Transcript ch 13 File
Computer Security Fundamentals by Chuck Easttom Chapter 13 Cyber Detective Case study from chapter 12 Jane Doe is the network administrator responsible for security for a small defense contractor. Her company does handle some lowlevel classified material. She has implemented a strong security approach that includes the following: ■ A firewall has all unneeded ports closed. ■ Virus scanners are placed on all machines. ■ Routers between network segments are secured. ■ All machines have the operating systems patched monthly. ■ Passwords are long, complex, and change every 90 days. What other recommendations would you make to Jane Doe? Explain the reasons for each of your recommendations. © 2012 Pearson, Inc. Chapter 13 Cyber Detective 2 Chapter 13 Objectives Find contact information on the web Locate court records on the web Locate criminal records on the web Use Usenet newsgroups to gather information © 2012 Pearson, Inc. Chapter 13 Cyber Detective 3 Introduction Preceding chapters have examined these topics: Identity theft Hacking Investigating potential employees © 2012 Pearson, Inc. Chapter 13 Cyber Detective 4 Introduction (cont.) Identity theft Criminals use a small amount of information to garner more. Look at Internet techniques for finding additional information. Security personnel need to know how this is done to defend against it. © 2012 Pearson, Inc. Chapter 13 Cyber Detective 5 Introduction (cont.) Hacking Obtain information to social engineer or to guess passwords. Investigating potential employees Calling references may not be enough. Hiring a private detective may be impractical. © 2012 Pearson, Inc. Chapter 13 Cyber Detective 6 Introduction (cont.) Network administrators in particular must be investigated. The network cannot keep out the person who set it up. Information about his past from a source other than supplied references may affect the hiring decision. © 2012 Pearson, Inc. Chapter 13 Cyber Detective 7 Introduction (cont.) The Internet is a valuable investigative tool. Useful for finding out about potential employees, babysitters, and so forth. Much of the information is free. States have court records online. © 2012 Pearson, Inc. Chapter 13 Cyber Detective 8 Introduction (cont.) Information is a two-edged sword. An innocent person may use it for legitimate investigations. A less scrupulous person may use it for identity theft or stalking. Invasion of privacy has ethical, moral, and legal ramifications تداعيات. Practice searches on your own name unless you have written consent. © 2012 Pearson, Inc. Chapter 13 Cyber Detective 9 General Searches Search to find addresses, phone numbers, or e-mail addresses www.yahoo.com www.infobel.com www.smartpages.com www.theultimates.com/white www.bigfoot.com www.whowhere.com www.switchboard.com © 2012 Pearson, Inc. Chapter 13 Cyber Detective 10 Court Records and Criminal Checks (cont.) Civil court records Civil issues, as well as crimes, may make a person unsuitable for a particular job. No centralized Web site for these issues. Many states and Federal courts offer online records, for example: www.oscn.net/applications/oscn/casesearch.asp © 2012 Pearson, Inc. Chapter 13 Cyber Detective 11 Court Records and Criminal Checks (cont.) Other resources The National Center for State Courts The Law School at Emory University www.ncsconline.org/ www.law.emory.edu/FEDCTS/ Public record finder www.freeprf.com/ © 2012 Pearson, Inc. Chapter 13 Cyber Detective 12 Court Records and Criminal Checks (cont.) Other resources Pacer The Boost www.pacer.psc.uscourts.gov/ www.theboost.net/court_records/ State public access ctl.ncsc.dni.us/publicaccess/ © 2012 Pearson, Inc. Chapter 13 Cyber Detective 13 Court Records and Criminal Checks (cont.) Other resources Prison searches www.ancestorhunt.com/prison_search.htm Federal prison records www.bop.gov Public records www.searchsystems.net/ United Kingdom public records www.pro.gov.uk © 2012 Pearson, Inc. Chapter 13 Cyber Detective 14 Usenet Newsgroups on many subjects. Use Google “Groups” option. Anyone can post anything . Search for potential employees. Can be an important investigative tool. Information must be verified elsewhere. © 2012 Pearson, Inc. Chapter 13 Cyber Detective 15 Overview What is Usenet? Articles & Distribution Servers Newsgroups Binary Content & Retention Time What isn’t Usenet? It isn’t a computer network It isn’t the internet It isn’t a large bulletin board system (BBS) What is Usenet? Computers communicate through protocols This is how Usenet is possible Different from the TCP/IP protocol Developed in 1980 at the University of North Carolina and Duke University Articles Must include a header and body Similar to email Rules for distribution Article Distribution Any message contributed gets sent out and copied to all servers The articles are distributed to every Usenet server (180,000 as of 1994) Wikipedia.org Assigned to a newsgroup Usenet Servers Information is decentralized Similar to a Peer to Peer network (Server to Server) Today information is sent through the internet www.top1000.org/ Newsgroups comp.*: computer-related discussions humanities.*: Fine arts, literature, and philosophy misc.*: Miscellaneous topics news.*: Discussions and announcements about news (meaning Usenet, not current events) rec.*: Recreation and entertainment sci.*: Science related discussions soc.*: Social discussions talk.*: Talk about various controversial topics Wikipedia.org Flooding Algorithm Used in Usenet and peer-to-peer file sharing systems Each node acts as both a transmitter and a receiver Each node tries to forward to every neighbor except the source node Binary Content Convert file into 8-bit ASCII values Restricted to specific newsgroups Split into segments because of article size restriction Wikipedia.org Parity Files Used for data recovery Forward error correction Allows for verification of data to recover corrupt or lost data Retention استبقاءTime Storage for each group is limited Retention time started out small Public servers often have small retention times Usenet Traffic Traffic has increased over time Most of this is binary content Wikipedia.org ISP’s and Usenet Many offer a Usenet server Ones that don’t often offer access from another provider Who Owns Usenet? No one controls Usenet Loose collection of administrators The software distributes Usenet articles to every server that’s willing to accept them Newsreaders Program used to navigate Usenet Many newsreaders may access the server at a time Newsreaders may do different tasks Future of Usenet Not well known among new internet users Reliant on administrator’s donated disk space Cost of storage is dropping as Usenet demand is growing Importance of Usenet Precursor نذيرto web forums Internet culture was born on Usenet Immense repository of files HW. Describe how can we use Usenet services in Palestine if possible Google groups © 2012 Pearson, Inc. Chapter 13 Cyber Detective 35 Gathering information a bout a person Social networks Facebook Twitter Linkedin Instgam Chat rooms Search engines © 2012 Pearson, Inc. Chapter 13 Cyber Detective 36 Discussion How can you use facebook to gather sensitive information about a person What makes that easy to collect How to avoid What other resources can be used to gather information about persons in PALESTINE © 2012 Pearson, Inc. Chapter 13 Cyber Detective 37 Summary The Internet is a valuable investigative resource To hackers and identity thieves To employers of network administrators as well as babysitters Periodically check your own identity to see what information is available. © 2012 Pearson, Inc. Chapter 13 Cyber Detective 38