interface on the top of the router itself.
Cameron: Right, so it really makes it much easier for the average person to encrypt their data and make sure that they're anonymous.
Kerry: Exactly. At the very least being anonymous. Having said that, just to go on the other side of it, there's nothing that's 100 percent secure in networking, in computers, period. Point blank—end of story. You can always make it more difficult, add another layer of security or try to get down to the most granular level, but someone's going to find some type of opening.
I'd also like to be able to provide some type of live updates once a vulnerability has been exposed and be able to push that out to the individual. So kind of like Windows update, if you will, and I use that term loosely. Once that vulnerability is out there, it needs to be patched. You can push it out there and it's not really an issue.
In this day and age with connected devices, it's not enough at this point in time for you to have a firewall outside of your connection that protects your home. Firewalls don't protect you from your trasffic being intercepted between point A and point B. That's kind of what the Project Sierra aims to do.