Saturday, September 15, 2012

Plan for IA-240 at Eastern Mi.

** This has been updated:

So one of the classes I'm taking this term is required for my degree. And I have to worry about protecting my computer in it.

The course:
IA 240. The main point of the class, that I took away from the first night, is to learn how to write Analyst reports. The over all goal is to give us the skills required to go work for a government agency. (The program has a lot of students leave and get jobs in the public sector).

The Final:
The professor will assign us something to do an analysis report on at the end of the semester. To teach us on Operational Security, we have to protect our final project from our class mates. He gives extra credit for each student we got information from.

The Problem:
The professor has already said we are required to bring laptops to class, and class mates, as in the past, will try hacking that computer to get your final project. **Update-1: This was said in a warning, not in a you will be hacking each other in this class.

Over all, knowing the above, one really wants to get your hacks in early, get a back door, and be able to come in to the classmates boxes at will. Lots of way to do that. But I'm about not being an easy target. In fact I don't want my system compromised.

Options to protect me:
- Change operating systems every class, either local install, from USB, or DVD / CD.
- Run Backtrack, and use that as the the desktop (not meant for that).
- buy dedicated machine, and use nothing on it, doing forensics on it at the end of the semester, and keep nothing on it.
- Be really evil... (run vm or a dedicated box with a sticky honeypot).

The Plan:
I don't have the money for the dedicated machines.

I thought about putting my money where my mouth is and installing Backtrack, on an old hard drive, then harden it. This would fit in with my Linux Hardening applied to BackTrack talk. However don't like the idea of swapping the hardware that often. Trying to hack my class mates would be un-ethical in my eyes anyway.

I don't have an interest in hacking my class mates. Just not being hacked.

So, I've already got Full Disk Encryption, I'm going run with The Amnesic Incognito Live System (TAILS). I'll take an energy hit, the main hard drive won't be touched.

The only thing I have to worry about is saving my work from class (not that I type much in class, I'm more about pen and paper). But if there is something I need to save, I have things for that. I'm using Google's two factor authentication. I also could look into doing File System over SSH. Not sure if I'll have to go that far.

*Update-1: the professor was not giving permission. he was giving a warning.

No comments: