Network Administration Data Lifecycle
Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: Network Administration Data Lifecycle

  1. #1
    Junior Member
    Join Date
    Jul 2005
    Posts
    5

    Network Administration Data Lifecycle

    Hello,
    I am interested in finding out what, in your opinion, is a good average for holding onto network traffic data, specifically internet data history. This question is posed from a school district network using Windows XP. Just curious because a situation requiring an investigation about websites visited is being proposed and I want to have my ducks in a row before the investigation begins...

    thank you in advance...

  2. #2
    AO BOFH: Luser Abuser BModeratorFH gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Well, do you have a Cache Server? I mean, a lot of times, schools are pretty bad at everything. It's pretty funny really, because, they teach people how to become a network admin, yet they don't really use it themselves.

    I've seen schools who don't even have a system set up for this type of thing, and it's just pathetic really. If you want some advice, get yourself a machine that can act as a machine that basically saves history, maybe whack something on the top for it for an interface, and try to save everything for 6 months if you can.

    If you run into problems with getting funding, and you will, save the Cache of every site the people you have to go in front of have ever gone to, find the porn they usually look at, and just black mail them. It's not ethical, but if you want to be ethical, get away from admin work altogether.

    If you for some reason don't find porn with these people who think it's more important to buy new chairs and desks rather than updated books and machines, tell them you could stop "children" from doing this.

    Every time a politician wants to get away with doing something illegal, they use the scared Mommy act and "What about our Children?" and then it works. Every time.

    But to answer your question, basically, you should keep 6 months or more of what people are looking at online. You'll probably have kids whining about privacy but if they aren't using their own computers and their own net connection they don't have any rights anyway.

    I say as long as possible because the way you've worded your message, it seems like something has already happened, and you need a hand in what to do. So basically, the longer you go back and can check stuff, the better.

    You'll need a way to do this though. You're only going to get stupid kids with what Windows XP comes with, the smart ones are going to realize that they can erase the history they leave with a few mouse clicks.
    Kill the lights, let the candles burn behind the pumpkins’ mischievous grins, and let the skeletons dance. For one thing is certain, The Misfits have returned and once again everyday is Halloween.The Misfits FreeBSD
    Cannibal Holocaust
    SuSE Linux
    Slackware Linux

  3. #3
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    Location
    SW MO
    Posts
    1,188
    I work as a sysadmin for a school district. We use a product called Lightspeed Systems. It logs everything. It also correlates ip addresses, time of the incident, and LDAP username. I believe that by default it keeps all of this information for a year. It also provides reports on suspicious/blocked search engine queries, which is a really nice feature. It is not cheap though.
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

    -HST

  4. #4
    Senior Member SnugglesTheBear's Avatar
    Join Date
    Jun 2010
    Posts
    133
    big brother westin is watching you >.<

  5. #5
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    Location
    SW MO
    Posts
    1,188
    heh. What is really funny, is that when I was in high school, I published an anonymous newsletter that detailed several ways to bypass the schools security in different ways, and I had a section in there complaining about how orwellian the school was. I was a definite thorn in our sysadmin's side... and now that is what I do for a living.
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

    -HST

  6. #6
    Senior Member SnugglesTheBear's Avatar
    Join Date
    Jun 2010
    Posts
    133
    security at my highschool was easily bypassed via a proxy or some simple networking. I guess it also helped that one of my good friends was buddy buddy with the system admin, and so for securing their system, we can free access to rampage about the network >.< meh, but that was high school. My college network isn't much more secure though, but that is what you get when you move to a more rural landscape >.<

  7. #7
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    Location
    SW MO
    Posts
    1,188
    Yeah, there weren't many proxy servers when I was in HS. Though you could use a batch file to get to a command prompt, then ping the ip, and use the ip address to get to the site. The content filter was only blocking by domain names.

    Another funny thing that they did was map a network drive over the floppy drive. So if you wanted access to the floppy, you just had to unmap the network drive.
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

    -HST

  8. #8
    Senior Member SnugglesTheBear's Avatar
    Join Date
    Jun 2010
    Posts
    133
    why didn't you just do nslookup instead of ping? hahaha at the mapping. Man the funniest thing I can remember from being in HS was the system admin keeping netbios enbabled so we just used nbtstat to log into each others computers so we could try to frame/embarrass one another. (to show you how geeky I am, I actually know the damn history of the word embarrass >.<) The network admin eventually caught on though :'(

  9. #9
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    Location
    SW MO
    Posts
    1,188
    nslookup would have worked just as well, but I wasn't as familiar with command line then as I am now... ping was a quick and dirty way to convert hostname to ip. It is funny how many ways I figured out how to bypass restrictions that would have, in hindsight, kept me out of a lot of trouble. I think I was kicked off the network more than I was allowed on. More often than not, I would have to have a teacher log me on... though, very early on, I found an access database that contained all of the teachers' usernames and passwords, so I could use that if no one was looking. My senior year, I got caught logging into the school's FTP server with elevated credentials, and that pretty well ended my ability to log on to any computer legitimately. My computer maintenance/networking instructor still gives me crap to this day about that one. She about fell out of her chair when she found out I was a sysadmin at a school district just a few miles away.

