Transcript ch 13 File
Computer Security
Fundamentals
by Chuck Easttom
Chapter 13 Cyber Detective
Case study from chapter 12
Jane Doe is the network administrator
responsible for security for a small defense
contractor. Her company does handle some lowlevel classified material. She has implemented a
strong security approach that includes the
following:
■ A firewall has all unneeded ports closed.
■ Virus scanners are placed on all machines.
■ Routers between network segments are secured.
■ All machines have the operating systems patched monthly.
■ Passwords are long, complex, and change every 90 days.
What other recommendations would you make to Jane Doe?
Explain the reasons for each of your recommendations.
© 2012 Pearson, Inc.
Chapter 13 Cyber Detective
2
Chapter 13 Objectives
Find contact information on the web
Locate court records on the web
Locate criminal records on the web
Use Usenet newsgroups to gather
information
© 2012 Pearson, Inc.
Chapter 13 Cyber Detective
3
Introduction
Preceding chapters have examined these
topics:
Identity theft
Hacking
Investigating potential employees
© 2012 Pearson, Inc.
Chapter 13 Cyber Detective
4
Introduction (cont.)
Identity theft
Criminals use a small amount of information
to garner more.
Look at Internet techniques for finding
additional information.
Security personnel need to know how this is
done to defend against it.
© 2012 Pearson, Inc.
Chapter 13 Cyber Detective
5
Introduction (cont.)
Hacking
Obtain information to social engineer or to
guess passwords.
Investigating potential employees
Calling references may not be enough.
Hiring a private detective may be
impractical.
© 2012 Pearson, Inc.
Chapter 13 Cyber Detective
6
Introduction (cont.)
Network administrators in particular must be
investigated.
The network cannot keep out the person who
set it up.
Information about his past from a source other
than supplied references may affect the hiring
decision.
© 2012 Pearson, Inc.
Chapter 13 Cyber Detective
7
Introduction (cont.)
The Internet is a valuable investigative tool.
Useful for finding out about potential
employees, babysitters, and so forth.
Much of the information is free.
States have court records online.
© 2012 Pearson, Inc.
Chapter 13 Cyber Detective
8
Introduction (cont.)
Information is a two-edged sword.
An innocent person may use it for legitimate
investigations.
A less scrupulous person may use it for identity
theft or stalking.
Invasion of privacy has ethical, moral, and
legal ramifications تداعيات.
Practice searches on your own name unless
you have written consent.
© 2012 Pearson, Inc.
Chapter 13 Cyber Detective
9
General Searches
Search to find addresses, phone numbers, or
e-mail addresses
www.yahoo.com
www.infobel.com
www.smartpages.com
www.theultimates.com/white
www.bigfoot.com
www.whowhere.com
www.switchboard.com
© 2012 Pearson, Inc.
Chapter 13 Cyber Detective
10
Court Records and Criminal
Checks (cont.)
Civil court records
Civil issues, as well as crimes, may make a
person unsuitable for a particular job.
No centralized Web site for these issues.
Many states and Federal courts offer online
records, for example:
www.oscn.net/applications/oscn/casesearch.asp
© 2012 Pearson, Inc.
Chapter 13 Cyber Detective
11
Court Records and Criminal
Checks (cont.)
Other resources
The National Center for State Courts
The Law School at Emory University
www.ncsconline.org/
www.law.emory.edu/FEDCTS/
Public record finder
www.freeprf.com/
© 2012 Pearson, Inc.
Chapter 13 Cyber Detective
12
Court Records and Criminal
Checks (cont.)
Other resources
Pacer
The Boost
www.pacer.psc.uscourts.gov/
www.theboost.net/court_records/
State public access
ctl.ncsc.dni.us/publicaccess/
© 2012 Pearson, Inc.
Chapter 13 Cyber Detective
13
Court Records and Criminal
Checks (cont.)
Other resources
Prison searches
www.ancestorhunt.com/prison_search.htm
Federal prison records
www.bop.gov
Public records
www.searchsystems.net/
United Kingdom public records
www.pro.gov.uk
© 2012 Pearson, Inc.
Chapter 13 Cyber Detective
14
Usenet
Newsgroups on many subjects.
Use Google “Groups” option.
Anyone can post anything .
Search for potential employees.
Can be an important investigative tool.
Information must be verified elsewhere.
© 2012 Pearson, Inc.
Chapter 13 Cyber Detective
15
Overview
What is Usenet?
Articles & Distribution
Servers
Newsgroups
Binary Content & Retention Time
What isn’t Usenet?
It isn’t a computer network
It isn’t the internet
It isn’t a large bulletin board system (BBS)
What is Usenet?
Computers communicate through protocols
This is how Usenet is possible
Different from the TCP/IP protocol
Developed in 1980 at the University of North
Carolina and Duke University
Articles
Must include a header and body
Similar to email
Rules for distribution
Article Distribution
Any message contributed
gets sent out and copied to
all servers
The articles are distributed
to every Usenet server
(180,000 as of 1994)
Wikipedia.org
Assigned to a newsgroup
Usenet Servers
Information is decentralized
Similar to a Peer to Peer network (Server
to Server)
Today information is sent through the
internet
www.top1000.org/
Newsgroups
comp.*: computer-related discussions
humanities.*: Fine arts, literature,
and philosophy
misc.*: Miscellaneous topics
news.*: Discussions and
announcements about news (meaning
Usenet, not current events)
rec.*: Recreation and entertainment
sci.*: Science related discussions
soc.*: Social discussions
talk.*: Talk about various
controversial topics
Wikipedia.org
Flooding Algorithm
Used in Usenet and peer-to-peer file sharing
systems
Each node acts as both a transmitter and a
receiver
Each node tries to forward to every neighbor
except the source node
Binary Content
Convert file into 8-bit ASCII values
Restricted to specific newsgroups
Split into segments because of article size
restriction
Wikipedia.org
Parity Files
Used for data recovery
Forward error correction
Allows for verification of data to recover
corrupt or lost data
Retention استبقاءTime
Storage for each group is limited
Retention time started out small
Public servers often have small retention
times
Usenet Traffic
Traffic has increased over time
Most of this is binary content
Wikipedia.org
ISP’s and Usenet
Many offer a Usenet server
Ones that don’t often offer access from
another provider
Who Owns Usenet?
No one controls Usenet
Loose collection of administrators
The software distributes Usenet articles to
every server that’s willing to accept them
Newsreaders
Program used to navigate Usenet
Many newsreaders may access the server at
a time
Newsreaders may do different tasks
Future of Usenet
Not well known among new internet users
Reliant on administrator’s donated disk space
Cost of storage is dropping as Usenet
demand is growing
Importance of Usenet
Precursor نذيرto web forums
Internet culture was born on Usenet
Immense repository of files
HW. Describe how can we use Usenet
services in Palestine if possible
Google groups
© 2012 Pearson, Inc.
Chapter 13 Cyber Detective
35
Gathering information a bout a
person
Social networks
Facebook
Twitter
Linkedin
Instgam
Chat rooms
Search engines
© 2012 Pearson, Inc.
Chapter 13 Cyber Detective
36
Discussion
How can you use facebook to gather
sensitive information about a person
What makes that easy to collect
How to avoid
What other resources can be used to gather
information about persons in PALESTINE
© 2012 Pearson, Inc.
Chapter 13 Cyber Detective
37
Summary
The Internet is a valuable investigative
resource
To hackers and identity thieves
To employers of network administrators as
well as babysitters
Periodically check your own identity to see
what information is available.
© 2012 Pearson, Inc.
Chapter 13 Cyber Detective
38