Module 2 In Review

Continuing my big catch up marathon, after spending the last week catching up on COMP3141 and my thesis I’m now desperately spending today trying to catch up and get ahead on security!  This weeks module was all about thinking like a security engineer and introducing early fundamentals. I am finding it a little disappointing the lack of technical examples even at this stage, however I do recognise that it’s by virtual of being a non-technical course.

Module 2 Review

As mentioned above, Module 2 focused on foundations. We examined briefly a case study at the beginning of the lecture - the recent ANU hack. In this we considered different solutions for what advice would be given to the UNSW Vice Chancellor in regard to the same event.

We continued by exploring how we need to be building security into products by design, rather than trying to secure products after they've been created. This reduces the impact of the M&M effect (having a tough, secure exterior and minimal security on the inside) by compartmentalising our security.

We explored the 4 primary colours of security engineering: trust, secrets, huimans and engineering. We further considered physical security by examining ways we could defeat a padlock and also physical secrecy. In the afternoon we then started to look at different ciphers such as viginere, enigma, and the strategies for breaking all of these. We looked at a series of case studies and also examined the difference betwee type 1 (false positive) and type 2 (false negative) errors.

The last topic we examined was the human risk: specifically self interest. We examined how throughout history humans have focused more on their self interest to the detriment of all others. These examples include the entire concept of monarchies, and the strategies designed to limit these (i.e republics and democracy). We also considered the thread of the trusted insider to organisational security with examples such as Robert Hanssen (dirty FBI agent) or even recently Snowden.

Claude Shannon

Shannon is one of the most influential people in electronic communications history. Beginning with his thesis on applying boolean algebra to the design of relay switching circuits, he started to revolutionise the circuit design field. In war time he continued his work by developing classified communications systems for the allies. This was ground breaking because it was one of the first encrypted communications systems relying on binary as opposed to traditional ciphers. His crowning achievement was his paper A Mathematical Theory of Communication which explored the problem of how to encode information for transmission. Shannon's theroies were considered vital to enable the move from analog to digital communications systems in the 20th Century.

Dumpster Diving

I really am behind... But I am getting there!  Here is my work on the Dumpster Diving task:

What is his/her name? Adam Surname

What suburb does (s)he likely live in?

He probably lives in or around Ryde, based on one of the invoices being addressed to somewhere in Ryde and him doing his large grocery shop in Ryde. One wouldn't travel a long distance from home to do such a shop, so it's likely he lives around there.

Which suburbs does (s)he frequent?

He appears to frequent surrounding suburbs such as Lane Cove and Gladesville, but hae also travels to UNSW and so the suburbs surrounding there too. He also parks in Sydney City occasionally.

What type of computer/devices does (s)he own?

He owns an iPad Pro 10.5" and a TP-LINK TL-MR3020 3G WiFi modem/router at least.

Name 4 shops that (s)he frequents. What times does (s)he likelyfrequent them? Take a guess based on the suburb of some potential stores that (s)he may have visited.

Frequents McDonalds in Kingsford, Coles in West Ryde for his shopping, Silver Service Dry Cleaning in West Ryde and Umart in Ryde. For further details see the timeline below.

Create a timeline of where (s)he was at what time.

06 JAN 17 ~ 1239: Macquarie Park

28 MAR 17 1550: UNSW

05 MAY 17 ~1700: Umart Ryde

Unknown Date and Time: Sherlock Holmes exhibit Powerhouse Museum (Ultimo)

31 AUG 17: Campbell Street Sydney CBD

08 SEP 17 1424: Coles West Ryde

13 SEP 17 1507: McDonalds Kingsford

24 SEP 17: Some Campground parking

29 SEP 17 16??: KFC Ermington

?? OCT 17 2141: McDonalds Kingsford

06 OCT 17 1516: UNSW

12 OCT 17 1257: Visiting Rory1Alpha at unknown site, before heading to somewhere in Lane Cove afterward

08 NOV 17 1700: Dry Cleaning in West Ryde

03 DEC 17 0900: McDonalds for Breakfast

What type of phone does the owner use?

Likely an iPhone based on his preference for iPads and their accessories.

What does (s)he look like?

https://dieliced.tumblr.com/post/186103871375

What brand clothes does (s)he wear? Which size?

Looks like TShirts when being casual, but also tuxedos when dressing up. Size 36 for pant/short sizes. Also seems to like Polo Ralph Lauren.

Has (s)he travelled anywhere recently?

Based on the myki present in his car, he probably visited Melbourne recently. Specifically staying in the Nunnery Fitzroy.

Which companies has (s)he recently visited?

Telstra, UNSW.

Any medical conditions?

Vision impaired, uses glasses and contacts. Doesn't eat well, potentially complications from that.

His known associates: Luke, Shawn, Hamish, Rory.

Probably political views are anti-Labor based on the scare flyer he has kept.

Likely is a Catholic based on the Jesuit Mission letter he is keeping.

Vehicle is petrol based, based on E10 fuel on his receipt.

Catching Up

Unfortunately due to medical circumstances beyond my control, I’ve been unable to attend any lectures for 6441 so far this trimester, nor really do any work at home throughout this time.  This has naturally been a significant spanner in the works as I have been trying to recover as well as catch up on the content missed.  This whole period also coincided with my starting a new full time job as well which has added to the pressures and stresses.

However, despite all these challenges I have been working hard to try and catch up and I have finally finished the first week’s content.  I have also been working with my new employer to give me time off to attend university, so I will be at least able to attend my labs going forward.

I found the first weeks content to be pitched at a very simple/beginner level.  Perhaps this is simply because I’m a later year student, however I was expecting there to be a technical element to this course rather than the suggested no-technical-knowledge required approach.  I recognise, however, that Richard is allowing/encouraging those that are more technical to independently work to be more technical - but for me that suggests I may as well just research on my own outright... Perhaps I am overly critical, so I’m willing to give this course a red hot crack nonetheless.

There were some interesting ideas floated in the first round of lectures as well as a good case study or two.  I did find the discussion around weaknesses of humanity to be interesting and I do look forward to further investigating that.

One thing that was confusing that probably should have been clarified is that at one stage Richard suggested that any confidential system that relies on secrecy is bad and is security through obscurity.  However, and he does explore this later, every confidential system needs secrecy - just secrecy around keys rather than the system itself.  I think in future it would be good for his initial claims to be “any confidential system which relies on its processes remaining secret is security through obscurity.”

Overall it’s good for me to be catching up and I’m looking forward to tackling the future content.

Something Awesome Proposal

For my ‘Something Awesome’ project, I will be working through Reverse Engineering for Beginners by Daniel Yurichev as well as additional challenges made public on the internet.  Each week I plan to publish a blog post summarising the chapters that I have read through during the week and any challenges that I have completed.  As I have had significant medical complications at the start of the trimester I will be starting work on the project delayed in week 3 and will be attempting to spend my weekends catching up.

My final ‘Something Awesome’ portfolio should contain at minimum:

· A summary of links to individual blog posts showing my work through the book and exercises

· An overall summary review of Reverse Engineering for Beginners and how much work I have completed

As an extension (if time permits) I would like to create a video showing an example of me working through a reverse engineering challenge to demonstrate the time that is being committed to each of the individual tasks.  I would also like to potentially develop some of my own reverse engineering challenges to share with others.