Here are some of the major topics we covered in class to give students a better understanding of how computer security works, and how to stay safe in a deeper level than we usually have time for...
Losing a Windows password happens quite often, especially when the user is no longer a part of the organization, or has simply forgotten the password for the only administrator account on a rarely-used system. There are several options, which you can research on your own. Our students got to try a few. It was helpful for them to learn just why it's so important to have not only a good password, but other layers of protection as well.
Mac Password Security
Mac has the reputation of being pretty secure and safe, but their efforts to be as user-friendly as possible and building everything on a UNIX platform platform have left some vulnerabilities.
In order to gain access to a Mac with a lost administrator password, the best way is to use the Mac OSX Install disc that came with the computer. There are other ways to secure your Mac and help you to remember your password that the students had a chance to discuss as well, including encrypting actual files as well as the OS.
Cracking file-level passwords
While we discovered that user passwords for operating systems are rather unsecure, password encryption for files can be very difficult to crack. We looked at the differences between methods of password cracking, such as Hash decryption, Dictionary set, and Brute force. More information on these methods can be found at: http://en.wikipedia.org/wiki/Password_cracking
Students had a much better understanding of how threats to security occur, and they learned the importance of being very careful when storing information, especially sensitive information.
Live CDs
We booted our computers using Puppy Linux and Knoppix, though we discussed the use of even more alternatives, such as Ubuntu derivaties that can run live, as well as BackTrack, DEFT, and MilaX. A more complete list of LiveCDs can be found here. These live CDs are ways to boot a computer with a non-functioning operating system and access the hard drive. They are an important part of any IT toolkit for retrieving data and also running a full virus scan that can check for rootkits while the primary operating system is offline. With these tools, students can learn a really safe way to recover important work they thought they had lost to a virus or other OS corruption!
Internet Security
We took a tour of www.whatsmyip.org to explore some of the information that is passed on to a website about every visitor and ways that one can protect a computer against malicious attacks by testing what vulnerabilities exist. Using this website, we were able to discuss how to make passwords more secure, geolocation, proxy servers, MD5 checksum. This also led to a discussion to ports, firewalls and creating a DMZ using a dual-firewall setup.
In the End
Of course, our conversation went to all sorts of places, and our students seemed to learn and share a whole lot about the way computers work, the way to work around that, and most of all the importance of having a better understanding of this still somewhat new frontier of online life.
Maybe http://manytools.org could be handy as well for these classes? See browser request headers, some online networking tools, secure password generators etc.
ReplyDeleteCheers!