[Penner] Blaine Burnham knows computer security. He's in charge of the Nebraska University Consortium on Information Assurance, also known as NUCIA. It's part of the University's Peter Kiewit Institute in Omaha.

[Burnham] Why are we here? We're here because as we move into the information age we need to be able to provide a little discipline, a little organization.

[Penner] Imagine for a moment that these houses are computers. Some are locked...I can't get in. But others are open. I might walk in and take something, maybe make a few long distance calls, or perhaps, if I'm hungry, have a little snack. Now imagine that virtually anyone on the internet can come in, anytime they want.

[Burnham] And a great many of them don't have your best interests at heart. It is a dangerous place to be if you don't pay a little attention to this change that has happened.

[Penner] As Burnham says, there is no neighborhood watch on the internet. But people and businesses can do some things to protect themselves from cyber stalkers.

[Burnham] Here's the date, December 9th. Here's the time, a GMT time. It was a firewall activity, meaning that something was attempted from the outside and blocked by the firewall function of zone alarm.

[Penner] Computers scan the internet for open doors, computers that can be infiltrated.

[Ken Dick-Kiewit Institute] Now again, a scan is like somebody walking by rattling your doorknob. Now if the door is unlocked are they going to walk in? Don't know. But they're looking to find a door that's unlocked.

[Burnham] Ah, here we go. The firewall has just blocked access to our computer. We just...attempted to be scanned from this particular address and it blocked it just fine. That's what Zone Alarm's supposed to do.

[Penner] Firewall software blocks and tracks any attempts to get into your computer through the internet. The codes tell Burnham computers from around the world scanned this machine. This software is called zone alarm. It and other firewalls are available for free on the internet.

[Burnham] "If the bad guy can run his code on your machine, you lose. It's real simple. This is a tool that, considerably constrains the ability of the bad guy to do that."

[Penner] Firewalls aren't foolproof, but they offer good protection.

[Penner] As you were saying, its kind of the analogy of having the door open. If the door's open it's real easy to get in. They might take something or do something, but if they walk by and the door's locked they'll move on to the next.

[Dick] Right. And that firewall is like blocking that door. Now they're going to have to get a little more serious. They're going to have to break a window... they're going to have to be a little bit more intent.

[Penner] At NUCIA, faculty and students look for new ways to protect computers from invaders.

[Burnham] All the connectivity stays within the lab. It's a sandbox, nothing can get out of it and so we use it as a place to try out things.

[Penner] Kecia Gubbels used the lab to develop and test a security tactic called honey pot.

[Kecia Gubbels-Kiewit Institute Student] Honey pot is basically a trap in a way, set up for attackers. Instead of letting them come to you, it's kind of... you put a computer there and set it up to mimic your network and they kind of attack it. And then what you do is put something there to monitor them. And it kinda tells you how they would attack and you can do your research based on that or... If the computer is set up a lot like your network, it shows where your vulnerabilities are... you know, where you got problems and you can maybe fix that.

[Penner] Kecia started college as a business major. Now she wants to focus on computer security as a career.

[Gubbels] it constantly changes. There's always something new. Once you think you've got it you don't. They are you know constantly there's new challenges out there. And I do really enjoy that.

[Dick] And these kids... really make this place exciting to work. They're bright, they're inquisitive, they're always pushing for more information.

[Penner] Ken Dick worked in the private sector for years. He's an expert on computer networks.

[Dick] We have created an incredible dependence on a networked environment. And we have created incredible power.

[Dick] So we're seeing this whole networked model take over. And what I teach is how do you build it? How do you manage it? And how do you keep it from being violated?

[Nicoll] "with this little antenna I've got here...I can get a pretty decent range...just driving down the street..."

[Penner] Alex Nicoll of NUCIA showed us how easy it is to access wireless networks in Omaha. We went "war-driving", cruising with a computer, looking for open networks.

[Alex Nicoll-NUCIA] "picking up a couple of random ones from a couple of businesses here on Dodge street..."

[Nicoll] If we're driving by a business that has all of its machines connected, I can sit outside their store and attack every one of their machines until I find one I can break into and steal information from.

