SlideShare a Scribd company logo

FETC - A Laptop in Every Classroom: Lessons Learned

Joseph Schorr
Joseph Schorr

Preso from a talk I delivered at the Florida Educational Technology Conference in 2004. The topic was lessons learned from building a high-tech high school from the ground up.

Technology
1 of 23
Download to read offline
110101 A Laptop 101010 010101 In Every 0101010 01010 Classroom 101010 Joe Schorr © Joseph P. Schorr 2003-11
Introduction Do you lose patience with people that can't convert binary to decimal at a glance? Does your grandmother ever ask you what you do for a living, and after a 5-minute explanation, she blinks, then asks you what you do for a living? © Joseph P. Schorr 2003-11
Agenda Goals Threats Remediation Lessons learned © Joseph P. Schorr 2003-11
The Goals… An environment that is… Safe Secure Stable Scalable And… © Joseph P. Schorr 2003-11
They will never know… © Joseph P. Schorr 2003-04
Threat Management Stealth / Advanced EXPERTISE REQUIRED Scanning Techniques Hacker Denial of Tool Kits Packet Spoofing Service Sniffers DDoS Attacks Sweepers WWW Attacks Automated Probes/Scans Back Doors Disabling Audits GUI Network Management Diagnostics SOPHISTICATION Burglaries Hijacking Sessions Of TOOLS Exploiting Known Vulnerabilities Password Cracking Self-Replicating Code Password Guessing 1980 2010 © Joseph P. Schorr 2003-11
Threats - State of the Web 75% of respondents to the FBI/CSI survey cite their Internet connection as a point of attack 40% of respondents detected external penetrations/probes 85% of large corporations and government agencies detected computer security breaches 64% of respondents experienced malware infection, compared to 2008's 50% 29% experienced denial-of-service attacks, up from 2008's 21% 17% experienced password sniffing, up from 9% in 2008 14% experienced Web site defacement, up from 2008's 6% Over 1,000,000 WWW pages contain some form of Hacker Tools OS holes and bugs User privacy “sploits” Stalking issues Wireless © Joseph P. Schorr 2003-11
Threats - Closer to home Servers and clients via broadband/DSL access Home broadband/Cable/DSL access Distributed Denial of Service (DDoS) Zombie Attacks IM (Instant Messenger), IRQ, Chat Viruses SPAM Unsuitable Content Music, Games, Video Pop-ups Click-jacking WIRELESS ACCESS !!! © Joseph P. Schorr 2003-11
A Simple Problem Local Network Reachable Total Internet Network Network Any host on the Internet can attack every reachable node on your internal network. © Joseph P. Schorr 2003-11
Just when we thought we „got it‟… © Joseph P. Schorr 2003-11
Lesson 1… “If you reveal your secrets to the wind you should not blame the wind for revealing them to the trees.” -Khalil Gibran © Joseph P. Schorr 2003-11
WLANs are broadcast networks and… Locators  Windows XP  ApTools  NetStumbler  Kismet © Joseph P. Schorr 2003-11
… Sniffers love broadcast networks  Ethereal  AiroPeek © Joseph P. Schorr 2003-11
“but whadda„bout WEP?” Wired Equivalent Privacy was designed to stop casual interception of data It is not “on” by default Takes some overhead 64 and 128 Encryption Static, shared algorithm All nodes use the same key You can still capture traffic And if you can catch it… you can crack it! Airsnort WepCrack © Joseph P. Schorr 2003-11
Wireless Intrusion Detection Look for WEP traffic from an unknown MAC address Identify rogue APs by scanning channels Search for TCP/IP and UDP attack signatures in WEP encrypted traffic Monitor for high number of failed authentications  ISS Wireless Scanner  AiroPeek NX  AirMagnet  Air Defense © Joseph P. Schorr 2003-11
Countermeasures Summary Use WEP, dynamic if your hardware allows Don’t use the default SSID Don’t broadcast the SSID Don’t use an obvious name for SSID If VPN-ing, restrict access to VPN clients only Limit access of Wireless clients to sensitive resources Conduct periodic wireless audits Ongoing WIDS © Joseph P. Schorr 2003-11
The “Big Three” Lesson Learned Get focused Understand Global vs. Local threats Make the technology fit your goals – not the other way around © Joseph P. Schorr 2003-11
Big Lessons Learned 1) Wireless “Security” is an oxymoron 2) You are not secure 3) Pick a great partner 4) Start early 5) Take care of the perimeter 6) A Firewall will not protect you © Joseph P. Schorr 2003-11
Name this man © Joseph P. Schorr 2003-11
Big Lessons Learned 1) Wireless “Security” is an oxymoron 2) KISS 3) Pick a great partner 4) Start early 5) Take care of the perimeter 6) A firewall will not protect you 7) Control the laptop 8) Content Filter 9) Intrusion Detection 10)Test! © Joseph P. Schorr 2003-11
Little Lessons Learned 1) Try multiple brands of Access Points and stress test 2) Beat up your Telco, early and often 3) UPS the APs 4) Be prepared for breakage 5) Avoid “Do-everything” products 6) Don’t re-invent the wheel 7) “Walk around” 8) The kids are WAAAYYY smarter than you a) Disable Chat, IRQ, IM, Music, Games, Video 9) Establish teacher needs ASAP 10) RELAX! © Joseph P. Schorr 2003-11
Questions? © Joseph P. Schorr 2003-11
010101010101010101010101010101010 Thank You! Contact me: jpschorr@cybertage.org LinkedIn: http://www.linkedin.com/in/jpschorr © Joseph P. Schorr 2003-11

