opinions wanted (computer forensics)

My son has just started a computer forensics degree and has just finished his first asignment ,i understand little of this ,so i wondered if any of the techies on CF would care to give their opinion .I actually found it an interesting read for a not so techie person

http://www.cableforum.co.uk/board/at...1&d=1297190948

A question on the non-technical side.

He has put a bibliography at the end - is this to show his depth/width of background reading, or is it to cross-reference his sources (if so, which referencing system has he been requested to use)?

Quote:

Originally Posted by Hugh

A question on the non-technical side.

He has put a bibliography at the end - is this to show his depth/width of background reading, or is it to cross-reference his sources (if so, which referencing system has he been requested to use)?

I did ask what were the sources and have they been verified as accurate before he used them and basically the bibliography is to show what his sources were and what he has used as research and also to give credit to the people who wrote them as most are copyrighted ,he was told to use the Harvard system for referencing ,whatever that means ,he seems to know but it's straight over a window fitters head

He probably needs to read up on the usage of Harvard Referencing (or ask one of the Uni Library staff to explain it).

If it helps, here's an example of Harvard Referencing (from an essay I wrote last year.....)

In the document text

Quote:

This increase in funding had led to a increase in student numbers nationwide of 44% (Times Higher 2010 THES2), and at the University, student numbers had risen from nn,nnn in 1997 (HESA 1997 H1) to nn,nnn in 2008 (HESA 2008 H2), with a growing willingness amongst the Student population to highlight issues they believed needed to be addressed, such as teaching spaces and provision, and the associated infrastructure and support......

.....Burns (Burns 1978) made the distinction between transactional and transformational leadership, and Bass (Bass 1985) expanded on this. Transactional leaders motivate followers by exchanging or withholding rewards for services rendered, whilst transformational leader move followers upwards on Maslow’s Hierarchy (Maslow 1954), from the needs for safety & security to work for higher goals and self-actualising needs.

In the Bibliography

Quote:

References
Burns, J. M. (1978). Leadership
Bass, B.M (1985) Leadership and Performance Beyond Expectations
Bass, B.M. (1997) Transformational Leadership: Industrial, Military and Educational Impact
Bass, B.M. & Avolio, B.J. (1993) Improving Organisational Effectiveness through Transformational Leadership
Boulding, K.E. (1989) Three Faces of Power
Maslow, A.(1954) Theory of Human Motivation
Nadler, D.A. & Tushman, M.L (1990) Beyond the Charismatic Leader: Leadership and Organisational Change

Web Pages
THES2 – Times Higher Education Supplement 21st January 2010 - http://www.timeshighereducation.co.uk/story.asp?storycode=410110 – date accessed 1st May 2010
H1 - Higher Education Statistics Agency 1997 - Student numbers, line nn - http://www.hesa.ac.uk/dox/dataTables/studentsAndQualifiers/download/institution9798.csv?v=1.0 Accessed 2nd May 2010
H2 - Higher Education Statistics Agency 1997 - Student numbers, line nn - http://www.hesa.ac.uk/dox/dataTables/studentsAndQualifiers/download/institution0809.xls?v=1.0 Accessed 2nd May 2010

You put a short reference to the source author/book/web page/article in brackets next to the quote/reference, and then the full title/year/date accessed in the references section.

Hope this helps.

btw, I notice he had put wikipedia as one of his sources - he probably needs to check if this is acceptable at his institution.

Quote:

Originally Posted by Hugh

He probably needs to read up on the usage of Harvard Referencing (or ask one of the Uni Library staff to explain it).

If it helps, here's an example of Harvard Referencing (from an essay I wrote last year.....)

In the document text

In the Bibliography
You put a short reference to the source author/book/web page/article in brackets next to the quote/reference, and then the full title/year/date accessed in the references section.

Hope this helps.

btw, I notice he had put wikipedia as one of his sources - he probably needs to check if this is acceptable at his institution.

Thanks for the advice Hugh i will get him to check on the use of wiki and have another look at the referencing

I suppose that the use of wiki depends on their source which is usually listed at the bottom of the page

[gazzae]

The but about MAC computers doesn't make sense, anything on a network will have a MAC address.

