Wednesday, November 28, 2007

Security Presentations

In an inevitable twist of academic logic, I'm taking Introduction to Network Security and Advanced Network Security in the same semester. Evidently, the school will not be able to offer Advanced Network Security till next year, so they allowed some of us to take both classes. Luckily, Advanced Network Security was only slighty more advanced than the Introductory class. Both classes have presented new material for me, and tickled my interest. I can watch movies like Hackers or Live Free or Die Hard, and know what they're talking about, or being slightly inaccurate about. I now know just how much a problem home users of Windows XP have to deal with, and also how much they unknowingly contribute to the problems.

Next week, I have to do a presentation in both classes. It can't be the same presentation either. I'm keeping my presentations simple, and on things I'm interested in.

In the Introductory class, I'm doing my presentation on Data Destruction. Specifically, I'm presenting Darik's Boot and Nuke -Dban. Organizations like Free Geek have to present their Data Destruction Policy up front, so people can feel safe about turning over their hard drives to us. I've created a Virtual Machine to show the actual program, a slide presentation to present specific information, and I'll probably show this video at the end:

If I don't need to show the video, at least you got to see how Dban works. Dban is also helpful if you want to reinstall an operating system. Simply reformatting your hard drive isn't always good enough. If you had an infection from a virus, or got spyware, or hacked through a vulnerability, your system can no longer be trusted. Dban it, reinstall and rebuild the system. As they said in Aliens, "Nuke it for morbid."

In my Advanced class, I'm presenting Truecrypt - an open source data encryption program. Steve Gibson discussed details about Truecrypt in Episode 41 of Security Now Podcast. I highly recommend Security Now for anyone interested in Network Security. I don't understand about half of what they say at the time, but as I learn more I think to myself, "Oh yeah. I heard that on Security Now." I'm learning how to use Truecrypt, but with my complete openness philosophy, I don't really have a need for it. There is a Truecrypt for Linux, but I'll learn that over the holidays. Maybe you have some files you'd like to keep from prying eyes. My presentation will look something like this:

Through these Security Classes, I've learned the most from listening to podcasts. Here are the main ones I listen to:
  • Network Security Podcast
    • Mostly current events and news. My favorite segment is "C-Level"- used to be called, "Dealing with the Suits" - how to deal with management.
  • Security Now
    • Very detailed explanations of specific security topics. I think the first 50 or so should be mandatory listening for the Intro class.
  • Pauldotcom
    • News and current events with commentary and analysis. Authors of Wireless hacking books. These guys are pretty funny too.
  • Security Round Table
    • Martin McKay from Network Security Podcast host a discussion with people in the business. This is a really good podcast if your interested in working in the Network Security field.
I can't say any one of them is better than the other. I've learned something from each show and each episode I listened to.

Throughout these classes, I've had an occasional thought: I wonder what an Operating System designed by Smith and Wesson would look like.

No comments: