Threat Level: green Handler on Duty: Tom Webb

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Cyber Security Awareness Month - Day 16 - Securing a donated computer

Published: 2010-10-15
Last Updated: 2010-10-16 20:38:15 UTC
by Guy Bruneau (Version: 1)
9 comment(s)

Day 16 ends week two of the Cyber Security Awareness Month. If you happen to get a computer that was donated to you, it is important to trust the software that is installed on it.

Formatting a computer does not erase the data. Before using the computer, it is recommended to completely wipe the hard drive and install from trusted medias. These two programs can be used to wipe a drive: WipeDrive (commercial only) and Active @ KillDisk (free and commercial). If you are familiar with Linux, you can also use dd or cp with /dev/zero or /dev/urandom.

Note that WipeDrive SystemSaver can wipe the data and keep the operating system intact but it cost $39.95.

Wiping with dd or Linux copy (free solution)

Boot with a Linux CD/DVD and one of these methods can be used to wipe a drive:

- cp /dev/zero /dev/hda or cp /dev/zero /dev/sda
- dd if=/dev/urandom of=/dev/hda or dd if=/dev/urandom of=/dev/sda
- dd if=/dev/zero of=/dev/hda or dd if=/dev/zero of=/dev/sda


The final step is to reinstall the operating system and all your favorite software from trusted clean medias.

If you know other method for wiping clean a donated computer, you can share them via our contact form.
 

Update 1: Eraser is a tool for Windows to remove sensitive data from a drive and Terence indicated that Seagate's Seatools can be used overwrite a drive with zeros.

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org

Le cours "Comprehensive Packet Analysis"  sera disponible en français à Québec le 5 nov 2010

FOR 558: Network Forensics coming to Toronto, ON in Nov 2010

9 comment(s)

Cyber Security Awareness Month - Day 15 - What Teachers Need to Know About Their Students

Published: 2010-10-15
Last Updated: 2010-10-15 20:35:40 UTC
by Marcus Sachs (Version: 1)
9 comment(s)

Today's cyber security awareness month topic looks at the problem through the eyes of the teacher.  For most students, their teachers are not just people well versed in economics, mathematics, science, or history.  They also serve as mentors, role models, and confidants to their students and are expected to be able to demonstrate their vast knowledge of how to conduct one's self in today's society.  Unfortunately for many educators, especially those who are a bit advanced in their years, this new thing called the Internet has created a very large divide between students and their teachers, often leaving the teacher with little understanding of how to integrate their students' online experience into the classroom, the playground, homework, and extracurricular activities.

There are many resources online with ideas for teachers in terms of teaching cyber security ethics and etiquette to their students.  For example, see

http://www.staysafeonline.org/cybersecurity-awareness-month/what-educators-can-do

and

https://wiki.internet2.edu/confluence/display/itsg2/Cybersecurity+Awareness+Resource+Library

But what we need to ask is "what should teachers know about their students?"  Being a parent with both of my daughters out of school and on their own (OK, my youngest is in grad school...) I have many years of experience watching the divide between them and their teachers as they were growing up.  Here are some of my observations, known to many of their teachers but completely unknown to others:

  • Homework is often done in collaboration with other classmates via online chat rooms, even if told to do it alone
  • Wikipedia is more valid as a research tool than the school library
  • In chat rooms and social media sites students can be very vicious with their comments about other students, their teachers, and their schools
  • Access to computers and the Internet is everywhere, and when told that they cannot use the Internet they will find a way to do so
  • There is little respect for authority while online, causing some students to routinely break laws that they would not dare to do in the physical world (for example, theft of intellectual property via file-sharing sites, or accessing pornography that is restricted to adults over the age of 18)
  • Students have created sites such as http://www.ratemyteachers.com/ where they discuss and "rate" their schools and teachers

I know that the list above is more focused on the dark side of what "digital students" are thinking and doing, but there are certainly many good things that the Internet brings which were not available to us when we were growing up.  So now it's your turn - use the "comment" link below to add your own observations about what teachers should know about their students when it comes to online behavior.  It doesn't matter if you are a teacher, a student, a parent, or a friend, let us know what you are seeing and hearing.  And while talking about the bad stuff students do is useful for awareness, we also would like to hear about the good things they are doing, too!

Marcus H. Sachs
Director, SANS Internet Storm Center

9 comment(s)
Diary Archives