Also the bit below doesn't make sense to me...

Quote:

The static IP address change means that the IP addresses changes every
so often so that a hacker can try to put in the IP address but it won’t be the company’s.

[haydnwalker]

He means Dynamic IP addressing in that bit about static...looks like he's got confused

And he's spelt "Abstract" as "Abbstract" in the first page

Computery people will pick up stuff like that and get marked down for not using spell-check

[Matty_]

As gazzae states there are a few bits that need amending. Something that could also look good is if he mentioned that the Stuxnet worm used digitally signed files, maybe explain a bit about digital signatures and there uses.
Maybe also state to change the SSID to a unique name, and change the default passwords
He could also expand on the way Anon use DDoS by mentioning the Low Orbit Ion Canon and how this floods a server with hundreds of data packets thus causing it to crash.
Also at the start 2.Introduction should be "without authorisation"

p.s. Forgot to say nice read, well done to the lad...

[haydnwalker]

also - "unauthorized" is actually "unauthorised" but spell check wouldn't pick that up, because it's the american spelling

---------- Post added at 12:01 ---------- Previous post was at 11:57 ----------

Also - on a bit of an addition, he hasn't mentioned NAT (Network Address Translation) in the bit about unauthorised network access part... NAT is important as it separates external IP's from Internal IPs and is a security feature also.

A company that doesn't use NAT, may give each PC an externally accessible IP address, whereas with NAT, you only need one (or a few) external IP addresses, and so all company computers aren't as easily hacked into.

[Pog66]

There also seems to be a bit of a mismatch between the Introduction which mentions

Quote:

concerned about how employees use the wireless networks to illegally download or to commit any other crimes with authorisation, which would in time damage the company’s reputation

Yet the relevant section talks more about "wardriving" which is suggests passers-by accessing the company wifi rather than employees which is a differant subject altogether. Providing strong encryption and access control will inhibit the wardriver but not stop illegal activity from employees who ARE authorised to use it. . I would mention tools to monitor employees access (Ironport being one example) in this section.

Could also do with some of the technical info being tightened up as mentioned about re: MAC addresses and SSID is not strictly the same as a Network name - but that may be just being pedantic! Also talks quite a bit about WEP but little on WPA which is also heavily used.

Not a bad read though!!

He needs to correct this ;

Quote:

Secondly if the company uses MAC computers you can use MAC filtering. It requires all of the MAC address to be inserted manually but it stops all MAC computers with a disallowed MAC address to enter the Wi-Fi.

He seems to be confusing Mac Computers with MAC addresses and filtering - the two "Macs" are not related. One is a brand of PC, the other is low level Network addressing.

[Horace]

Quote:

To prevent unauthorized access to the wireless network firstly the password should be
changed to more secure types such as PSK, WPA2 or WPA. This is more reliable then
outdated WEP.

Modified to be technically correct using his own wording :

To prevent unauthorised access to the wireless network firstly the wireless encryption type should be changed to more secure types such as WPA2 or WPA. These are more secure than outdated WEP

PSK is not a completely different encryption type which the quoted statement would imply. PSK (pre-shared key) defines how the WPA key itself is distributed. Without going into the complexities of encryption types and radius servers it would be simpler and correct to state WPA2(PSK) or WPA(PSK) using either TKIP or AES encryption.

[jamiefrost]

Just general feedback,

He talks about the use of aircrack for WEP and WAP-PSK, then goes on to say the use of WPA_PSK.

'To prevent unauthorized access to the wireless network firstly the password should be changed to more secure types such as PSK, WPA2 or WPA. This is more reliable then outdated WEP.'

Emphasis is mine.

I think he needs to be clear that aircrack is only good against WPA-PSK where the key is short and a dictionary word. The use of long keys with random letters, numbers and symbols effectively stops the use of aircrack to break the WPA-PSK encryption.

Not totally sure but for WPA it only uses a brute force dictionary attack I think.

HTH

JJ

Many thanks guys ,there is some good constructive feedback ,i will get him to read through the posts when he gets in from college