Recommended

Module7 wireless security-b
Module7 wireless security-bModule7 wireless security-b
Module7 wireless security-b
BbAOC
 
Sarwono sutikno + yoko acc cybervulnerability risk and control for evolving...
Sarwono sutikno + yoko acc cybervulnerability risk and control for evolving...Sarwono sutikno + yoko acc cybervulnerability risk and control for evolving...
Sarwono sutikno + yoko acc cybervulnerability risk and control for evolving...
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
IoT security
IoT securityIoT security
IoT security
Abhishek Dwivedi
 
3 Nir Zuk Modern Malware Jun 2011
3 Nir Zuk Modern Malware Jun 20113 Nir Zuk Modern Malware Jun 2011
3 Nir Zuk Modern Malware Jun 2011
davidmaciaalcaide
 
Eset India General Presentation
Eset India General PresentationEset India General Presentation
Eset India General Presentation
Ksenia Kondratieva
 
Ebuddy
EbuddyEbuddy
Ebuddyclaudiapalmaguillen
 
Lloyd's Register presentation to 1st blue shipping summit 2011
Lloyd's Register presentation to 1st blue shipping summit 2011Lloyd's Register presentation to 1st blue shipping summit 2011
Lloyd's Register presentation to 1st blue shipping summit 2011
Lloyd's Register
 
Nor-shipping stand build 2011
Nor-shipping stand build 2011Nor-shipping stand build 2011
Nor-shipping stand build 2011
Lloyd's Register
 

Recommended

Module7 wireless security-b
Module7 wireless security-bModule7 wireless security-b
Module7 wireless security-b
BbAOC
 
Sarwono sutikno + yoko acc cybervulnerability risk and control for evolving...
Sarwono sutikno + yoko acc cybervulnerability risk and control for evolving...Sarwono sutikno + yoko acc cybervulnerability risk and control for evolving...
Sarwono sutikno + yoko acc cybervulnerability risk and control for evolving...
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
IoT security
IoT securityIoT security
IoT security
Abhishek Dwivedi
 
3 Nir Zuk Modern Malware Jun 2011
3 Nir Zuk Modern Malware Jun 20113 Nir Zuk Modern Malware Jun 2011
3 Nir Zuk Modern Malware Jun 2011
davidmaciaalcaide
 
Eset India General Presentation
Eset India General PresentationEset India General Presentation
Eset India General Presentation
Ksenia Kondratieva
 
Ebuddy
EbuddyEbuddy
Ebuddyclaudiapalmaguillen
 
Lloyd's Register presentation to 1st blue shipping summit 2011
Lloyd's Register presentation to 1st blue shipping summit 2011Lloyd's Register presentation to 1st blue shipping summit 2011
Lloyd's Register presentation to 1st blue shipping summit 2011
Lloyd's Register
 
Nor-shipping stand build 2011
Nor-shipping stand build 2011Nor-shipping stand build 2011
Nor-shipping stand build 2011
Lloyd's Register
 
