16 November 2000

Question & Answer Sessions

Why not the IT Zone?

No one was there. No idea why. This situation should improve when Cisco's offices are finished.

Washtenaw Community College has offered us space. We will look into it.

What's with the magic vibrating pen?

It's part of a magic whiteboard system.

Magic browser debug flags that let you see what it's doing?

-d

But really ... they exist, but no one remembers what they are.

Qt 1.44 tutorial?

No suggestions tendered; no one knows Qt around here. There must be a users' mailing list out there somewhere.

Are Nokia phones software upgradeable?

Not to 5160i level, anyway.

Who doesn't have a cell phone?

Only one or two of us.

What doesn't Sun's cron (Solaris) notice crontab entries for a while?

It's waiting for the cron job that finalizes the changes?

No serious ideas, alas.

Any experience with Mammoth2 tape drives? Good or bad?

Nope.

El-cheapo hardware NAT devices?

Netgear. Linksys.

Anyone have a replay TV yet?

Yup ... got a TiVo. Haven't taken it apart yet. It's a blast, just as it is.

The Panasonic Show Stopper has had problems with some things (mistaking the signals as MacroVision and blocking them).

Has anyone hacked TiVo Linux (Tivux)?

Nope.

Why is Chris miffed?

It's just one of those days at one of the World's great automobile manufacturers.

Jobs?

Becki is looking for minions again. (She has a few open heads . . . eeewwwww!)

Presentation

Wiretapping the internet

                                Charles J. Antonelli, Asst. Director
                                Center for Information Technology Integration
                                The University of Michigan
                                Ann Arbor

Project Goals
  + Long-term storage of every network packet
    + Cryptographically secured
    + Evedentiary purposes
    + Rapid response to intrusion incident

  + Commodity
  + Completeness
  + Permanency
  + Security

  + Intrusion detection filters and sniffers   [current offerings]
    + Many commercial products
    + Designed for triage
    + Not secure, not archival, not continuous


Prototype Architecture

  ------------+-------------
              |
  Collector ######---###### MFS
              |
  Archiver  ######---CD/Tape/Punchcards
              |
              |
      drives--+--drives


Cryptographic Organization

  translation table symmetric key
  ------------------------------------------
                         Regents' public key
  ------------------------------------------
  volume master symmetric key
  ------------------------------------------
                         Regents' public key
  ------------------------------------------
  translation tables
  ------------------------------------------
                       translation table key
  ------------------------------------------
  translated header | packet payload         . . .
  ------------------------------------------
                                 payload key


Problem Space
  + The problem space is broad

Systems Engineering
  + CPU clock
  + trhansfer rate, latency, size
    + System bus, memory bus, I/O controller, memory, disk drive, tape drive
  + Crypto software, hardware speed
  + Volume management and retrieval
  + Parallelism
    + Round-robin, packet content


What do you do with all the data?  A terabyte is about a broom closet of
tapes.  [really?]  You're always going to be behind the curve in the 
storage game.  Parallelism is necessary to have several vaults to watch
the network and store data while keeping up on it.  How long the data is
kept determines how useful it is and is governed by what the goals of the
vault are.  


Cryptographic Organization
  + Approach is sound
  + DES is weak
    + Rijnael
    + 3DES
    + DESX
  +Crypto hardware


terabyte Storage Technoligies
  + Leverage Moore's law
  + Start small
    + mammoth2 w/ autoloader
    + 12 MB/s (9.6 MB/s), 60 GB/tape, 7 tapes
    + 10 mbps: 2 or 3 tapes/day, every day
  + Design large
    ...

Legal and Regulatory Issues
  + Carrier-transport / ECPA
  + Student information / FERPA
  + Privacy / First amendment
  + Human subject guidelines
  + Ownership / copyright
  + Right to know / FOIA
  + Discovery / evidence
  + Search and seizure / Fourth amendment
  + Civil liability
                [most of this goes away when you change the
                scope from public institution to private]

Evidence Handling
  + Rules for evidence gathering
    + Scene "frozen"
    + Continuity of evidence
      + Authenticated volume contents
      + Second factor might prove useful
    + Auditable procedures
      + Open source
                [the contents of the vault are being signed run 
                two vaults to run in parallel or gather digests]

Any questions?  Visit http://www.citi.umich.edu/ for more info.

[much applause from the gallery]



Rumor & Innuendo (No names, please)

P.S., thanks for getting us out of the cold.





[ Return to the SEMiSLUG minutes page ]