Jump to content


Photo
- - - - -

That paper I mentioned...


  • Please log in to reply
5 replies to this topic

#1 TheFunk

TheFunk

    SUP3R 31337

  • Binrev Financier
  • 187 posts
  • Country:
  • Gender:Male

Posted 09 January 2011 - 12:31 AM

For the past few months I've been researching and writing a novice paper. It's not the most solid thing I've written in a while, and I've left some holes that need fixing, but this is the first quarter of said work, and it's on, you guessed it, Network Security. A lot of it is garbled because I'm trying to maintain a 2nd or 3rd person narrative voice throughout as much as possible, seeing as the first person is practically a sin in research papers. Also I'm certainly not an expert, and am sure I made plenty of mistakes, but hopefully this paper can help people.

Please keep in mind, I am not receiving any sort of grade for this, although most of my studying does take place during school hours. All I'm asking is for a bit of advice, maybe some suggestions for better organizing, and some criticism, criticism would be nice :)

There is no due date for the paper, as once again, it's not being graded, so I'm in no rush for responses. I hope some of you like it though, and please...I NEED BETTER SYNONYMS.

Oh and this is the last EDIT for the night I promise, but if you are wary of .pdf files, I can upload your preferred file type, no nig deal!

Attached Files


Edited by TheFunk, 09 January 2011 - 12:43 AM.


#2 Trikk

Trikk

    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 348 posts
  • Country:
  • Gender:Male
  • Location:Portland, OR

Posted 09 January 2011 - 06:49 AM

I liked it, and felt that it was a very good read. However, most of it presumably standard to 95% of people on this board, it's definitely something to recommend to non-tech-savvy people.

I liked how you first explained to them how the network is actually a network and what each layers does, as most people do not do that. But if you're going to go that in-depth about the network itself, you might as well give a demonstration on how attackers can compromise your system, and how they do it, if you don't do X, Y, Z.

Just my two cents. I rarely come across any good reads on network security.

Also, if anyone is reading this and has come across some good papers on network security, pref. more advanced, please paste the links!

:tongue:

#3 mSparks

mSparks

    elite

  • Members
  • 102 posts
  • Gender:Male

Posted 09 January 2011 - 05:21 PM

Hmmm.

I don't like it...
Well.
That's not exactly true.
I think its an ok very early draft.

Let me start with this then:
I NEED BETTER SYNONYMS

Why not just define anything you think your readers may not be entirely familiar with (definitely ones that have different meanings to different readers, and especially ones that have different meanings in alternate contexts to the same reader) in the introdution.
I'd start with
Hacker
Virus
Trojan
Security
Scan
Rouge-ware
etc.

I think once you go through this process you will see what I didn't like in the rest of the paper.

@ Trikk
Try
http://www.amazon.co...=dp_ob_title_bk

Edited by mSparks, 09 January 2011 - 05:36 PM.


#4 TheFunk

TheFunk

    SUP3R 31337

  • Binrev Financier
  • 187 posts
  • Country:
  • Gender:Male

Posted 09 January 2011 - 07:52 PM

@msparks - By synonyms I meant I use a lot of similar phrases, not that my tech terminology needs work, but you do bring up a good point about diving into the paper without first defining things the reader might not be familiar with. I'll probably add a bit of clarification to each section, perhaps somewhere near the beginning of each, my goal is to make this into 20 pages, and if that means adding more info I'll have to make absolutely sure the reader is following me first.

@ Trikk - As far as the explanation of vulnerabilities and how they can be exploited goes, once this portion of the paper hits 20 pages, I plan to write that portion, which should be of equal length. :)

#5 mSparks

mSparks

    elite

  • Members
  • 102 posts
  • Gender:Male

Posted 10 January 2011 - 03:11 AM

I think it also needs some more headings levels.
e.g.
Introduction
->Definitions
->Introduction

About security
->Physical Security
-->Hardware
-->Software

->Physcological Security
-->Passwords

->Networking
etc. etc

Helps guide the reader as to the context you are describing things before you leap in.

