Sunday, January 24, 2010

Netbooks: New and Important Forensic Challenges






Mike Levine, Master of Science in Information Assurance Faculty

One of the things that attracted me to the Information Assurance field many years ago was the constant and rapid development of different information technologies.  In addition, the continual problems that we see about building security into systems rather than trying to identify, patch or otherwise remediate security flaws.  In a number of your MSIA seminars you discuss and analyze Moore’s Law and it is impact on the larger field of Information Technology.  My personal view, is that it is difficult to fully understand the incredible opportunities (and I would add challenges) that faster, less expensive technology present from a forensics perspective.

Netbook Computers

There has been some great engineering work to develop small scale PC.  For instance, the One Laptop per Child Project (see http://laptop.org/en/ for more details) has largely succeeded with its ambitious goal of manufacturing Internet connected, ultra small and very affordable computers to support education and technology in poor and developing countries around the world.  Sales of these devices are continuing to skyrocket both in the USA and overseas, and retail prices range from $300 to $600.  Recently, some large manufacturers (i.e. Dell Computers) have also entered this market.  Most of these devices have a Linux variant as their operating system and come pre-installed with a range of free, open-source software.  Finally, some of the newer devices are available with the Windows OS.

Potential Forensic Impacts

I am fortunate to have some research support to help investigate the challenges and opportunities that new devices and software systems present to cyber investigators.  In particular, over the past year I have worked with some of my colleagues to research Netbook devices and propose some essential forensic challenges that these devices present.  For instance, the use of solid-state drives, open source software, and the use of some proprietary software are serious forensics issues. You can read two of our recent via the following links:

http://www.springerlink.com/content/q22v651l17775433/


Another Couple of Serious and Fundamental Issues to Ponder

In addition to the forensic issues with Netbooks, we should also be practical and consider some other potential threats and risks that these devices might present in the future.  One obvious threat is use in a DDoS attack; another is using it as a zombie computer by a Botnet. In my opinion, this is very likely because of the non-existent or limited security knowledgebase of the huge new user base that Netbooks have created which are mostly young children, or adults with minimal or no IA knowledge. 

Perhaps, with a bit of professional skepticism that I always seem to have, for a few minutes to think about how these devices could be used as part of an information warfare attack.  We should also not forget the more routine threats from malware distribution and other common IA issues.  Finally, emerging technologies continue to include general IA risks, will we ever break this detrimental paradigm?  I wish I could genuinely believe the answer to this question was yes, but I am realist so I just don’t think so.

Heading back to the forensics lab now, and I wish everyone continued success in the MSIA program.  If you are interested in this research area, feel free to contact me at mlavine@jhu.edu or mike@homelandsc.com.  

Last Week’s Quiz Question
What is the tallest man-made structure in Vermont? (By “structure” I mean something that you can enter, thus excluding things like radio and TV towers)

Answer: The Bennington Battle Monument, at 304 feet.  See

Winner:  Joanna D'Aquanni.
Joanna will receive an autographed copy of AC/DC's little known information security-themed album, "Dirty Deeds Stopped Dirt Cheap."

This Week’s Quiz Question

What was the building that houses the School of Graduate Studies used for before Norwich University bought it?

The winner receives an all expense paid trip for four to any ocean shore resort in Vermont.

Send your entries to jorlando@norwich.edu

Saturday, January 9, 2010

Killing Performance with Incentives


I nearly fell off my chair when I found out:

• External rewards—like money and grades—have been proven to DIMINISH performance on complex tasks!

This goes against everything our business world and education is built on. So I asked my wife about this, a Milken National Educator of the Year. She said “Yes, that’s been known for years.”

She gave me a book by the famous education researcher Alfie Kohn, which provides the following facts about grades:

1. Grades tend to reduce student’s interest in learning.
2. Grades tend to reduce student’s performance in challenging tasks.
3. Grades tend to reduce the quality of student’s thinking.

The issue relates to motivation, and has profound implications for information assurance and business continuity professionals who must motivate people to follow the policies that they establish.

Please watch the 18 minute video below. I promise, you’ll thank me afterwards. If you don’t agree that it was one of the best ever uses of your 18 minutes, write me and I will gladly refund your time.

I’d like your thoughts on what this video can teach us about how a BC or IA professional can do their job better? 

http://www.ted.com/talks/dan_pink_on_motivation.html

Last Week’s Quiz Question
Why did Vermonters huddle around their television sets at 10:00am., on December 28, 2009?

Answer: To watch the demolition of the Champlain Bridge.
http://www.youtube.com/watch?v=QwxXSfJxSzQ&NR=1

Winner: Matt Bambrick.
Matt received four tickets to the Brookfield Ice Harvest: http://tinyurl.com/ydv4avg

This Week’s Quiz Question
What is the tallest man-made structure in Vermont? (By “structure” I mean something that you can enter, thus excluding things like radio and TV towers)

The winner will receive an autographed copy of AC/DC's little known information security-themed album, "Dirty Deeds Stopped Dirt Cheap."

Send your entries to jorlando@norwich.edu