NYSCATE 2008 Notes/Reflections
Leaving Digital Footprints that Count -
Presenter: Stephen Ransom
Lots of statistics about student social networking, including comparisons of teens and adults. Many of their "friends" are hardly known to them, and might become unknown soon. Clever video segments about cybersafety, Facebook satire.
1 in 5 company managers check out job applicants online.
1/3 reject the candidates because of what they see.
"Personal Online Brand" ==105 of admissions officer check student pages. 38% negative influenced, 25% positively.
New industry: online reputation management services (i.e. SERM International, trackur
Will Richardson wrote about how we ought to be making ourselves "clickable"--our work should be online, for people to interact with.
71% of students use social networking sites weekly.
96% have used them.
No one's teaching this. They're creating their digital footprints without us.
Students competing for slots at elite colleges sabotaging each other's facebook pages.
Be professional:
Treat it like your work desk, make beneficial connections, add friends selectively, be philanthropic.
Ask folks to take down questionable content. Leave a clean footprint, make sure th footprint matches your size.
40% of student profiles are unrestricted. They don't understand privacy or group restrictions.
2 Simple checks--Mom/Grandma--is what we have online something they would approve of?
--Front Page News
GoogleSites
See peepeeface.com
Media That Matters
Main School District 48 bought each graduating student a domain name which includes, among things, a resume maker.
We're much more focused on what students shouldn'tdo, much less on what they should.
CSI NYSCATE--A Brief Introduction to Computer Forensic Analysis
Jeffrey Ginsberg (Javelin Digital Forensics LLC)
Used to present how to hack into networks. Very busy the last 2 years, coinciding with school audits.
What is Cyber Crime--Zombie, Denial of Service, getting on to someone's computer withut their permission
Crimes where computers contain evidence--porno, stalking, copyrights infringement. If you're using school equipment at home, be careful
Crimes where the computer used to commit the crime-password theft, identity theft, web site defacement
4 kinds of attacks: denial of service, physical or logical (changing passowrd, filling with spam)
Social engineering--gathering info, like passwords
Technical--hacking, piracy (stealing aps, music) rights escalation (changing from user to teacher to admin
Sniffing--on the linem keyloggers--logs keystrokes
Intrusion Approaches:
Target selection, research and background info-internet searches, whois, nslookup
Preliminary probing--getting passwords (dictionary probes tries every word in dictionary as pasword), POP probe, sniffig, DNS zone transfer, SMTP probe
Cleaning up after an attack:
Delete Tools, Delete work files, delete or modify logs,
Treat every incident as if it will end up in a criminal prosecution.
Your investigative tool kit--
Policies--define actions you can take, clear and simple--must tell them where they can find IAUP. employees must acknowledge having read them and will comply with them
Profiling--disgruntled/problem employee, students, Pros
How was access obtained (how'd you get that key? What are you doing in this closet?) What skills were required? Previous record? Others opinion? Motivation? Personality type. How did the intruder behave on the system? Damage? Clean-up? Theft?
Tools--hardware (tools, drives, computers)
Tools--software (applications, viewers) Sleuth kit--flag overrides, keep logs, include login times (caught someone in a school district logged in on the 4th of July)
Crime scene analysis--computer--secure site (people and equipment), gather and secure media (hard drives, thumb drives, cameras, cellphones, etc.). Disable any suspect access
Crime scene analysis--environment
NEVER work on the original evidence. Make at least one copy, preferably a copy of the copy.
Practice
Time
Goals of an investigation:
To ensure that all applicable logs and evidence are preserved
To understand how the intruder is entering the system
To obtain the info you need to justify obtaining a subpoena
Gather as much evidence as possible
Narrow your list of suspects
Document the damage caused by the intruder in terms of time and money, SSN.
Gather enough info to decide if law enforcement should be involved.
Learn from any mistakes
PRESERVE THE EVIDENCE!
Don't shut down the machine. Contact sys admins, contain damage, collect local logs, imade disks
Building an Incident Report:
Keep a running log of your actions. Document chain of custody.
