Re: chat logs

[Times Enemy <times () krr org>]

Greetings.

In the school environment, similar policies to that of a corporation, 
perhaps akin to those of a public library, should exist.  Privacy should 
not be a right on such a network, and IDS/IPS systems could include 
rules to scan IM sessions for various keywords, or traffic and act 
accordingly.

In the home environment, a higher level of trust, in regards to privacy, 
should exist, with the users, but they should not have Admin./root 
privileges, and the understanding that parents have the unquestionable 
right to do spot checks, in/visible to the children/users should exist.  
I liked one suggestion to have computers in a high traffic area, but 
that is not very realistic, especially with wireless devices and such.  
(FWIW, as a security professional, it would be remiss of me to not have 
IDS/IPS actively watching my home network, especially if i work from 
home with any amount of frequency.  Also, every box should be locked 
down as much as possible, and if necessary, separate gaming boxes should 
exist, which are also locked down though with exceptions for the 
games.)  However, despite such preparations, most issues are not best 
resolved with technological fixes, but rather user education, 
understanding, and knowledge; this is perhaps more obvious/?easier? in a 
home network vs. a corporate network.  Maybe the politics of educating 
users can be tested on a home network, before implementing various 
tactics on a corporate network?

I like the question, "What is the policy if something unrelated is found 
that the authorities think is a problem?"  My thoughts are that such 
instances should be addressed with common sense, and case-by-case.  In 
regards to formal policy, within guidelines, issues should be taken to 
some form of group, panel, counsel, round-table, oracle, et cetera.  
There should already exist some sort of "catch-all" policy which 
addresses how to handle new threats.  What happens if a student accesses 
bomb making instructions?  What about manuals showing how to overthrow a 
government?  What about detailed manuals on urban warfare strategy and 
tactics, perhaps SWAT methods for securing a school?  Or what about 
methods for evading IDS/IPS?  This can quickly get too thick for just 
IT, and should involve other layers of administration and decision makers.

So basically, the answer is 42.


.times enemy


Zaven wrote:

> Keller, Tim wrote:
>
> > The one thing you've got going for you is all of these protocols are
> > unencrypted.
> >
> > I'm not going to get into the details because this email would get a 
> > little
> > long, but this is how I'd do it.
> >
> > I'd take a port on the router and configure it to mirror all the 
> > traffic to
> > this port.  I'd then take a Linux box plug it into said port, install 
> > snort
> > and configure it to trap all AIM/MSN/Yahoo/email/IRC and record all 
> > URL's
> > that are accessed.
>
> I think she was talking about parents doing this kind of thing, at 
> will, in their own homes. Spying on all chat communication seems, to 
> me, to be  a drastic invasion of privacy. School children are people 
> too, and I certainly hope all the officials involved will respect 
> their privacy to the greatest possible extent.
>
> Consider that kids use IM a lot these days, and for many it is 
> probably one of their main forms of communication with friends.
>
> I think the police would rarely if ever be granted the authority to 
> capture and monitor ALL chat/email/whatever traffic just in hopes of 
> finding a single "suspicious" comment.
>
> In any case, if this setup was implemented, say on the school network, 
> who would be entrusted to snoop through every child's conversations? 
> How much time would this take? What is the policy if something 
> unrelated is found that the authorities think is a problem? What are 
> the legal implications for the school district?
>
> Zaven