Thursday, June 30, 2016

Classroom and training preparation


Recently I've been involved in training abroad, mostly Middle east and Asia, some interesting figures shows up. There is procedure when we negotiate training in someoneelse classroom, we always send a minimal requirements to training partner. Basically we have to get confirmation if we can use classroom,  
Somehow this procedure failed, recently we have almost 75% of partners provided classrooms not satisfying minimal requirements.  Incredible combination of wrong configurations, wrong OS, heavy infected machines, broken hardware, wrong type of machines (MACs instead of PCs), power problems, everything bundled up,  you just  mention it. In all this situation there was a common line, we were negotiating with another company who was than facilitating things, in fact we were never in touch with technical staff responsible for classroom. A broken phone problem. Looks like this is unsolvable issue cultural thing, so how to prevent or mitigate such problems ?
Obvious solution, one where  to quit course and force partner to accept responsibility and pay penalities for mistakes will not work. So we are left with be smart, plan, prepare and adopt in your budget limits, This rules out "bringing the whole HW and SW class in one big pelican box" a wonderful solution but way to costly.
To be honest I love to have even a small pelican box with me, something reliable in wilderness, but 
we can only  afford approach where pelican box is small one , with minimal HW :) 

On what facts we can rely :

  1. classrooms are based on intel machines 
    • mixes of configurations, from dual core 32 bit machines up, 
    • minimum  USB 2.0 ports, bootable from USB
    • various localisations keyboard layouts / languages
    • most of machines does not have CD workable drive 
  1. networking is usually there (wifi or wired) but can't be relied on
  2. computers are in various states of OS and SW anarchy 

Strategy to win such classroom :

1) we will use existing classroom computers but in safe and reliable way,

  • boot each student PC into reliable and safe linux configuration and use appropriate virtual machine for student work
  • boot can be from USB or over network or from CD (rarely)

2) for clasroom server use trainer or trainer backup machine

  • again use virtual machine 
  •  boot from safe boot source, usb or network or from CD (rarely)

3) for networking use existing infrastructure or wifi over usb and 3G/4G hotspot on local mobile device, can be challenging

From this requirements you can easily draw a list of HW and SW which fits into one small pelican box ,  but a huge set of planning, testing and preparations, I'll cover that later

13.7.2016 List of devices and tools for such classrom



Items
Tablet / smartphone as local 3G/4G wifi hotspot, 8 conncetions
USB 3.0 stick with write block HW switch, 32 GB or more
USB 3.0 HUB with 4 ports and power
USB wifi module with windows & linux drivers
Labtops: 64 bit 4 core, 3 HD, 16 GB+, 4 USB 3.0 ports, GB etherent
USB 3.0 external disks and enclOsures
(with encRyprtIon)
CD with various linux distributions
USB CD rom / DVD
PCMCIA usb 3.0 card
USB 3.0/2.0 cables
USB 3.0/2.0 connectros / gender changers
Powersupplies for all devices and spares
Extension cords, power connetors etc
Tools, labels, stickers
Pelican box

Monday, June 13, 2016

Some thougths on research, education and valorisation for cybersecuirty

Dhaka,
Bangladesh,
11.6.2016

Vision on research, education and valorization for cybersecurity

There is a huge problem based on the introduction of modern deeply penetrating computer based technologies into society and into personal life of every individual. The term cybersecurity is just one small but crucial part of controlling this problem or better to say understanding it. We do not yet understand how and why these technologies will change our society, we don't even have reliable definitions of cyber and cyber-related issues. Even among professionals in the field we don't have complete understanding or a good intuition, I don't like to mention other involved but deeply ignorant parts of society, from general population to top decision makers. For some of this issues we can find parallels in the past, my deep concern is that we are not understanding this processes, maybe we are even using wrong methods to explore and analyze situation. Some of this events looks more like biological and medical than technical phenomena, more like great medieval plaques when we observe behavior and possible impacts on our society.
For this reasons I believe cybersecurity should be looked on as something essential for modern society, practically like a role medicine have achieved today with same organizational approach to the society highly trained and highly ethical professionals and widespread general knowledge with practice of hygiene, in this case recently developed cyberhygine. The analogy should be even wider, we should think about introducing biological and medical ideas and concepts into our approach to cybersecurity.
In lecturing and research, we should concentrate on the good general IT knowledge and technical perspective in various technologies, proving students with skills and ability for fast adopting new knowledge. We should widen the knowledge of students providing them with social, legal and historical perspective for events and technologies what is crucial, I believe, for understanding future events and trends. Such approach is currently painfully missing leaving students without knowledge about interaction among technology society, history and law.
For example, network security is crucial part of the cybersecurity but for most of the current networking curriculums, networking is presented as just set of standards and developments. Networking in a sense of security needs a holistic description of technology development and its impact on society. In that context parallels with US DOD approach in solving railway transport problems during civil war and solving communication problems introducing TCP/IP in cold war looks very similar with very same effects on society, there are commonalities even in morphing and developing a new types of crimes. Without such approach networking especially TCP/IP is just technical issues of set of protocols, not something opening new social development, a whole new wild west frontier. Providing such historical, social and legal context to teaching we enable students to grasp dynamics and get better understanding of current events and future developments. Applying this approach to cybersecurity we have to provide students not only with historical context, but with legislative and human context of crime and law also. As to get better understanding on human element of “cyber” I believe we can introduce reading fictions authors like Stanislav Lem, Isaac Asimov because of their intriguing insight.
For IT side we should provide students with IT skills in programming (especially defensive programming), scripting languages, theory of operating systems, networking, language theory, digital forensics, system and network administrations and security, big data handling, artificial intelligence and other relevant IT and science fields (especially practical mathematical knowledge).
Teaching should include practical work and theory but in a sense that student should be able to solve problems using scientific methods based on accepted theoretical knowledge, not just doing repetitive hands-on tasks or being frozen in theoretical framework. The key quality will be stress on analyzing problem, understanding it, finding solution and implementing it with evaluation of results, not just trying tools and raw computing power. Also we should stress the ethical approach and legal problems in solving complex real situations. By my observations we should also include more women in cybersecurity education, not only because of lack of women in cybersecurity but at least because of qualities of better group work in solving problems.
To achieve this goal there should be adequate technical resources (laboratories, classrooms, simulators with appropriate tools and equipment), cooperation with other academia, business, law enforcement locally and internationally. Practical work can be done in virtual and simulated environments but there should be student exposure to physical equipment and real working conditions, minimum of 10% of practical should be with real hardware. Academic research should provide framework and improve practicals while practical problems and solutions should be based on theoretically predicted scenarios or conquered real life events. There should be mandatory involvement of lecturing personnel in practicals and in supporting of CERT type organization with goal to keep practical skills up to date and understanding student community. I should suggest rotational approach with 25% of personnel in lecturing theory, 25% doing practical with students, 25% doing research, liaison and 25% in other activities. To keep with development practical should be modified or replaced yearly a good measure will be 30% changed per year, same for the theoretical part.


Wednesday, June 1, 2016

EnCase direct servlet preview

I've done a short ppt on how direct servlet is created and used in EnCase. Recently we often have such  questions so to simplify my work I've done small ppt which follows manual and put in on the Slideshare. It is easier to discuss with ppt than with going trough manual pages.