Edited by mSparks, 10 January 2011 - 03:13 AM.


#6 phaedrus

phaedrus

    Gibson Hacker

  • Members
  • 90 posts
  • Gender:Male

Posted 12 January 2011 - 09:30 AM

I could write lots on this, but Ive just posted some notes I made on reading it the first time. I don't care about the layout and readability, all that is just window dressing to pretty it up, Im interested in the meat of the contents.

I think it misses the big elephant in the closet that causes the whole issue of security to arise and be such a shock in the first place.

Computers are NOT a black box system. They are a framework which lets you hang what modules you like off them to do various tasks. Modules == software programs. Thats the reason users end up shocked at their first virus, because they missed this after treating them as a switch on and go consumer device.
The car and toilet analogies dont work for me either, to change the oil in a car needs some prior understanding of the car, the quantity of oil, the grade of oil, what quality of oil to use, the frequency of changing it, in fact a whole bunch of factors which understanding the need for, bootstraps into a understanding of the car as a system. To change the oil in a car with abstraction, would be to take it to the garage and pay them to do so. The oil still gets changed, but you dont have to know anything that way apart from how to pay for it. People are reading your paper because they want to learn about how to change their computer/network's oil and some of its inner workings, not just take it a garage.

"First and foremost, one needs to accept that their
information is fundamentally safe, but that doesn’t mean they don’t need to worry. "
Its not fundamentally safe. Otherwise they wouldnt need to worry would they? We could all go and procreate with stunning playgirl models instead of reading your paper. In fact, its fundementally unsafe, and we must just take our best measures to mitigate our exposure to the risk.

the basics of network security :-
"Vulnerability assessment is the very first,"
The very first step is to want to understand and secure it. Vulnerability assessment is how you quantify how secure it is according to some metrics once youve taken that decision. Its a small but important distinction. It puts the first step about securing a network as wanting and caring enough about a networked system to want to secure it. And we're in the caring for things business in a way.

Layer 2 The Data Link Layer:
Local layer 2 attacks, at the moment are common and more disturbingly, mind numbingly simple.

Theyre only mind numbingly simple because script kiddies are using someone elses abstraction without understanding it therefore without the tool its horribly complex so you rely on the tool to deal with all that. Having to rely on a tool that I dont understand how works isnt simple, its complex to me. Im trusting it knows best...
You could say "there are automated tools to perform this which do not rely on the attacker having a deep understanding of the attack vector or what is being done." , it'd be more accurate. Even a tool used like that is is not mind numbingly simple, not to 99% of the computer using populace, some of which your hoping to catch with this tutorial in some way. A analogy here would be that you do not have to understand how a gun works to kill someone with it. The script kiddies dont understand the gun/tool but the end results are still devistating.

Also I think your fine china udp analogy doesnt work , I thought about it a bit and I'd go with something like "udp is like shouting your message to someone and *hoping* they hear in the manner of a newspaper seller, and tcp is the same, except the seller waits for each person to shout back to say they received and understand what was shouted. If you have a LOT of data which it doesnt matter if a little gets lost on the way (streamed music for eg), the udp is more efficient because you dont have to wait for everyone to shout back they got it."

First and foremost, one needs to start thinking of their network as something tangible,
something that can be stolen, because make no doubt about it, if it's too vulnerable, it can, and more
than likely will be compromised.
:-
To help you flesh out this bit , the something that can be stolen is the DATA contained therein and the computational resources. Your stopping people stealing your information to use it on their own systems to their gain, or stopping them stealing your network to co-opt it into a scheme under their own control, be it to attack other networks directly, to join a botnet or spam etc.

You think the above is bad, you want to see it when I get my red pen out on something I dont like.
The intent and effort your putting in is great, I hope the above comments help you think about the contents and concepts your trying to outline.




BinRev is hosted by the great people at Lunarpages!