Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
110101 A Laptop 101010010101 In Every 010101001010 Classroom 101010        Joe Schorr                     © Joseph P. Scho...
Introduction        Do you lose patience with        people that cant convert binary        to decimal at a glance?       ...
Agenda         Goals         Threats         Remediation         Lessons learned                           © Joseph P. Sch...
The Goals…     An environment that is…      Safe      Secure      Stable      Scalable       And…                         ...
They will never know…                        © Joseph P. Schorr 2003-04
Threat Management                                                   Stealth / Advanced  EXPERTISE REQUIRED                ...
Threats - State of the Web    75% of respondents to the FBI/CSI survey cite their Internet    connection as a point of att...
Threats - Closer to home    Servers and clients via broadband/DSL access    Home broadband/Cable/DSL access    Distributed...
A Simple Problem                               Local Network                              Reachable Total       Internet  ...
Just when we thought we „got it‟…                                    © Joseph P. Schorr 2003-11
Lesson 1…       “If you reveal your        secrets to the wind      you should not blame      the wind for revealing      ...
WLANs are broadcast networks and…                          Locators                              Windows XP              ...
… Sniffers love broadcast networks                 Ethereal                 AiroPeek                              © Jose...
“but whadda„bout WEP?”      Wired Equivalent Privacy was designed to      stop casual interception of data      It is not ...
Wireless Intrusion Detection     Look for WEP traffic from an unknown MAC     address     Identify rogue APs by scanning c...
Countermeasures Summary     Use WEP, dynamic if your hardware allows     Don’t use the default SSID     Don’t broadcast th...
The “Big Three” Lesson Learned                        Get focused                   Understand Global                   vs...
Big Lessons Learned    1)   Wireless “Security” is an oxymoron    2)   You are not secure    3)   Pick a great partner    ...
Name this man                © Joseph P. Schorr 2003-11
Big Lessons Learned   1) Wireless “Security” is an oxymoron   2) KISS   3) Pick a great partner   4) Start early   5) Take...
Little Lessons Learned   1)   Try multiple brands of Access Points and stress test   2)   Beat up your Telco, early and of...
Questions?             © Joseph P. Schorr 2003-11
010101010101010101010101010101010        Thank         You!          Contact me:   jpschorr@cybertage.org          LinkedI...
Upcoming SlideShare
Loading in …5
×

FETC - A Laptop in Every Classroom: Lessons Learned

710 views

Published on

Preso from a talk I delivered at the Florida Educational Technology Conference in 2004. The topic was lessons learned from building a high-tech high school from the ground up.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

