How do you do....it? Thread, Hackers, Crackers and other wise little Slackers... in Technical; We have a kid here who was banned totally from using any ICT equipment in school by my predecessor. Today, ...
2nd December 2008, 02:46 PM #1
Hackers, Crackers and other wise little Slackers...
We have a kid here who was banned totally from using any ICT equipment in school by my predecessor. Today, one teacher allowed him to use a computer in class for work. He got a hard drive out of his bag, plugged it in and rebooted the PC.
The hard disk contains a bootable linux distro - Back|Track 3. Looks like a hackers favourite, all the tools there - spoofing, password attacks, forensic tools, etc, etc, etc.
Now I need to look in to why USB boot is enabled and what's being used as a BIOS password. That issue aside, I'm wondering what the general wisdom here is with such kids.
He's encouraging his mates to do similar thing. This week we've found RDP icons in peoples home drives, a selection of .bat files to do things like display pointless messages endlessly or make the user think their work has been deleted.
I can't help thinking that banning them from the network is not a solution to the problem? Is there anything you guys have done/do do with these kids - clubs/activities/punishment/research/lunchtime work - to combat this problem and channel their curiosity?
2nd December 2008, 02:51 PM #2
Had one before that we (I, tech staff and the head) banned from being within three feet of IT kit on pain of death and mutilation, and a few weeks later I found him logged into a backdoor. Phoned his fiery italian dad and explained that we were about to ask for police advice regarding a criminal prosecution, dad turned up and took him away to do eight hours enforced revision a day for the rest of the year
Last edited by powdarrmonkey; 2nd December 2008 at 02:52 PM.
Reason: i've had no coffee this afternoon
2nd December 2008, 02:54 PM #3
Backtrack 3 is one of the best penetration testing tools out there. Free download as well.
Unfortunately anything you might do to try and channel this interest would also probably be giving them skills they'd misuse. Might be worth creating a very heavily locked down GPO for their particular accounts and dropping known troublemakers into it. Work on least-privilege. Take away abilities to do everything except what they actually need. Allow specific programs to be run, and set all others to be denied by default and so on.
The other thing that might be worth doing would be getting in touch with your local police and seeing if they have anyone who could come in and give the kids a lecture about electronic crime. Or even see if there's a penetration tester who might be willing to come in.
Disallowing .bat files and RDP might be a start as well.
2nd December 2008, 02:55 PM #4
Mmm, that's the root I'm trying to avoid. I know why these kids do it, heck if networks/pc where half as advanced as this when I was at school I'd have been trying the same. Instead I had to make do writing BBC Basic programs
This particular kid may just end up going down the whole - let's threaten to get the police involved, criminal conviction, et al - route. But I can't shake the feeling that there is a more practical solution.
Just stumped at what exactly to suggest!
2nd December 2008, 02:56 PM #5
Depending where you are, I'd leap at the opportunity
Originally Posted by jamesb
2nd December 2008, 02:57 PM #6
Give him a job!
2nd December 2008, 03:01 PM #7
Actually, that's the type of thing I'm thinking off. But what! I don't mind them learning these skills. Could earn them a lot of money - good luck to them. They need to know when it's appropriate though - and my network is not their play ground (regardless of the holes I haven't filled in yet!) :stampsfeet:
Originally Posted by somabc
2nd December 2008, 03:04 PM #8
As another thought then why not give them a playground? See if someone'll approve VMWare or VirtualPC or something similar, put a linux install in it and set them some challenges.
Either that or see if you have some older PCs around due for the scrapheap, put Linux on them, or Windows if you have the licenses, and give them a mini-network to play with. But I would say you want them to know the possible consequences should they try to use their 'skills' outside the playground, that's why it'd be worth getting the police and so on in as well.
Thanks to jamesb from:
tmcd35 (2nd December 2008)
2nd December 2008, 03:09 PM #9
We had a child do a similar thing, and back in my day I was well versed at cracking networks, so I got him to show me where the holes were in my network and I fixed it. As such my network is much more secure.
If it were not for these blighters my network would be no where near as secure. As for the boot options, go into your BIOS, disable USB Boot and CD Boot, and then password the BIOS so the options cant be changed, and on the profiles, set a super mandatory profile to enforce that no USB devices get used apart from approved ones. That way only you and the staff can use USB devices.
2nd December 2008, 03:38 PM #10
If there so/ hes so computer literate, see if your school is willing to offer him simple course's like A+ and networking +, and giving him a job is probs bad idea because he may be competent but there is a maturity aspect, and it sound as if he would violate most rules regarding privacy given half the chance.
I like the VM idea, might also suggest getting him to see careers advisor see if they can make a more beneficial action plan, get him more interested in the maintanace of security.
2nd December 2008, 03:52 PM #11
Just had another thought, extending the VM thing and a little more ambitious. If you can set up a network in VM, even just a single DC and one client computer (on a decent workstation you'll be able to run both of these at a low-spec), then get them all to try and harden their own mini-domains.
After that, they swap domains and try to break in. Challenge is to be the first one to manage to get escalated priviliges.
Just if you're going to do that make sure you watch exactly what they're doing, and harden your own network against it.
2nd December 2008, 04:11 PM #12
Now that I like, a lot.
You got me thinking along the lines of grabbing a few old PC's and an old switch. Throwing them on a table with a few OS install disks (XP Pro, Win2k3, Linux), and saying there you go, build a working, secure network.
Maybe setting it up in VM's could be interesting - each VM as access to the sandbox network - but not the school network. Would need to look at the security on VMWare Server. Wouldn't want them to create/delete VM's but not have access to the networking settings. I know this is possible under ESX, but not sure on plan VMWare Server.
Maybe as an after school activity. Anyone caught hacking the network is thrown off the course, banned, threatened with police.
2nd December 2008, 04:12 PM #13
Bring him in at lunch time and ask him to "hack the network" Did that one day with one of the pupils in a school not long after I started. He told me he could access loads of things that he shoudln't have been able to. I told the head of ICT that I was having this kid in at lunch time and watched what he did. Sure enough he could get access to things they shouldn't have been able to. I (wrongly) assumed that the privaleges had been set by the person before me, but no one actually looked after the network before I started. After I saw what he did, I made changes to stop him having access to things they shouldn't. After that every time he found a way around the security he came straight to tell me. I think this was because he didn't believe me when I asked hom bypass the security in place and enjoyed the fact that I let him have a play (whilst being supervised by me)
Of course this depends on the type of pupil you have, and there is no way to know if they will just abuse your trust.
Edit: of course this is if you want to encourage them. Personally I would ban if they have been warned. Its fine to encourage people, but only if they deserve it.
Last edited by penfold; 2nd December 2008 at 04:18 PM.
2nd December 2008, 04:56 PM #14
As you said it does depend on each pupil. If the guy is a complete idiot and you know will breach your trust, then you shouldnt trust them but if the pupil is one that you believe you can trust then do the following.
Find an empty room that is not used, preferably a store room with power sockets, set up a switch, a "server", 3 machines, with with XP, 1 with ME, and 1 with MAC OS (X or leopard), and get the child to try to gain access to all 3. Depending on the skills of the child they can show you vunerabilities in your system which believe me, will help no end. If you know the vunerabilities, then you know where to improve your network.
2nd December 2008, 06:00 PM #15
Originally Posted by powdarrmonkey
Thats fantastic, thats what I call a lesson. I used to be just the same as most of these students were complaining about, I even complain about them now. I wish that I was encouraged more at school with me ICT as I used to love trying to break into schools systems, I even made a list over year 11 of all the problems and emailed it to the Network Manager at the end of the year.
Lets just say he wasn;t very happy, but was delighted when I left.
By maark in forum Wireless Networks
Last Post: 5th January 2009, 06:05 PM
By the_one_that_cant in forum Educational Software
Last Post: 2nd December 2008, 12:20 PM
By Athlona in forum General Chat
Last Post: 6th March 2008, 03:06 PM
By nicholab in forum Educational Software
Last Post: 28th November 2007, 10:07 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)