Presenter: Stephen Ransom
Lots of statistics about student social networking, including comparisons of teens and adults. Many of their "friends" are hardly known to them, and might become unknown soon. Clever video segments about cybersafety, Facebook satire.
1 in 5 company managers check out job applicants online.
1/3 reject the candidates because of what they see.
"Personal Online Brand" ==105 of admissions officer check student pages. 38% negative influenced, 25% positively.
New industry: online reputation management services (i.e. SERM International, trackur
Will Richardson wrote about how we ought to be making ourselves "clickable"--our work should be online, for people to interact with.
71% of students use social networking sites weekly.
96% have used them.
No one's teaching this. They're creating their digital footprints without us.
Students competing for slots at elite colleges sabotaging each other's facebook pages.
Be professional:
Treat it like your work desk, make beneficial connections, add friends selectively, be philanthropic.
Ask folks to take down questionable content. Leave a clean footprint, make sure th footprint matches your size.
40% of student profiles are unrestricted. They don't understand privacy or group restrictions.
2 Simple checks--Mom/Grandma--is what we have online something they would approve of?
--Front Page News
GoogleSites
See peepeeface.com
Media That Matters
Main School District 48 bought each graduating student a domain name which includes, among things, a resume maker.
We're much more focused on what students shouldn'tdo, much less on what they should.
CSI NYSCATE--A Brief Introduction to Computer Forensic Analysis
Jeffrey Ginsberg (Javelin Digital Forensics LLC)
Used to present how to hack into networks. Very busy the last 2 years, coinciding with school audits.
What is Cyber Crime--Zombie, Denial of Service, getting on to someone's computer withut their permission
Crimes where computers contain evidence--porno, stalking, copyrights infringement. If you're using school equipment at home, be careful
Crimes where the computer used to commit the crime-password theft, identity theft, web site defacement
4 kinds of attacks: denial of service, physical or logical (changing passowrd, filling with spam)
Social engineering--gathering info, like passwords
Technical--hacking, piracy (stealing aps, music) rights escalation (changing from user to teacher to admin
Sniffing--on the linem keyloggers--logs keystrokes
Intrusion Approaches:
Target selection, research and background info-internet searches, whois, nslookup
Preliminary probing--getting passwords (dictionary probes tries every word in dictionary as pasword), POP probe, sniffig, DNS zone transfer, SMTP probe
Cleaning up after an attack:
Delete Tools, Delete work files, delete or modify logs,
Treat every incident as if it will end up in a criminal prosecution.
Your investigative tool kit--
Policies--define actions you can take, clear and simple--must tell them where they can find IAUP. employees must acknowledge having read them and will comply with them
Profiling--disgruntled/problem employee, students, Pros
How was access obtained (how'd you get that key? What are you doing in this closet?) What skills were required? Previous record? Others opinion? Motivation? Personality type. How did the intruder behave on the system? Damage? Clean-up? Theft?
Tools--hardware (tools, drives, computers)
Tools--software (applications, viewers) Sleuth kit--flag overrides, keep logs, include login times (caught someone in a school district logged in on the 4th of July)
Crime scene analysis--computer--secure site (people and equipment), gather and secure media (hard drives, thumb drives, cameras, cellphones, etc.). Disable any suspect access
Crime scene analysis--environment
NEVER work on the original evidence. Make at least one copy, preferably a copy of the copy.
Practice
Time
Goals of an investigation:
To ensure that all applicable logs and evidence are preserved
To understand how the intruder is entering the system
To obtain the info you need to justify obtaining a subpoena
Gather as much evidence as possible
Narrow your list of suspects
Document the damage caused by the intruder in terms of time and money, SSN.
Gather enough info to decide if law enforcement should be involved.
Learn from any mistakes
PRESERVE THE EVIDENCE!
Don't shut down the machine. Contact sys admins, contain damage, collect local logs, imade disks
Building an Incident Report:
Keep a running log of your actions. Document chain of custody.
posted by Brad Velcoff at 1:56 PM
0 comments
