Re: "The home computer is the new front line of war."
I've worked IT in schools before my current job and the proliferation of students now using the internet is far beyond what it was when I myself was a student at the very same school!
I think if something was rolled into a "generic computer course" it could help mitigate problems in the future. I think DHS does a good job educating consumers, but users are stupid. "My friend's kid said x and I should be safe" little does he know that x is what opens up his box for intrusion, or some sort of stupid chain mail telling them to delete rundll32 because it is a virus.
I think what would be helpful would be for the home networking market to start pushing rudimentary IDS into routers. I think standard end user antivirus doesn't cut it any more, they either don't update their definitions, or they don't configure it right ("duhurr it slows mah computer machine down") or they just outright disable it.
I agree on the OS hardening, but the problem, I think is that OSes are so vast in size these days that they just are open to more problems. I made a witty facebook comment the other day about the code size and I had to look it up, Vista has 50 million lines of code. Imagine how much potential for vulnerabilities. While, I think they have made great strides in the last year to improve, I still think since it is the most popular and used desktop software, and because it is, it will face more and more scrutiny than anything else. OSX has been proven to be vulnerable in the last few years, Linux is too, but what is the point of spending time to write exploits for those vulnerabilities, when your goal is sheer numbers, besides e-cred? It's only a matter of time before Apple computers tip over the scale and become popular enough to write exploits for.
I think media plays a huge role in misconceptions about security as well. I haven't done anything official, but I've talked to a bunch of people and more than 75% of them believe that half the garbage they see on CSI or NCIS happens in real life. I'm planning on doing a user survey within the next couple of weeks (we're starting an IT newsletter for my agency) to publish. (we're getting a lot of people in our office asking how they can remove SUPER ANTIVIRUS PRO ULTRA EDITION from their home computers)
tl;dr yes I think your idea is a good one, but I think it is a broader topic than just teaching a bunch of kids and hoping that at least 10 implement something they learned.
-
Re: "The home computer is the new front line of war."
I've been researching this kind of thing for a paper for one of my classes. The one thing I've found that can be done that applies to home computers as well as to corporations, the govt, etc. is for the OS and software to be made better and more secure. This is purely my opinion, but I think Microsoft is the greatest threat to national security, even though that is not their intention. Winn Schwartau also points to non-secure software that wasn't really ready to be released as one of the sources of this problem. The govt is going to get their paws into this issue one way or another, and I think what they should do is hold the software companies accountable for what kind of crap they turn out. Expensive? Yes. Hard to implement? Yes, but I think it really would get to the source of the problem. While your idea is pretty good, I'm not sure that the average end user is intelligent enough or aware enough to make good decisions, even if he/she were to be educated on the matter while in school. Sadly, most of the kids I know are not interested enough in computers or computer security to take a class like that seriously, even if it was a requirement
Leave a comment:
-
"The home computer is the new front line of war."
I just spent 45 minutes writing a long post with links and research attached. Then when I posted it, it told me I needed to log in again and it disappeared into the ether. Livid does not describe it. That being said, it was a bit rambling and perhaps deserved a rewrite anyways.
I attended a panel at defcon 17 titled "Preparing for Cyber War." One of the panel members made the comment in the title, though I've paraphrased as my memory can be leaky. It's been stuck in my mind for a couple months now, and I've been turning it over. It's an interesting challenge. Any sort of malefactor could do a lot of damage with a couple million zombies to help it out. Terrorist might simply wipe out data to cause confusion and damage, or use millions of stolen passwords to destroy confidence in our banking system. Enemy states could use DoS attacks to restrict communications between agencies. The possibilities are endless and don't need to be enumerated to this crowd. So how do you secure hundreds of millions of computers in the US?
Given that I spent almost three years as a High School teacher, it is natural that I would fall back to education.
Virginia does not have a computer class requirement. It does have what they call "Standards of Learning," part of the general framework of what children are supposed to learn while in school, and those do address technology and computer skills. Passwords are covered between Kindergarten and Second Grade. Copyright is covered every grade. Hacking and computer crime are covered in High School. While this might make it appear VA has it covered, there is no corresponding class required in HS. This means that those skills must be shoehorned into another class that every student is required to take. We got around this requirement in our particular school by adding a computer skills class to our required curriculum, though a complete class is not a state requirement. The class consisted mostly of MS Office skills, sadly, and was taught by a business teacher.
While it is a given that education does not change all habits, or sometimes even most (witness how many people still don't wash their hands....thanks SuperFreakonomics!), I believe that education would pack the most "bang for the buck." A full class wouldn't be necessary, but a unit inside of a current computer skills class in Information Assurance would be a fairly cheap (on gov terms) fix, and it would reach a reasonably high percentage of the population. Of course, how much of that percentage would actually apply what they learned is unknown, but I'm sure there's research on that subject somewhere. Even if only ten percent of the students applied the mechanisms of protection involved, that would be a substantially higher number than currently do, given the numbers involved. I'm not normally a fan of top down fed intervention, but this is one of those cases where I believe it might be necessary. And of course, this isn't even a complete solution at all, but possibly a start.
Right after Defcon I did some quick google searches on high school information security, and found nothing. I just did it again this morning and found a Symposium in CA for high school level CS teachers, funded through some NSF grants. There are definitely some people moving in this direction.
How would you fix this little issue?
Mel.
Leave a comment: