I'm really not planning to forge report cards, honest.
November 6, 2010 2:16 PM Subscribe
[NaNoWriMo Filter] Help me research network security for my novel please.
I want to learn more about security issues in setting up a high school computer network. I could outline pretty well the answers to these suggested beginning questions, but I really don't know much about what I would then do with that information, in terms of the practical techniques to secure data access, mostly. What might be some relatively common unsafe practices amongst sysadmins who are not very security savvy? What are basic safe practices?
I don't want you to do the research for me. Really I'm just asking you to point me in the direction of reliable and reasonably accessible sources of information/instruction. I'd prefer resources that are freely available online.
And yes, while this is for a NaNoWriMo novel, I don't have any expectation that I will actually be able to complete this research and write in the relevant plot details during the month of November. It's something that I am interested in learning about, generally, and it also happens to tie in with the novel.
I want to learn more about security issues in setting up a high school computer network. I could outline pretty well the answers to these suggested beginning questions, but I really don't know much about what I would then do with that information, in terms of the practical techniques to secure data access, mostly. What might be some relatively common unsafe practices amongst sysadmins who are not very security savvy? What are basic safe practices?
I don't want you to do the research for me. Really I'm just asking you to point me in the direction of reliable and reasonably accessible sources of information/instruction. I'd prefer resources that are freely available online.
And yes, while this is for a NaNoWriMo novel, I don't have any expectation that I will actually be able to complete this research and write in the relevant plot details during the month of November. It's something that I am interested in learning about, generally, and it also happens to tie in with the novel.
I worked as a network manager in a high school for a number of years and deadmessebger is right about the social engineering. The kids simply used the logins of staff members.
In most cases the teachers happily handed the password over. No matter how often we told the teachers how terrible this was they continued to do it.
posted by moochoo at 3:02 PM on November 6, 2010
In most cases the teachers happily handed the password over. No matter how often we told the teachers how terrible this was they continued to do it.
posted by moochoo at 3:02 PM on November 6, 2010
Response by poster: Since I'm going to be using this in a novel, I would much prefer my source not to be a fictionalized account. It's more like I'd like to read up on the kinds of things that might be reference sources for someone writing those kinds of books.
posted by bardophile at 3:06 PM on November 6, 2010
posted by bardophile at 3:06 PM on November 6, 2010
Don't think of them as fictionalized accounts. They're really anonymized case studies, with some fictionalized narrative tying it all together. I know the principal author of those books personally, and he's a real information security professional who knows his craft.
But, if you're more looking for reference works, any CISSP study guide might give you what you're looking for. The CISSP is kind of the gold standard certification for infosec professionals, and the material covered is considered by those in the field to be a "mile wide and an inch deep" survey of the practice. I wouldn't recommend this for someone actually studying for the exam, but since you're not, I would recommend the CISSP for Dummies book. It'll give you a decent overview of infosec - at least enough to write your novel.
Good luck!
posted by deadmessenger at 4:11 PM on November 6, 2010
But, if you're more looking for reference works, any CISSP study guide might give you what you're looking for. The CISSP is kind of the gold standard certification for infosec professionals, and the material covered is considered by those in the field to be a "mile wide and an inch deep" survey of the practice. I wouldn't recommend this for someone actually studying for the exam, but since you're not, I would recommend the CISSP for Dummies book. It'll give you a decent overview of infosec - at least enough to write your novel.
Good luck!
posted by deadmessenger at 4:11 PM on November 6, 2010
You don't say what your particular level of expertise is, so forgive me if I'm mentioning things that are obvious to you. While I can't speak specifically to securing a high school computer network, the general rule of thumb is that you're only really as secure as your weakest link. Using super strong passwords or advanced cryptographic techniques is all well and good, but it can be like installing a bank vault door on the front of your house. Any decent thief will respond by breaking a window. (By the way, that metaphor isn't mine, but I couldn't tell you who I first heard it from.)
Thinking about security means thinking about your threat model, that is, the types of attacks you are setting out to defend against. As attacks become outdated, they are supplanted by newer and sneakier approaches. Obviously high school kids aren't generally going to be on the cutting edge, but of course there may be a handful of bright students who could come up with novel tactics.
Go to your library or bookstore and look for a copy of Applied Cryptography by Bruce Schneier; the introductory bits and real world examples may at least prove useful to you, even if the math of RSA or elliptic curve cryptosystems makes you go cross-eyed.
posted by axiom at 7:18 PM on November 6, 2010
Thinking about security means thinking about your threat model, that is, the types of attacks you are setting out to defend against. As attacks become outdated, they are supplanted by newer and sneakier approaches. Obviously high school kids aren't generally going to be on the cutting edge, but of course there may be a handful of bright students who could come up with novel tactics.
Go to your library or bookstore and look for a copy of Applied Cryptography by Bruce Schneier; the introductory bits and real world examples may at least prove useful to you, even if the math of RSA or elliptic curve cryptosystems makes you go cross-eyed.
posted by axiom at 7:18 PM on November 6, 2010
Response by poster: Sorry, I should have mentioned level of expertise. I know my way around my own computer, have assembled a PC or two, was double booting Ubuntu and Windows for a while, until I got into a situation where I couldn't access the internet from Ubuntu (I'm in the UAE; don't ask. grrrr). I'm generally the family "go to" person for PC troubleshooting.
On the other hand I have no particular knowledge of network security, other than what one would pick up from reading Lifehacker, using BitTorrent, setting up a VPN to access Skype, etc.
The Schneier and CISSP books sound like great places to start. I'd kind of like to see if I can come up with a plausible "bright high school kids" vs "incompetent school sysadmin" hacking scenario on my own before I look at the Stealing the Network books.
Thank you, and if anyone has further suggestions, I would appreciate them.
posted by bardophile at 10:13 PM on November 6, 2010
On the other hand I have no particular knowledge of network security, other than what one would pick up from reading Lifehacker, using BitTorrent, setting up a VPN to access Skype, etc.
The Schneier and CISSP books sound like great places to start. I'd kind of like to see if I can come up with a plausible "bright high school kids" vs "incompetent school sysadmin" hacking scenario on my own before I look at the Stealing the Network books.
Thank you, and if anyone has further suggestions, I would appreciate them.
posted by bardophile at 10:13 PM on November 6, 2010
Do you want an 'ideal' high school network or the kind that actually exists in the real world? There have been tons of stories on reddit, slashdot and 4chan from high school kids hacking their school network. I don't know if they're accurate, but they're certainly believable, and that's probably the important thing for a novel.
posted by empath at 7:34 AM on November 7, 2010
posted by empath at 7:34 AM on November 7, 2010
Response by poster: Well, it's more that I have experience with clueless school sysadmins, having been constantly horrified by their seeming inability to grasp things that even I knew were basic to maintaining networks. e.g. never bothering to check that the computer in the school staffroom had anti-virus updates, even though only sysadmin had the privileges to do so.
But I wanted to learn more about network security so that I could choose a potential plausible flaw, and figure out how a bright high school kid might exploit it. I am shying away from simply reading about what some kid did and copying that. Does that make sense? Or is it an unreasonable standard to be setting for myself?
posted by bardophile at 3:05 AM on November 8, 2010
But I wanted to learn more about network security so that I could choose a potential plausible flaw, and figure out how a bright high school kid might exploit it. I am shying away from simply reading about what some kid did and copying that. Does that make sense? Or is it an unreasonable standard to be setting for myself?
posted by bardophile at 3:05 AM on November 8, 2010
« Older Why won't my web page reflect changes in linked... | Brian Enoish song stuck in my head Newer »
This thread is closed to new comments.
That having been said, the game has changed substantially over the last few years, because of increasingly sophisticated social engineering techniques. To put it another way, what do you patch when the vulnerability being exploited lies between the ears of the person sitting in front of the computer? "Stopping stupid" is a big part of security management these days.
If you're near a library or bookstore, you may want to take a quick look at the "Stealing the Network" series of books. They provide semi-fictionalized accounts of real-world infosec attack and defense techniques.
posted by deadmessenger at 2:40 PM on November 6, 2010