Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
New version of Wireshark available for download - 1.4.1 - http://www.wireshark.org/download.html

OT: Happy Thanksgiving Day Canada

Published: 2010-10-11
Last Updated: 2010-10-11 21:27:20 UTC
by Adrien de Beaupre (Version: 1)
0 comment(s)
0 comment(s)

Cyber Security Awareness Month - Day 11 - Safe Browsing for Teens

Published: 2010-10-11
Last Updated: 2010-10-11 18:33:11 UTC
by Rick Wanner (Version: 1)
0 comment(s)

Welcome to Day 11 of Cyber Security Awareness Month. Today we would like your advice on protecting your teens' browsing experience.

As a parent of a teen and a tween, this is a topic I have had to become opinionated about and have presented to parent groups on occasion. While there is certainly a lot of overlap with the risks to pre-teens, the increased autonomy of teens can amplify the risks.


What sort of things are teens interested in on the Internet:

  • Websites and searches about their idols
  • Email
  • Games
  • Virtual worlds
  • Instant messaging
  • Social networking
  • File-sharing and peer-to-peer Applications

and the risks they can encounter:

  • Objectionable Content
  • Malware
  • Predators
  • Career limiting moves - what gets posted on the Internet stays on the Internet

In my opinion the last of these, career limiting moves, is  by far the biggest risk to the long term success of your teen.  This is the concept that what gets posted on the Internet stays on the Internet, and in a competitive career environment increasingly companies are using publicly available information available through social networking sites to aid in hiring decisions.  Questionable activities posted on social networking sites could have an impact on your teen's ability to get that dream job many years down the road.

If you have been following the previous days of the ISC's CSAM you are already aware of the wide range of technical, and non-technical controls that are available to you to help protect your family. I would argue that the most useful control is education, both for you and your teen.

With teens come at least a bit of rebellion. If your home defenses prevent your teen from accessing something they want to access they will find someplace where they can access it, most likely a friends place or a library. You can only protect them so much, so you need to provide them with the knowledge to understand the risks and hopefully protect themselves. For that reason the biggest defense you have is education. You need to educate yourself on what your teen is interested in and educate your teen so they can understand the risks and warning signs of trouble.

In order to be educated yourself you need to:

  • start now. The gap between what you know and what your teen knows is already huge and it is not going to get any smaller.
  • communicate with your teen and become familiar with what your teen is interested on the Internet.
  • join the sites, including social networking sites that your teen frequents.
  • become your child's friend on these sites.
  • be aware of who your teen has "friended" on these sites.
  • talk to your teen about what information they should and shouldn't reveal.

Something else to remember is that with the increasing availability of apps for mobile devices, their Internet experience may not be limited to the family computer.

Now that I have rambled on, it is your turn to tell our readers, what techniques, technical or non-technical you use to help protect your teens on the Internet.

As usual your advise is welcome through our comment tool below or through the contact page.


-- Rick Wanner - rwanner at isc dot sans dot org - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected)

0 comment(s)

SQL Slammer Clean-up: Reporting Upstream

Published: 2010-10-11
Last Updated: 2010-10-11 00:25:14 UTC
by Kevin Liston (Version: 1)
0 comment(s)

By now you've sent off your abuse reports (http://isc.sans.edu/diary.html?storyid=9664) and have tracked the responses in your spreadsheet. I'd wager that so far you haven't got great results in that column yet. You've likely received bounces that the abuse contact doesn't exist, or that the mailbox is full. Others have given you nothing but silence. What next?

It's now time to go up a level. With a little bit of detective work, say a traceroute or a bit of DNS probing you can identify the organization that supplies the IP addresses belonging to the infected system. There is a nice guide on how to go about that here: http://www.rickconner.net/spamweb/tools-upstream.html  Add a new couple of columns to your tracking spreadsheet, identify the upstream provider, the contact, and when you send your report.

You will want to update your abuse report to take into consideration the needs of the up-stream contact. You have be even nicer, and provide the initial abuse report as well as your justification for escalating to the up-stream (e.g. Abuse contact does not exist, or mailbox full, no response after a week, etc.)

Why didn't we report to all levels of the up-stream contact in the initial report? My simple answer is crowd psychology. If you send out your report to many levels of abuse contacts, and copy SANS, and law-enforcement, I can gurantee you that nearly all of your recipients are going to ignore your report, thinking that it's someone else's problem to handle.

It's a process, it will take some time. Don't give up because you got an automated response.

-KL

Keywords: slammercleanup
0 comment(s)
Diary Archives