Sign in to follow this  
Followers 0

That paper I mentioned...

6 posts in this topic

For the past few months I've been researching and writing a novice paper. It's not the most solid thing I've written in a while, and I've left some holes that need fixing, but this is the first quarter of said work, and it's on, you guessed it, Network Security. A lot of it is garbled because I'm trying to maintain a 2nd or 3rd person narrative voice throughout as much as possible, seeing as the first person is practically a sin in research papers. Also I'm certainly not an expert, and am sure I made plenty of mistakes, but hopefully this paper can help people.

Please keep in mind, I am not receiving any sort of grade for this, although most of my studying does take place during school hours. All I'm asking is for a bit of advice, maybe some suggestions for better organizing, and some criticism, criticism would be nice :)

There is no due date for the paper, as once again, it's not being graded, so I'm in no rush for responses. I hope some of you like it though, and please...I NEED BETTER SYNONYMS.

Oh and this is the last EDIT for the night I promise, but if you are wary of .pdf files, I can upload your preferred file type, no nig deal!


Works Cited Semester-1.pdf

Edited by TheFunk

Share this post

Link to post
Share on other sites

I liked it, and felt that it was a very good read. However, most of it presumably standard to 95% of people on this board, it's definitely something to recommend to non-tech-savvy people.

I liked how you first explained to them how the network is actually a network and what each layers does, as most people do not do that. But if you're going to go that in-depth about the network itself, you might as well give a demonstration on how attackers can compromise your system, and how they do it, if you don't do X, Y, Z.

Just my two cents. I rarely come across any good reads on network security.

Also, if anyone is reading this and has come across some good papers on network security, pref. more advanced, please paste the links!



Share this post

Link to post
Share on other sites


I don't like it...


That's not exactly true.

I think its an ok very early draft.

Let me start with this then:


Why not just define anything you think your readers may not be entirely familiar with (definitely ones that have different meanings to different readers, and especially ones that have different meanings in alternate contexts to the same reader) in the introdution.

I'd start with








I think once you go through this process you will see what I didn't like in the rest of the paper.

@ Trikk


Edited by mSparks

Share this post

Link to post
Share on other sites

@msparks - By synonyms I meant I use a lot of similar phrases, not that my tech terminology needs work, but you do bring up a good point about diving into the paper without first defining things the reader might not be familiar with. I'll probably add a bit of clarification to each section, perhaps somewhere near the beginning of each, my goal is to make this into 20 pages, and if that means adding more info I'll have to make absolutely sure the reader is following me first.

@ Trikk - As far as the explanation of vulnerabilities and how they can be exploited goes, once this portion of the paper hits 20 pages, I plan to write that portion, which should be of equal length. :)


Share this post

Link to post
Share on other sites

I think it also needs some more headings levels.





About security

->Physical Security



->Physcological Security



etc. etc

Helps guide the reader as to the context you are describing things before you leap in.

Edited by mSparks

Share this post

Link to post
Share on other sites

I could write lots on this, but Ive just posted some notes I made on reading it the first time. I don't care about the layout and readability, all that is just window dressing to pretty it up, Im interested in the meat of the contents.

I think it misses the big elephant in the closet that causes the whole issue of security to arise and be such a shock in the first place.

Computers are NOT a black box system. They are a framework which lets you hang what modules you like off them to do various tasks. Modules == software programs. Thats the reason users end up shocked at their first virus, because they missed this after treating them as a switch on and go consumer device.

The car and toilet analogies dont work for me either, to change the oil in a car needs some prior understanding of the car, the quantity of oil, the grade of oil, what quality of oil to use, the frequency of changing it, in fact a whole bunch of factors which understanding the need for, bootstraps into a understanding of the car as a system. To change the oil in a car with abstraction, would be to take it to the garage and pay them to do so. The oil still gets changed, but you dont have to know anything that way apart from how to pay for it. People are reading your paper because they want to learn about how to change their computer/network's oil and some of its inner workings, not just take it a garage.

"First and foremost, one needs to accept that their

information is fundamentally safe, but that doesn’t mean they don’t need to worry. "

Its not fundamentally safe. Otherwise they wouldnt need to worry would they? We could all go and procreate with stunning playgirl models instead of reading your paper. In fact, its fundementally unsafe, and we must just take our best measures to mitigate our exposure to the risk.

the basics of network security :-

"Vulnerability assessment is the very first,"

The very first step is to want to understand and secure it. Vulnerability assessment is how you quantify how secure it is according to some metrics once youve taken that decision. Its a small but important distinction. It puts the first step about securing a network as wanting and caring enough about a networked system to want to secure it. And we're in the caring for things business in a way.

Layer 2 The Data Link Layer:

Local layer 2 attacks, at the moment are common and more disturbingly, mind numbingly simple.

Theyre only mind numbingly simple because script kiddies are using someone elses abstraction without understanding it therefore without the tool its horribly complex so you rely on the tool to deal with all that. Having to rely on a tool that I dont understand how works isnt simple, its complex to me. Im trusting it knows best...

You could say "there are automated tools to perform this which do not rely on the attacker having a deep understanding of the attack vector or what is being done." , it'd be more accurate. Even a tool used like that is is not mind numbingly simple, not to 99% of the computer using populace, some of which your hoping to catch with this tutorial in some way. A analogy here would be that you do not have to understand how a gun works to kill someone with it. The script kiddies dont understand the gun/tool but the end results are still devistating.

Also I think your fine china udp analogy doesnt work , I thought about it a bit and I'd go with something like "udp is like shouting your message to someone and *hoping* they hear in the manner of a newspaper seller, and tcp is the same, except the seller waits for each person to shout back to say they received and understand what was shouted. If you have a LOT of data which it doesnt matter if a little gets lost on the way (streamed music for eg), the udp is more efficient because you dont have to wait for everyone to shout back they got it."

First and foremost, one needs to start thinking of their network as something tangible,

something that can be stolen, because make no doubt about it, if it's too vulnerable, it can, and more

than likely will be compromised.


To help you flesh out this bit , the something that can be stolen is the DATA contained therein and the computational resources. Your stopping people stealing your information to use it on their own systems to their gain, or stopping them stealing your network to co-opt it into a scheme under their own control, be it to attack other networks directly, to join a botnet or spam etc.

You think the above is bad, you want to see it when I get my red pen out on something I dont like.

The intent and effort your putting in is great, I hope the above comments help you think about the contents and concepts your trying to outline.


Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
Followers 0