FETC - A Laptop in Every Classroom: Lessons Learned

  1. 1. 110101 A Laptop 101010010101 In Every 010101001010 Classroom 101010 Joe Schorr © Joseph P. Schorr 2003-11
  2. 2. Introduction Do you lose patience with people that cant convert binary to decimal at a glance? Does your grandmother ever ask you what you do for a living, and after a 5-minute explanation, she blinks, then asks you what you do for a living? © Joseph P. Schorr 2003-11
  3. 3. Agenda Goals Threats Remediation Lessons learned © Joseph P. Schorr 2003-11
  4. 4. The Goals… An environment that is… Safe Secure Stable Scalable And… © Joseph P. Schorr 2003-11
  5. 5. They will never know… © Joseph P. Schorr 2003-04
  6. 6. Threat Management Stealth / Advanced EXPERTISE REQUIRED Scanning Techniques Hacker Denial of Tool Kits Packet Spoofing Service Sniffers DDoS Attacks Sweepers WWW Attacks Automated Probes/Scans Back Doors Disabling Audits GUI Network Management Diagnostics SOPHISTICATION Burglaries Hijacking Sessions Of TOOLS Exploiting Known Vulnerabilities Password Cracking Self-Replicating Code Password Guessing 1980 2010 © Joseph P. Schorr 2003-11
  7. 7. Threats - State of the Web 75% of respondents to the FBI/CSI survey cite their Internet connection as a point of attack 40% of respondents detected external penetrations/probes 85% of large corporations and government agencies detected computer security breaches 64% of respondents experienced malware infection, compared to 2008s 50% 29% experienced denial-of-service attacks, up from 2008s 21% 17% experienced password sniffing, up from 9% in 2008 14% experienced Web site defacement, up from 2008s 6% Over 1,000,000 WWW pages contain some form of Hacker Tools OS holes and bugs User privacy “sploits” Stalking issues Wireless © Joseph P. Schorr 2003-11
  8. 8. Threats - Closer to home Servers and clients via broadband/DSL access Home broadband/Cable/DSL access Distributed Denial of Service (DDoS) Zombie Attacks IM (Instant Messenger), IRQ, Chat Viruses SPAM Unsuitable Content Music, Games, Video Pop-ups Click-jacking WIRELESS ACCESS !!! © Joseph P. Schorr 2003-11
  9. 9. A Simple Problem Local Network Reachable Total Internet Network Network Any host on the Internet can attack every reachable node on your internal network. © Joseph P. Schorr 2003-11
  10. 10. Just when we thought we „got it‟… © Joseph P. Schorr 2003-11
  11. 11. Lesson 1… “If you reveal your secrets to the wind you should not blame the wind for revealing them to the trees.” -Khalil Gibran © Joseph P. Schorr 2003-11
  12. 12. WLANs are broadcast networks and… Locators  Windows XP  ApTools  NetStumbler  Kismet © Joseph P. Schorr 2003-11
  13. 13. … Sniffers love broadcast networks  Ethereal  AiroPeek © Joseph P. Schorr 2003-11
  14. 14. “but whadda„bout WEP?” Wired Equivalent Privacy was designed to stop casual interception of data It is not “on” by default Takes some overhead 64 and 128 Encryption Static, shared algorithm All nodes use the same key You can still capture traffic And if you can catch it… you can crack it! Airsnort WepCrack © Joseph P. Schorr 2003-11
  15. 15. Wireless Intrusion Detection Look for WEP traffic from an unknown MAC address Identify rogue APs by scanning channels Search for TCP/IP and UDP attack signatures in WEP encrypted traffic Monitor for high number of failed authentications  ISS Wireless Scanner  AiroPeek NX  AirMagnet  Air Defense © Joseph P. Schorr 2003-11
  16. 16. Countermeasures Summary Use WEP, dynamic if your hardware allows Don’t use the default SSID Don’t broadcast the SSID Don’t use an obvious name for SSID If VPN-ing, restrict access to VPN clients only Limit access of Wireless clients to sensitive resources Conduct periodic wireless audits Ongoing WIDS © Joseph P. Schorr 2003-11
  17. 17. The “Big Three” Lesson Learned Get focused Understand Global vs. Local threats Make the technology fit your goals – not the other way around © Joseph P. Schorr 2003-11
  18. 18. Big Lessons Learned 1) Wireless “Security” is an oxymoron 2) You are not secure 3) Pick a great partner 4) Start early 5) Take care of the perimeter 6) A Firewall will not protect you © Joseph P. Schorr 2003-11
  19. 19. Name this man © Joseph P. Schorr 2003-11
  20. 20. Big Lessons Learned 1) Wireless “Security” is an oxymoron 2) KISS 3) Pick a great partner 4) Start early 5) Take care of the perimeter 6) A firewall will not protect you 7) Control the laptop 8) Content Filter 9) Intrusion Detection 10)Test! © Joseph P. Schorr 2003-11
  21. 21. Little Lessons Learned 1) Try multiple brands of Access Points and stress test 2) Beat up your Telco, early and often 3) UPS the APs 4) Be prepared for breakage 5) Avoid “Do-everything” products 6) Don’t re-invent the wheel 7) “Walk around” 8) The kids are WAAAYYY smarter than you a) Disable Chat, IRQ, IM, Music, Games, Video 9) Establish teacher needs ASAP 10) RELAX! © Joseph P. Schorr 2003-11
  22. 22. Questions? © Joseph P. Schorr 2003-11
  23. 23. 010101010101010101010101010101010 Thank You! Contact me: jpschorr@cybertage.org LinkedIn: http://www.linkedin.com/in/jpschorr © Joseph P. Schorr 2003-11

×