Weaponizing the Nokia N900 -- TakeDownCon, Dallas, 2011
Weaponizing the Nokia N900 -- TakeDownCon, Dallas, 2011Weaponizing the Nokia N900 -- TakeDownCon, Dallas, 2011
Weaponizing the Nokia N900 -- TakeDownCon, Dallas, 2011
shawn_merdinger
 
Rule 1: Cardio (and some other rules to keep intruders out)
Rule 1: Cardio (and some other rules to keep intruders out)Rule 1: Cardio (and some other rules to keep intruders out)
Rule 1: Cardio (and some other rules to keep intruders out)
Joseph Schorr
 
Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.
Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.
Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.
Tripwire
 
Pegasus Spyware - What You Need to Know
Pegasus Spyware - What You Need to KnowPegasus Spyware - What You Need to Know
Pegasus Spyware - What You Need to Know
Skycure
 
pegasus-whatyouneedtoknow-160916194631 (1).pdf
pegasus-whatyouneedtoknow-160916194631 (1).pdfpegasus-whatyouneedtoknow-160916194631 (1).pdf
pegasus-whatyouneedtoknow-160916194631 (1).pdf
064ChetanWani
 
Internet security lessons for IoT
Internet security lessons for IoTInternet security lessons for IoT
Internet security lessons for IoT
Dirk Zittersteyn
 
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02
Mark Evertz
 
IoT Attack Surfaces -- DEFCON 2015
IoT Attack Surfaces -- DEFCON 2015IoT Attack Surfaces -- DEFCON 2015
IoT Attack Surfaces -- DEFCON 2015
Daniel Miessler
 
Dns Hardening Linux Os
Dns Hardening Linux OsDns Hardening Linux Os
Dns Hardening Linux Os
ecarrow
 
Lecture 11 B Security
Lecture 11 B SecurityLecture 11 B Security
Lecture 11 B Security
Sur College of Applied Sciences
 
Invited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open SourceInvited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open Source
hack33
 
iOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3miOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3m
Prem Kumar (OSCP)
 
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Zoltan Balazs
 
Mobile Day - App (In)security
Mobile Day - App (In)securityMobile Day - App (In)security
Mobile Day - App (In)security
Software Guru
 
Keynote fx try harder 2 be yourself
Keynote fx try harder 2 be yourselfKeynote fx try harder 2 be yourself
Keynote fx try harder 2 be yourself
DefconRussia
 
Csi Netsec 2006 Poor Mans Guide Merdinger
Csi Netsec 2006 Poor Mans Guide MerdingerCsi Netsec 2006 Poor Mans Guide Merdinger
Csi Netsec 2006 Poor Mans Guide Merdinger
shawn_merdinger
 
Rr 7944
Rr 7944Rr 7944
Rr 7944
fangjiafu
 
Praetorian Veracode Webinar - Mobile Privacy
Praetorian Veracode Webinar - Mobile PrivacyPraetorian Veracode Webinar - Mobile Privacy
Praetorian Veracode Webinar - Mobile Privacy
Tyler Shields
 
Super Barcode Training Camp - Motorola AirDefense Wireless Security Presentation
Super Barcode Training Camp - Motorola AirDefense Wireless Security PresentationSuper Barcode Training Camp - Motorola AirDefense Wireless Security Presentation
Super Barcode Training Camp - Motorola AirDefense Wireless Security Presentation
System ID Warehouse
 
Number one-issue-voip-today-fraud
Number one-issue-voip-today-fraudNumber one-issue-voip-today-fraud
Number one-issue-voip-today-fraud
Flavio Eduardo de Andrade Goncalves
 
Retail security-services--client-presentation
Retail security-services--client-presentationRetail security-services--client-presentation
Retail security-services--client-presentation
Joseph Schorr
 
Spear Phishing Defense
Spear Phishing DefenseSpear Phishing Defense
Spear Phishing Defense
Joseph Schorr
 

More Related Content

Similar to FETC - A Laptop in Every Classroom: Lessons Learned

Weaponizing the Nokia N900 -- TakeDownCon, Dallas, 2011
Weaponizing the Nokia N900 -- TakeDownCon, Dallas, 2011Weaponizing the Nokia N900 -- TakeDownCon, Dallas, 2011
Weaponizing the Nokia N900 -- TakeDownCon, Dallas, 2011
shawn_merdinger
 
Rule 1: Cardio (and some other rules to keep intruders out)
Rule 1: Cardio (and some other rules to keep intruders out)Rule 1: Cardio (and some other rules to keep intruders out)
Rule 1: Cardio (and some other rules to keep intruders out)
Joseph Schorr
 
Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.
Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.
Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.
Tripwire
 
Pegasus Spyware - What You Need to Know
Pegasus Spyware - What You Need to KnowPegasus Spyware - What You Need to Know
Pegasus Spyware - What You Need to Know
Skycure
 
pegasus-whatyouneedtoknow-160916194631 (1).pdf
pegasus-whatyouneedtoknow-160916194631 (1).pdfpegasus-whatyouneedtoknow-160916194631 (1).pdf
pegasus-whatyouneedtoknow-160916194631 (1).pdf
064ChetanWani
 
Internet security lessons for IoT
Internet security lessons for IoTInternet security lessons for IoT
Internet security lessons for IoT
Dirk Zittersteyn
 
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02
Mark Evertz
 
IoT Attack Surfaces -- DEFCON 2015
IoT Attack Surfaces -- DEFCON 2015IoT Attack Surfaces -- DEFCON 2015
IoT Attack Surfaces -- DEFCON 2015
Daniel Miessler
 
Dns Hardening Linux Os
Dns Hardening Linux OsDns Hardening Linux Os
Dns Hardening Linux Os
ecarrow
 
Lecture 11 B Security
Lecture 11 B SecurityLecture 11 B Security
Lecture 11 B Security
Sur College of Applied Sciences
 
Invited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open SourceInvited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open Source
hack33
 
iOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3miOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3m
Prem Kumar (OSCP)
 
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Zoltan Balazs
 
Mobile Day - App (In)security
Mobile Day - App (In)securityMobile Day - App (In)security
Mobile Day - App (In)security
Software Guru
 
Keynote fx try harder 2 be yourself
Keynote fx try harder 2 be yourselfKeynote fx try harder 2 be yourself
Keynote fx try harder 2 be yourself
DefconRussia
 
Csi Netsec 2006 Poor Mans Guide Merdinger
Csi Netsec 2006 Poor Mans Guide MerdingerCsi Netsec 2006 Poor Mans Guide Merdinger
Csi Netsec 2006 Poor Mans Guide Merdinger
shawn_merdinger
 
Rr 7944
Rr 7944Rr 7944
Rr 7944
fangjiafu
 
Praetorian Veracode Webinar - Mobile Privacy
Praetorian Veracode Webinar - Mobile PrivacyPraetorian Veracode Webinar - Mobile Privacy
Praetorian Veracode Webinar - Mobile Privacy
Tyler Shields
 
Super Barcode Training Camp - Motorola AirDefense Wireless Security Presentation
Super Barcode Training Camp - Motorola AirDefense Wireless Security PresentationSuper Barcode Training Camp - Motorola AirDefense Wireless Security Presentation
Super Barcode Training Camp - Motorola AirDefense Wireless Security Presentation
System ID Warehouse
 
Number one-issue-voip-today-fraud
Number one-issue-voip-today-fraudNumber one-issue-voip-today-fraud
Number one-issue-voip-today-fraud
Flavio Eduardo de Andrade Goncalves
 

Similar to FETC - A Laptop in Every Classroom: Lessons Learned (20)

Weaponizing the Nokia N900 -- TakeDownCon, Dallas, 2011
Weaponizing the Nokia N900 -- TakeDownCon, Dallas, 2011Weaponizing the Nokia N900 -- TakeDownCon, Dallas, 2011
Weaponizing the Nokia N900 -- TakeDownCon, Dallas, 2011
 
Rule 1: Cardio (and some other rules to keep intruders out)
Rule 1: Cardio (and some other rules to keep intruders out)Rule 1: Cardio (and some other rules to keep intruders out)
Rule 1: Cardio (and some other rules to keep intruders out)
 
Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.
Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.
Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.
 
Pegasus Spyware - What You Need to Know
Pegasus Spyware - What You Need to KnowPegasus Spyware - What You Need to Know
Pegasus Spyware - What You Need to Know
 
pegasus-whatyouneedtoknow-160916194631 (1).pdf
pegasus-whatyouneedtoknow-160916194631 (1).pdfpegasus-whatyouneedtoknow-160916194631 (1).pdf
pegasus-whatyouneedtoknow-160916194631 (1).pdf
 
Internet security lessons for IoT
Internet security lessons for IoTInternet security lessons for IoT
Internet security lessons for IoT
 
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02
 
IoT Attack Surfaces -- DEFCON 2015
IoT Attack Surfaces -- DEFCON 2015IoT Attack Surfaces -- DEFCON 2015
IoT Attack Surfaces -- DEFCON 2015
 
Dns Hardening Linux Os
Dns Hardening Linux OsDns Hardening Linux Os
Dns Hardening Linux Os
 
Lecture 11 B Security
Lecture 11 B SecurityLecture 11 B Security
Lecture 11 B Security
 
Invited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open SourceInvited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open Source
 
iOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3miOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3m
 
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
 
Mobile Day - App (In)security
Mobile Day - App (In)securityMobile Day - App (In)security
Mobile Day - App (In)security
 
Keynote fx try harder 2 be yourself
Keynote fx try harder 2 be yourselfKeynote fx try harder 2 be yourself
Keynote fx try harder 2 be yourself
 
Csi Netsec 2006 Poor Mans Guide Merdinger
Csi Netsec 2006 Poor Mans Guide MerdingerCsi Netsec 2006 Poor Mans Guide Merdinger
Csi Netsec 2006 Poor Mans Guide Merdinger
 
Rr 7944
Rr 7944Rr 7944
Rr 7944
 
Praetorian Veracode Webinar - Mobile Privacy
Praetorian Veracode Webinar - Mobile PrivacyPraetorian Veracode Webinar - Mobile Privacy
Praetorian Veracode Webinar - Mobile Privacy
 
Super Barcode Training Camp - Motorola AirDefense Wireless Security Presentation
Super Barcode Training Camp - Motorola AirDefense Wireless Security PresentationSuper Barcode Training Camp - Motorola AirDefense Wireless Security Presentation
Super Barcode Training Camp - Motorola AirDefense Wireless Security Presentation
 
Number one-issue-voip-today-fraud
Number one-issue-voip-today-fraudNumber one-issue-voip-today-fraud
Number one-issue-voip-today-fraud
 

More from Joseph Schorr

Retail security-services--client-presentation
Retail security-services--client-presentationRetail security-services--client-presentation
Retail security-services--client-presentation
Joseph Schorr
 
Spear Phishing Defense
Spear Phishing DefenseSpear Phishing Defense
Spear Phishing Defense
Joseph Schorr
 
Security awarenesspreso draft-v-11
Security awarenesspreso draft-v-11Security awarenesspreso draft-v-11
Security awarenesspreso draft-v-11
Joseph Schorr
 
APT Webinar
APT WebinarAPT Webinar
APT Webinar
Joseph Schorr
 
CBI Threat Landscape Webinar
CBI Threat Landscape WebinarCBI Threat Landscape Webinar
CBI Threat Landscape Webinar
Joseph Schorr
 
HIPAA Preso
HIPAA PresoHIPAA Preso
HIPAA Preso
Joseph Schorr
 
Information Security - The Basics
Information Security - The BasicsInformation Security - The Basics
Information Security - The Basics
Joseph Schorr
 

More from Joseph Schorr (7)

Retail security-services--client-presentation
Retail security-services--client-presentationRetail security-services--client-presentation
Retail security-services--client-presentation
 
Spear Phishing Defense
Spear Phishing DefenseSpear Phishing Defense
Spear Phishing Defense
 
Security awarenesspreso draft-v-11
Security awarenesspreso draft-v-11Security awarenesspreso draft-v-11
Security awarenesspreso draft-v-11
 
APT Webinar
APT WebinarAPT Webinar
APT Webinar
 
CBI Threat Landscape Webinar
CBI Threat Landscape WebinarCBI Threat Landscape Webinar
CBI Threat Landscape Webinar
 
HIPAA Preso
HIPAA PresoHIPAA Preso
HIPAA Preso
 
Information Security - The Basics
Information Security - The BasicsInformation Security - The Basics
Information Security - The Basics
 

Recently uploaded

PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptxPRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
christinelarrosa
 
Demystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through StorytellingDemystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through Storytelling
Enterprise Knowledge
 
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving
 
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
Fwdays
 
Introducing BoxLang : A new JVM language for productivity and modularity!
Introducing BoxLang : A new JVM language for productivity and modularity!Introducing BoxLang : A new JVM language for productivity and modularity!
Introducing BoxLang : A new JVM language for productivity and modularity!
Ortus Solutions, Corp
 
Leveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and StandardsLeveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and Standards
Neo4j
 
Discover the Unseen: Tailored Recommendation of Unwatched Content
Discover the Unseen: Tailored Recommendation of Unwatched ContentDiscover the Unseen: Tailored Recommendation of Unwatched Content
Discover the Unseen: Tailored Recommendation of Unwatched Content
ScyllaDB
 
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdfLee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
leebarnesutopia
 
"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota
Fwdays
 
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
Jason Yip
 
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeckPoznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
FilipTomaszewski5
 
What is an RPA CoE? Session 2 – CoE Roles
What is an RPA CoE? Session 2 – CoE RolesWhat is an RPA CoE? Session 2 – CoE Roles
What is an RPA CoE? Session 2 – CoE Roles
DianaGray10
 
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
Safe Software
 
Christine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptxChristine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptx
christinelarrosa
 
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham HillinQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
LizaNolte
 
AppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSFAppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSF
Ajin Abraham
 
AWS Certified Solutions Architect Associate (SAA-C03)
AWS Certified Solutions Architect Associate (SAA-C03)AWS Certified Solutions Architect Associate (SAA-C03)
AWS Certified Solutions Architect Associate (SAA-C03)
HarpalGohil4
 
Principle of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptxPrinciple of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptx
BibashShahi
 
"What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w..."What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w...
Fwdays
 
Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
Ivo Velitchkov
 

Recently uploaded (20)

PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptxPRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
 
Demystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through StorytellingDemystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through Storytelling
 
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024
 
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
 
Introducing BoxLang : A new JVM language for productivity and modularity!
Introducing BoxLang : A new JVM language for productivity and modularity!Introducing BoxLang : A new JVM language for productivity and modularity!
Introducing BoxLang : A new JVM language for productivity and modularity!
 
Leveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and StandardsLeveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and Standards
 
Discover the Unseen: Tailored Recommendation of Unwatched Content
Discover the Unseen: Tailored Recommendation of Unwatched ContentDiscover the Unseen: Tailored Recommendation of Unwatched Content
Discover the Unseen: Tailored Recommendation of Unwatched Content
 
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdfLee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
 
"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota
 
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
 
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeckPoznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
 
What is an RPA CoE? Session 2 – CoE Roles
What is an RPA CoE? Session 2 – CoE RolesWhat is an RPA CoE? Session 2 – CoE Roles
What is an RPA CoE? Session 2 – CoE Roles
 
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
 
Christine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptxChristine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptx
 
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham HillinQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
 
AppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSFAppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSF
 
AWS Certified Solutions Architect Associate (SAA-C03)
AWS Certified Solutions Architect Associate (SAA-C03)AWS Certified Solutions Architect Associate (SAA-C03)
AWS Certified Solutions Architect Associate (SAA-C03)
 
Principle of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptxPrinciple of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptx
 
"What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w..."What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w...
 
Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
 

FETC - A Laptop in Every Classroom: Lessons Learned

  • 1. 110101 A Laptop 101010 010101 In Every 0101010 01010 Classroom 101010 Joe Schorr © Joseph P. Schorr 2003-11
  • 2. Introduction Do you lose patience with people that can't convert binary to decimal at a glance? Does your grandmother ever ask you what you do for a living, and after a 5-minute explanation, she blinks, then asks you what you do for a living? © Joseph P. Schorr 2003-11
  • 3. Agenda Goals Threats Remediation Lessons learned © Joseph P. Schorr 2003-11
  • 4. The Goals… An environment that is… Safe Secure Stable Scalable And… © Joseph P. Schorr 2003-11
  • 5. They will never know… © Joseph P. Schorr 2003-04
  • 6. Threat Management Stealth / Advanced EXPERTISE REQUIRED Scanning Techniques Hacker Denial of Tool Kits Packet Spoofing Service Sniffers DDoS Attacks Sweepers WWW Attacks Automated Probes/Scans Back Doors Disabling Audits GUI Network Management Diagnostics SOPHISTICATION Burglaries Hijacking Sessions Of TOOLS Exploiting Known Vulnerabilities Password Cracking Self-Replicating Code Password Guessing 1980 2010 © Joseph P. Schorr 2003-11
  • 7. Threats - State of the Web 75% of respondents to the FBI/CSI survey cite their Internet connection as a point of attack 40% of respondents detected external penetrations/probes 85% of large corporations and government agencies detected computer security breaches 64% of respondents experienced malware infection, compared to 2008's 50% 29% experienced denial-of-service attacks, up from 2008's 21% 17% experienced password sniffing, up from 9% in 2008 14% experienced Web site defacement, up from 2008's 6% Over 1,000,000 WWW pages contain some form of Hacker Tools OS holes and bugs User privacy “sploits” Stalking issues Wireless © Joseph P. Schorr 2003-11
  • 8. Threats - Closer to home Servers and clients via broadband/DSL access Home broadband/Cable/DSL access Distributed Denial of Service (DDoS) Zombie Attacks IM (Instant Messenger), IRQ, Chat Viruses SPAM Unsuitable Content Music, Games, Video Pop-ups Click-jacking WIRELESS ACCESS !!! © Joseph P. Schorr 2003-11
  • 9. A Simple Problem Local Network Reachable Total Internet Network Network Any host on the Internet can attack every reachable node on your internal network. © Joseph P. Schorr 2003-11
  • 10. Just when we thought we „got it‟… © Joseph P. Schorr 2003-11
  • 11. Lesson 1… “If you reveal your secrets to the wind you should not blame the wind for revealing them to the trees.” -Khalil Gibran © Joseph P. Schorr 2003-11
  • 12. WLANs are broadcast networks and… Locators  Windows XP  ApTools  NetStumbler  Kismet © Joseph P. Schorr 2003-11
  • 13. … Sniffers love broadcast networks  Ethereal  AiroPeek © Joseph P. Schorr 2003-11
  • 14. “but whadda„bout WEP?” Wired Equivalent Privacy was designed to stop casual interception of data It is not “on” by default Takes some overhead 64 and 128 Encryption Static, shared algorithm All nodes use the same key You can still capture traffic And if you can catch it… you can crack it! Airsnort WepCrack © Joseph P. Schorr 2003-11
  • 15. Wireless Intrusion Detection Look for WEP traffic from an unknown MAC address Identify rogue APs by scanning channels Search for TCP/IP and UDP attack signatures in WEP encrypted traffic Monitor for high number of failed authentications  ISS Wireless Scanner  AiroPeek NX  AirMagnet  Air Defense © Joseph P. Schorr 2003-11
  • 16. Countermeasures Summary Use WEP, dynamic if your hardware allows Don’t use the default SSID Don’t broadcast the SSID Don’t use an obvious name for SSID If VPN-ing, restrict access to VPN clients only Limit access of Wireless clients to sensitive resources Conduct periodic wireless audits Ongoing WIDS © Joseph P. Schorr 2003-11
  • 17. The “Big Three” Lesson Learned Get focused Understand Global vs. Local threats Make the technology fit your goals – not the other way around © Joseph P. Schorr 2003-11
  • 18. Big Lessons Learned 1) Wireless “Security” is an oxymoron 2) You are not secure 3) Pick a great partner 4) Start early 5) Take care of the perimeter 6) A Firewall will not protect you © Joseph P. Schorr 2003-11
  • 19. Name this man © Joseph P. Schorr 2003-11
  • 20. Big Lessons Learned 1) Wireless “Security” is an oxymoron 2) KISS 3) Pick a great partner 4) Start early 5) Take care of the perimeter 6) A firewall will not protect you 7) Control the laptop 8) Content Filter 9) Intrusion Detection 10)Test! © Joseph P. Schorr 2003-11
  • 21. Little Lessons Learned 1) Try multiple brands of Access Points and stress test 2) Beat up your Telco, early and often 3) UPS the APs 4) Be prepared for breakage 5) Avoid “Do-everything” products 6) Don’t re-invent the wheel 7) “Walk around” 8) The kids are WAAAYYY smarter than you a) Disable Chat, IRQ, IM, Music, Games, Video 9) Establish teacher needs ASAP 10) RELAX! © Joseph P. Schorr 2003-11
  • 22. Questions? © Joseph P. Schorr 2003-11
  • 23. 010101010101010101010101010101010 Thank You! Contact me: jpschorr@cybertage.org LinkedIn: http://www.linkedin.com/in/jpschorr © Joseph P. Schorr 2003-11