[Penner] That would be illegal, nevertheless, it's possible. Nicoll says war-driving is becoming a popular hobby in certain circles.

[Nicoll] It's less common here than it is in places like san francisco. There's a whole thriving culture around it in a lot of major cities.

[Penner] But don't despair if you have a wireless network. Some simple security steps, usually outlined in the owners manual, will help you protect yourself against intruders.

[Nicoll] One of the things we try and cover in class is, there's no such thing as absolute security. But there's security of a level high enough that you make whoever's interested in bothering you frustrated with the challenge, so they go bother somebody else.

[Penner] At NUCIA, students simulate attacks so they can learn how to stop them.

[Burnham] Part of that exploration is how do the attack tools function? What would you expect to see happen if you... if you got a virus in your system? What would that look like? How do you... what are some of the architectural solutions? There are smart ways to do things, and not so smart ways to do things. So what are some of the smart ways to build information systems so that they become somewhat less amenable to a bad guy doing... having his way with you.

[Penner] Faculty and students also study ways of finding evidence against computer criminals.

[Philip Craiger- Kiewit Institute] Everybody's using computers. And that includes criminals. And that includes terrorists. And that includes child pornographers.

[Penner] Philip Craiger's an expert in cyber forensics.

[Craiger] There's various ways you can hide information or delete information or encrypt information or even hide information within pictures, which is something called stegenography. Or network forensics, which is somebody coming in from the outside, for example Iraq trying to get into our computers. How do we know what they did once they got in? How did they get in? And how do we trace it back to them?

[Penner] Alex Nicoll demonstrated stegonography for us. First he took a picture of our sound man, Jim Lenertz.

[Nicoll] What we're going to do is take this snapshot we have of Jim and hide it inside a picture of Dr. Burnham, our Executive Director Winnie Callahan, and Richard Clarke, the Presidential cybersecurity advisor.

[Nicoll] Here's the original of the three people, and now I'm going to shift to the one with the picture of Jim hidden in it. You can't tell the difference.

[Penner] The same technique can be used to hide a text message in photographs posted on the internet. It's rumored to be a way that terrorists communicate.

[Craiger] Now if you look at that picture, it looks absolutely no different than the normal picture. But actually what you've done is you've replaced some of the graphical bits with text bits. And if you know that information is there you can actually extract that information. It's not just a science 'cause you have to know a lot of the science behind it, but it's also an art because every time you go out on an investigation its probably not going to look the same way.

[Penner] Craiger says law enforcement needs more experts in cyber forensics as computer crime increases. For example, the State Patrol employs a forensics expert in the Internet Crimes Against Children unit.

[Craiger] There is months and months backlog of hard drives sitting on desks because they don't have enough people to take a look at these hard drives and to determine if there's any forensics evidence on them. So we need these types of programs where students can come in and take our courses and then maybe go into law enforcement and get some additional training to assist them in their forensics capabilities.

[Penner] Craiger says private industry also needs experts in computer forensics to investigate internal attacks on their networks.

[Craiger] You know, you've got all these firewalls and intrusion detection systems to try to keep out the bad guys who are outside of your network and then you have people inside that are messing around with your data. Well, you have to be able to determine who... who in accounting or who in marketing or whoever had access to the data, what did they do, how did they do it and so on. And that's where forensics comes into play.

[Penner] Protecting the information stored on computers is important for individuals and businesses. But it's also vital to national security. NUCIA works on protecting computer systems that could be targets for terrorists, computers that control things like communications and transportation systems.

[Burnham] the data processing equipment and tools and operating systems and environments and utilities and applications used by a railroad, used by an insurance company, used by a food company, used by the telecommunications company... it's all going to be about the same. And so... were a bad guy to figure out how to get into it, it could... given access could get into it in lots of different places.

[Penner] But he says the good news is the same security measures have many applications. Finding those solutions takes time, and talented people.

[Burnham] It's a very, very fascinating business, it really is. It's... it's almost always a puzzle... a puzzlement. It's always an... the intellectual stimulation of trying to make sure you understand what's going on in your environment; and is there a bad guy doing something to you? And he's trying to be subtle and he's trying to be sophisticated and how do you see this? It all has a lot of intellectual challenge to it.