    I always figured embarrass had something to do with 'bare *ss'... lol
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

    -HST

  10. #10
    AO BOFH: Luser Abuser BModeratorFH gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Amateurs... I used to add videos to the "Windows Start Up" folders. The teachers had the login "Multimedia" and students logged in with the login like "CIS220" for CIS class 220, and so on, so if you were in room 201 it was "CIS201" and so on.

    So whenever the teacher would come look from complaints on why there was a bunch of porn that loaded when a student logged in, it wouldn't show up when a teacher or admin logged in. Took them a while to figure out.

    That was after my high school days. I got sent to one of those adult ed centers because I got kicked out of school for my grades of all things. Who knew insulting teachers was a soft spot...

    At the Adult Learning Center... The admin was whoever they could get, and they used this crap application for tests which ran on an OLD Mac... This school still had 5 inch floppies in un-opened boxes.... So, basically, it was open season as far as I was concerned.

    I found a way to crash the app so that it would basically load a small window where you could enter values, and so I'd crash the app, and give myself an A, so when the teacher would ask how I got done in 30 seconds, she'd see I'd gotten every question right, and have to write it down and give me an A because policy was whatever that screen showed they had to give...

    I'd take a screen shot of a desktop, and make it the background and get rid of all the icons, install an app that flipped the screen upside down and name it Internet Explorer so I'd sit there while someone behind me would have their screen look like it was flipping out cause "Well it didn't work the first time I'll keep trying"....

    Then I'd sneak up behind the row of desks and unplug keyboards, mice, network, whatever it was, and watch the teacher laugh (They saw me do it and thought it was funny) and sometimes I'd get bored, well, a lot of times I'd get bored, and make the home pages my friend's site that would crash Windows, or I'd open the Network Manager thingy they had installed, which rarely asked for passwords, and shut down net access to a high school a few miles away because my Cousin went to school there and I knew he used his day to download MP3s, so I'd shut them down.

    After the first few Semesters, they actually had a policy that I wasn't allowed in the Computer Lab while the tech was there. Every time he'd show up to fix the machines and stuff, I had to leave the room and sit outside. They literally made me do that. It was stupid.

    They started blocking ALL IRC so no one could chat at school, so I made one with Java and HTML that ran off a floppy disk, and they were starting to watch traffic, so when you'd type a website like sex.com or some crap they'd see it, and so I'd start doing stuff like going to "www.ImOnIRCNow.Com/YouCantStopMe/YourDumb/hahahahahaha.html" or something, and the teacher would get a ping sound on his desktop and get up and look at my screen and get all mad.

    He would walk up behind me and see me on IRC and be like WTF! That's Blocked! Then he'd check the history and see nothing because it was running off a floppy and get more mad. He snapped one day apparently when I wasn't there, and like flipped out and quit. He started screaming he didn't make enough to "Put up with these little bastards" lol.

    I got good at one point at doing stuff with cables while standing there talking to a teacher, and would unplug their machines so the net wouldn't work, and while they were trying to fix that make their machine shut off all net access.

    One teacher like hated me, and one day she asked me "So when are you going to do something useful for once in your life?" Which pissed me off, so when she went to the bathroom I unscrewed the bottom of her chair, and when she came back and sat down, BOOM. She got up and looked around and saw me playing catch with the screws and got mad at me. I was like WTF you insulted the crap out of me so I did something useful....How's the leg? lol.

    She did the same basic thing again one day so I super Glued her windshield Wipers down to the glass so they wouldn't work. I didn't know how well I timed it because it started raining a half hour later lol.

    That was the day I had super glued all the chairs in one area of the class to the carpet they had in there. OMG it was funny! They walked in and all of the tables and chairs in that room in one corner, were super glued down, lol.

    Oddly enough I'd never read BOFH before this, so I guess I just had it in me.

    Probably not as bad as putting match stick head powder in a floppy disk and writing "Exam Answers" on the sticker you could put on floppies... That stuff actually does star a small fire inside the floppy drive!
    Kill the lights, let the candles burn behind the pumpkins’ mischievous grins, and let the skeletons dance. For one thing is certain, The Misfits have returned and once again everyday is Halloween.The Misfits FreeBSD
    Cannibal Holocaust
    SuSE Linux
    Slackware Linux

Similar Threads

  1. Tips
    By XTC46 in forum Site Feedback/Questions/Suggestions
    Replies: 15
    Last Post: August 24th, 2005, 07:52 PM
  2. A look into IDS/Snort part 1 of 3
    By qod in forum The Security Tutorials Forum
    Replies: 18
    Last Post: January 5th, 2004, 01:30 PM
  3. OSI 7 LAYER special
    By Computernerd22 in forum Network Security Discussions
    Replies: 0
    Last Post: July 18th, 2003, 04:36 PM
  4. Network Scanning Policy - Template
    By thehorse13 in forum Network Security Discussions
    Replies: 5
    Last Post: June 1st, 2003, 02:03 AM
  5. C Programming Tutorial-Chapter 2
    By cgkanchi in forum Other Tutorials Forum
    Replies: 7
    Last Post: March 25th, 2002, 07:51 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •