Working with Untangle Firewall

Untangle Firewall is a hardware security solution that provides a robust platform to control and observe network operations. The suite of software includes a firewall, web content blocker, routing capabilities, and many more traffic shaping features. I was interested in trying this out because I was looking for peace of mind regarding home network security. I’m pleased with how my Untangle box has been working so far. In this write-up I briefly explain my experience with different apps included in the software.

The hardware specifications for Untangled version 13 are pretty light for a small home network. The avoid any hassle I tried out a Protectli Vault, fitted with a J1900 processor, 8 GB ram, 120 GB SSD, 4 port Intel NIC for $350 at the time of this writing. It’s a workhorse and perfect for my network of about 8 – 12 devices running. It’s working with a 300/20 connection with constantly redline upload traffic. The CPU has clocked in a 50% under the heaviest load. There is definitely room to scale with this route. If I wanted to get brave I could switch out the 8GB memory stick for 16GB if the board allows it. The SSD swapfile should carry me plenty if things get rough.

Installation can be done using just a USB keyboard. In this case Untangle was loaded from a USB stick into one of the two USB connections on the Vault. Untangle charges different rates for commercial and home users. Off the gate, Untangle comes with a 14-day free trial. After the grace period it’s $50/year for the home version which includes all the “apps”. Once thing I wish it had, though, was a screenshot feature.

 

collage-2017-08-08.png

 

Out of the box; simple and productive. The homepage can be customized to include a plethora of different visualized reports.

Network management took a second to get used to. At first I wanted to get my bearings by googling every session I saw pop up then slowly expanding the network to more devices as I felt more comfortable This led me to some interesting whois websites which provide useful domain data to compare with the built in Untangle resolution. I noted the IPs I didn’t know, using the session viewer in real time, until I had become familiar with the addresses and ranges that services on the network typically use. This type of experience with network behavior lets an administrator quickly view the status of the network by looking at the geographic or other visual representations of data. I feel the at-a-glance data visualization is a key advantage of using Untangle and software like it. I chose to investigate the different apps individually so understanding their functions became easier. At first the amount of information available was overwhelming. The software had a reasonable learning curve so that feeling was short lived.

I apologize for the screenpictures. For this particular instance I wanted to know what the oscp connection was. Google suggested it checks the validity of the certificates installed on the machine. I like the at-a-glance functionality a home screen with contextually selected apps offers. The map tickles my geographic fancy. Sometimes it’s easier to work with spatial data. Glancing at a map and noting the locations of the connections can assist with interpretation on the fly. It would be even better if you could export the state of the dashboard to a static image. Exporting the configuration of the dashboard would be beneficial, too, allowing an administrator the quickly restore the last configuration. I might be missing something, but it doesn’t seem to allow the moving of visualization tiles once they’ve been place on the dashboard. This could be a major inconvenience when reorganizing or grouping visualizations after-the-fact. The geographer in ma

At first it’s easier to misestimate the amount of connections a computer can make in a browsing session. The web page loads, the 10 or so ads and marketing services connect, the DNS is queried. With 3 internet devices browsing the internet and interfacing with media, the amount of sessions can easily reach the hundreds. I worked with each app individually until I felt like I had a solid understanding of the underlying systems. Approaching the software in this manner made it easier to understand at a functional level.

 

800px-1600x1080_apps.png

 

First up was the firewall. Through trial and error, I figured out which connected sessions were important to my computing. This was most critical component I needed security-wise. Being able to see all of the open sessions, in real-time and retroactively, gave me enough data to play with initially to get a hang for the system and understand the routine sessions on my network. The firewall lets you set rules that block traffic, let’s say I own a business and I want to block all traffic that appears to be from Facebook, this would be possible by setting custom firewall rules the block the Facebook domain. In my case I wanted to identify what exactly was going on with the background connections, windows telemetry data, time synchronization efforts, and websessions being kept alive by a browser. I identified the major, constant connections, like the one a cloud migration operation to amazon cloud drive I’m currently running. This allows the administrator to get comfortable with the network and she how it is normally shaped. Along with these connections was a constant odrive connection that was brokering the Amazon Cloud Drive upload. Connections like these that I have accounted for personally were set to bypass the firewall entirely so I could reconfigure the rules without worrying about them being taken offline. The peace of mind this device provides when auditing or preforming network forensics feels priceless.

Untangle includes two web traffic shaping apps; Web Filter and Web Monitor. A few of the apps have “lite” versions (free) and full versions (paid). The application library has a Virus Block Lite and a Virus Blocker. One is the free version and the other is included in the subscription. Untangle developers the lite version and the paid version provide additional protection when run in tandem. They might be using different databases or heuristics to identify threats between the two apps.

Web Monitor is the free app, it allows you to monitor web traffic, its origination, destination, size, associated application, etc. Web Filter is required to shape the traffic. Web filter out of the box comes with several categories of web traffic it blocks. Pornography, malware distributors, known botnets, anonymizing software are all blocked with web filter by default. Several hundred additional categories for web traffic exist to make this selection as precise as an administrator would like. There was one instance where the filter warned me before I was redirected to a malware site while sifting through freeware. This is a necessity for me. The ad blocker, which functions similar to a pi hole, catches the ads before they even make it to the client computer. Normally a user would expect the browser to block ads but that’s not the case with this in-line device. The ability to catch ads over the wire adds an additional line of defense for a traditional browser adblocker.

Intrusion prevention is another app I couldn’t live without. Intrusion prevention systems (IPS) use behavioral and signature analysis to inspect packets as they move across the network. If the signature of a communication or a behavior registers as malicious, the IPS logs and, according to the user-set rules, blocks these attempted misbehaviors. The intrusion detection was quiet while I was messing with it, which is a good sign. There were several UDP portscans and distributed portscans, originating from the Untangle box. These might be functions of the Untangle install or the intrusion detection app scanning the public IP for vulnerabilities but I’m not 100% sure. It could always be a malicious actor over the wire. Whatever the cause, these portscans were the only behaviors the intrusion prevention system picked up.

The question becomes, how thorough do you want to be when setting up rules for the apps. Let’s say a Chromecast is portscanning itself for benevolent reasons, like troubleshooting a connection. Should you allow this? Should you follow the rule of least privilege? Should Chromecast have the ability to recon your network? Security and convenience tend to be mutually exclusive to a certain degree. Knowing what your sweet spot of productivity is will allow better administration of the box.

 

collage-2017-08-09.png

Bandwidth control is something I’m still getting the hang of. One question I have is why the speed I’m getting from the bandwidth monitor app readings and the interface readings seem to be off by a factor of 10. They both seem to be presenting results in the MB/s format. No unit conversion errors detected.

I can’t speak for the banwidth app itself. There are additional apps for bandwidth shaping. WAN balancer makes sure a serving load is balanced across a number of assets. If you were running a server that needs high availability and maximized performance, you would get some use out of the feature. WAN fallover is a feature that activates a backup connection, in the case the primary WAN is unreachable. Again, these features are geared towards users with the need for traffic shaping and high-availability solutions.

There is an app for both IPsec VPN and OpenVPN. I didn’t have a chance to mess around with these. The is a webinar on the IPsec VPN hosted by Untangle on YouTube. I’m curious about the particularities because I’m eager to get this feature operational as soon as possible.

I had an interesting time with the SSL inspector. This app allows you to decrypt HTTPS sessions and intercept traffic before encrypting it again and sending it on its way. Turning this on threw SSL errors on almost all devices in the house. Things like Roku couldn’t connect to YouTube because the certificate chain was incomplete considering the Untangle box was middle-manning the connection. Luckily, it comes with a certificate creator that can serve certificates to client computers so browsers won’t think it’s a malacious redirect.

Transferring the Root certificate around was comically difficult. It couldn’t be transferred on Gmail because of security issues. Those issues might have been because Google thought the attachment was malicious, or that it’s not good OpSec to email root CA installers around, although it was for a client computer. The SSL app is able to generate an installer for Windows machines in additional to the plain cert.

I was able to move it around by putting it on Google Drive. Downloading with Edge threw all sorts of bells and whistles. At first SmartScreen said it didn’t recognize the file and threw the “are you sure you want to download” prompt? Then the warning that “this file could harm you computer” from the browser. Then Kaspersky prompted about the file. Finally, UAC was triggered. This is all in good measure, installing bogus certs on computers this way can be compromising.

SSL inspector needed to be turned off while this configuration was being done. The internet was unusable with browsers like Edge with SmartScreen because of the certificate errors. MAC addresses for devices with hardcoded certs bypassed the SSL inspector all together so they wouldn’t throw errors.

 

stuntsec_ca.png

 

SSL inspector needed to be turned off while this configuration was being done. The internet was practically unusable if the correct certs aren’t installed on the network devices.

Captive Portal and the Brand Manager apps were nice touches to include. These were probably the most fun I had playing around with. The branding manager allows you to provide stock logos that replace the default Untangle logo in the software. I designed a mockup logo for fun and really enjoyed how thorough this functionality was.

The captive portal seems to function in a similar way as the SSL inspector, though I think it uses a different certificate because it throws certificate errors on machines with the SSL inspector cert installed. The captive portal page can include your brand manager content and display and solicit agreement to a terms of service, offer the option to download the certificate and or the installer, log a user in, and brokers a number of other useful functions. Very cool if you’re trying to administer web usage.

 

Stuntman Security 2.png

 

Web Cache is something you want to consider if you’ve got the resources for it. A web cache monitors traffic and puts frequently visited elements in a cache that it can serve locally. If I’m logging on facebook every day, it’s easier, and arguably safer to store the “Facebook” logo locally and serving the local copy instead of asking the website for it. The Web Cache presents a lucrative target for attackers but luckily keeping tabs on its operation with the Untangle reporting system is easy.

There are the features that you would expect to see in home security software. Untangle’s advantage is catching threats over the wire, theoretically before they hit the client box. The complete package includes the two virus scanning apps, the Phish Blocker which I assume is some kind of DNS functionality to check URLs for malpractice. There are the two spam blocker apps which I believe work with some cloud threat database. These tools provide the same functionality as a security suite for your desktop. If you start seeing unusual malware activity you can leverage the firewall against it to really turn up the heat.

In addition to the virus and malware protection, an ad blocker is included. Like the advantage above, Untangle sees the advertising domains and blocks them before they hit the boxes behind it. I know for certain the ad blocker has been busy on my box.

Active Directory is available to further expand your capability on the local network. I didn’t have a chance to mess around with it. Most home networks don’t have active directory services running but some power users out they should get a kick out of it. I played around with policy manager for a bit. It’s useful if you want to run SSL on one group of devices and ignore others, like streaming devices. Essentially each policy runs its own set of apps and generates its own reports. Very useful for compartmentalizing your network.

A lot of the Untangle apps demand more resources as you connect more devices to the network. You need to be conscious of the box running Untangle and how scalable it is. If you’re running a Web Cache for 100 users, the resources required to manage it scales exponentially from 10 useers depending on their workflow. SSL inspector can be a problem if resources are limited while the workload increases. Intrusion detection is another relative resource hog.

I learned about DHCP and routing the hard way, which is always to most effective way. I realized I wasn’t resolving hostnames from devices that were connected to the router. A router, typically by default, sends all information upstream from one IP address. This function is twofold, first it’s because there aren’t enough IPv4 addresses to be issued to every device, and secondly, it’s safer to have the router acting as a firewall so each home device doesn’t directly face the internet.

By changing the wireless router that was behind the Untangle box to “access point” mode, it quickly differed this DHCP serving to the Untangle box. Untangle was then able to resolve the hostname for each device connected to the wifi. This allows for fine tuning of access rules and traffic shaping.

The remote functionality is robust and well-supported. Access can be tailored to the user. Users that only need access to reports are safety granted this access without enabling access to system settings. Multiple boxes can be administered from a single interface. Phone administration is possible through the browser. HTTP administration most be allowed from the client box to allow configuration on a client.

The reports app, though more of a service, is probably the most important app in the box. Reports act as the liaison between the administrator and the Untangle utilities. Graph are easily generated and data is visualized so it can be easily digested on the fly. Reports can be stored on the box for up to 365 days. You will have to account for the resource usage of maintaining this database. Reports can automatically be sent to your email inbox at an interval of your choosing. This report contains much of the top level information about the box’s performance, allow remote administration to be conducted confidently and quickly.

The configuration for each untangle install can be backed up with the Configuration Backup app. It has built in Google Drive functionality and can send and restore from the cloud, eliminating the need for panic if a box becomes physically compromised. Another scenario for this functionality would be sending a configuration template to new boxes. After installation of a new box, you would just need to select the loadout from Google Drive and hours of possible configuration could be avoided. The same backup functionality is available for reports. So essentially, if a box burns up, you just have to replace the hardware and it’s back off to the races thanks to the automated backups.

I had a great time messing around with this software. I’m very pleased with the hardware purchase. The all-in-one computer plus a year’s subscription to Untangle at home was $400. I’m enjoying it so much I’m considering a second box that I can administrate remotely. The opportunity definitely provided me a peace of mind that application solutions couldn’t. Hopefully in the future I can use some of the data for geographic projects. I’ve already started messing around with projecting some geographic data in ArcMap. Here’s to hoping for more positive experiences working with the Untangle box.

Listr – Automatic List Creation for Bash

Bash scripting is a feature of many Linux distributions. This built in scripting language allows programmers to get behind the scenes with their Linux distributions and automate repetitive or complex tasks.

I’m nostalgic over the old school feel of dialogue-based menus. I personally love a terminal program that uses lists to execute operations. Building lists in Bash can be tedious. One of the more meta applications of scripting include making scripts that write other scripts. These kinds of devoloper operations help cut costs and make work more effective with minimal effort in the future.

03.png

This is the second bash script I’ve ever written. I’m by no means a professional programmer. Some of the features are unfinished. Listr is still a work in progress. This is a learning experience for me, both in writing code and documenting its functionality. Any constructive criticism is welcome.


#!/bin/bash
##listr - automated list creation
##Josh Dean
##2017

##listr
idt=" " ##ident
flowvar=0
activedir=$testdir

##menu_main_cfg
mm1="Setup Wizard"
mm2="Directory Options"
mm3="Number of Options"
mm4=

unset inc
unset list_name
unset current_dir
unset previous_dir
echo "listr - Automated Menu Building"
echo

function menu_main {
##possible to unset all variables?
previous_dir=$current_dir
current_dir=$list_funcname
menu_main_opt=("$mm1" "$mm2" "$mm3" "$mm4" "Quit")
echo "Main Menu"
select opt in "${menu_main_opt[@]}"
do
echo
case $opt in
 ##setup wizard
 "$mm1")
 setup_wizard
 ;;
 ##Directory Options
 "$mm2")
 menu_dir_opts
 ;;
 ##How many options
 "$mm3")
 list_opts
 ;;
 ##
 "$mm4")
 echo "$mm4"
 placehold $srvr
 changeoperation $srvr server "$mm5" srvr
 ;;
 "Quit")
 exit
 ;;
 *) echo invalid option;;
 esac
 echo
 menu_main
 done
}

function list_header {
 echo "Exclude standalone header and footer? (y/n)"
 read ans
 if [ $ans = "y" ]; then
 :
 else
 flow_var=1
 dup_check
 echo "#!/bin/bash" >> $opdir
 echo >> $opdir
 fi
 echo "##$list_name" >> $opdir
 echo "##$list_name" config"" >> $opdir
}

function list_name {
 echo "Enter list name:"
 read list_name
 list_name=${list_name// /_}
 echo "Name set to:"
 echo $list_name
 update_opdir
 list_funcname="menu_""$list_name"
}

function list_opts {
echo "How many options in list?"
opt_num_int_chk
echo
echo "Creating list with $list_opts_num" "options:"
unset list_name_opt
for ((i=1;i<=$list_opts_num;++i)) do
 echo "Option $i:"
 read opt
 echo "$list_name$i=\"$opt\"" >> $opdir
 list_name_opt+=($list_name$i)
done
echo
echo "Include back option? (y/n)"
read ans
if [ $ans = "y" ]; then
 list_name_opt+=("Back")
fi
echo "Include quit option? (y/n)"
read ans
if [ $ans = "y" ]; then
 list_name_opt+=("Quit")
fi
}

function opt_num_int_chk {
read list_opts_num
if ! [[ "$list_opts_num" =~ ^[0-9]+$ ]]; then
 echo "Please enter an integer"
 list_opts
fi
}

function list_array {
echo echo >> $opdir
echo "function "$list_funcname" {" >> $opdir
echo "previous_dir=""$""current_dir" >> $opdir
echo "current_dir=$""$list_funcname" >> $opdir
echo "Enter menu title:"
read menu_title
echo "echo "\"$menu_title\" >> $opdir
echo -n $list_name"_opt" >> $opdir
echo -n "=" >> $opdir
echo -n "(" >> $opdir
tmp=0
for i in ${list_name_opt[@]}; do ##might need another $ for list_name

 if [ "$i" = "Back" ]; then
 echo -n " "\"$i\" >> $opdir
 elif [ "$i" = "Quit" ]; then
 echo -n " "\"$i\" >> $opdir
 else
 if [ "$tmp" -gt "0" ]; then
 echo -n " "\""$"$i\" >> $opdir
 else
 echo -n \""$"$i\" >> $opdir
 tmp=1
 fi
 fi
done
echo ")" >> $opdir
}

function nested_prompt {
echo "Will this list be nested? (y/n)"
read ans
if [ $ans = "y" ]; then
 echo "Name of parent list?:"
 read previous_dir
fi
}

function list_select {
echo "select opt in ""\"""$"{$list_name"_opt[@]"}\""" >> $opdir
echo do >> $opdir
echo "case ""$""opt in" >> $opdir
for i in ${list_name_opt[@]}; do ##might need another $ for list_name
 echo "$idt##"$i >> $opdir
 if [ "$i" = "Back" ]; then
 echo "$idt"\"$i\"")""" >> $opdir
 echo "$idt$idt""$previous_dir" >> $opdir ##need function call
 elif [ "$i" = "Quit" ]; then
 echo "$idt"\"$i\"")""" >> $opdir
 echo "$idt$idt""break" >> $opdir ##need part message
 else
 echo "$idt"\""$"$i\"")""" >> $opdir
 echo echo >> $opdir
 echo "$idt$idt""$i""_func" >> $opdir

 fi
 echo "$idt$idt"";;" >> $opdir
done
echo "$idt""*)" >> $opdir
echo "$idt$idt""echo invalid option;;" >> $opdir
echo "esac" >> $opdir
echo "echo" >>$opdir
echo $current_dir >> $opdir
echo "done" >> $opdir
echo "}" >> $opdir
for i in ${list_name_opt[@]}; do
 if [ "$i" = "Back" ]; then
 :
 elif [ "$i" = "Quit" ]; then
 :
 else
 echo "##$i" >> $opdir
 echo "function ""$i""_func"" {" >> $opdir
 echo "echo ""$""$i" >> $opdir
 echo "echo ""\"This is placeholder text\"" >> $opdir
 echo "}" >> $opdir
 fi
done
if [ $flow_var -gt "0" ]; then
 echo >> $opdir
 echo "##flow" >> $opdir
 echo $list_funcname >> $opdir
 flow_var=0
fi
echo "Output written to $opdir"
echo
echo "Create another list?"
read ans
if [ $ans = "y" ]; then
 list_name_opt+=("Quit")
fi
}

function update_opdir {
opdir="$activedir""/""listr_""$list_name""$inc"
}

function current_opdir {
echo "Operational directory set to $opdir"
}

function update_testdir {
read testdir
}

function update_workdir {
read workdir
}

function current_test_dir {
echo "Test directory set to $testdir"
}

function current_work_dir {
echo "Working directory set to $workdir"
}

function dir_query {
current_test_dir
current_work_dir
current_opdir
}

function check_dirs {
if [ -z "$testdir" ]; then
 echo "The test directory is not set. Set it now."
 update_testdir
fi
current_test_dir
if [ -z "$workdir" ]; then
 echo "The working directory is not set. Set it now."
 update_workdir
fi
current_work_dir
update_opdir
if [ $opdir = "listr_" ]; then
 echo "Operating Path incorrect. Select active directory."
 echo "placeholder for menu"
fi
echo "Operating path set to $opdir""$""list_name"
}

function dup_check {
if [ -a $opdir ]; then
 echo "Do you want to overwrite existing file: $opdir? (y/n)"
 read ans
 if [ $ans = "y" ]; then
 rm $opdir
 else
 echo "Append output to $opdir? (y/n)"
 read ans
 if [ $ans = "y" ]; then
 :
 else
 echo "Use incremental numbering to reconcile with existing file(s)? (y/n)"
 read ans
 if [ $ans = "y" ]; then
 dup_rec
 else
 dup_check
 fi
 fi
 fi
fi
}

function dup_rec {
if [[ -e $opdir ]]; then
 i=1 ##might need to use different variable
 while [[ -e $opdir-$i ]]; do
 let i++
 done
 inc="-$i"
 update_opdir
 echo
 current_opdir
fi
}

function setup_wizard {
echo "$mm1"
list_name
echo
list_header
echo
nested_prompt
echo
list_opts
list_array
echo
list_select
}

##dir_opts
##dir_opts config
dir_opts1="Display Current Paths"
dir_opts2="Set Working Directory"
dir_opts3="Set Test Directory"
dir_opts4="Toggle Active Directory"
dir_opts5="Unset All Directory Variables"

function menu_dir_opts {
dir_opts_opt=("$dir_opts1" "$dir_opts2" "$dir_opts3" "$dir_opts4" "$dir_opts5" "Back" "Quit")
echo "Directory Options"
select opt in "${dir_opts_opt[@]}"
do
case $opt in
 ##dir_opts1
 "$dir_opts1")
 echo
 dir_opts1_func
 ;;
 ##dir_opts2
 "$dir_opts2")
 echo
 dir_opts2_func
 ;;
 ##dir_opts3
 "$dir_opts3")
 echo
 dir_opts3_func
 ;;
 ##dir_opts4
 "$dir_opts4")
 echo
 dir_opts4_func
 ;;
 ##dir_opts5
 "$dir_opts5")
 echo
 dir_opts5_func
 ;;
 ##Back
 "Back")
 menu_main
 ;;
 ##Quit
 "Quit")
 exit
 ;;
 *)
 echo invalid option;;
esac
echo
menu_dir_opts
done
}

function dir_opts1_func {
echo $dir_opts1
dir_query
}

function dir_opts2_func {
echo $dir_opts2
update_workdir
current_work_dir
}

function dir_opts3_func {
echo $dir_opts3
update_testdir
current_test_dir
}

function dir_opts4_func {
echo $dir_opts4
menu_dir_toggle
}

function dir_opts5_func {
echo $dir_opts5
unset workdir
unset testdir
unset activedir
unset

}

##dir_toggle
##dir_toggle config
dir_toggle1="Use Working Directory"
dir_toggle2="Use Test Directory"

function menu_dir_toggle {
dir_toggle_opt=("$dir_toggle1" "$dir_toggle2" "Back" "Quit")
select opt in "${dir_toggle_opt[@]}"
do
case $opt in
 ##Use Working Directory
 "$dir_toggle1")
 echo
 dir_toggle1_func
 ;;
 ##Use Test Directory
 "$dir_toggle2")
 echo
 dir_toggle2_func
 ;;
 ##Back
 "Back")
 menu_dir_opts
 ;;
 ##Quit
 "Quit")
 exit
 ;;
 *)
 echo invalid option;;
esac
update_opdir
echo "Current operational directory:"
current_opdir
echo
echo $current_dir
done
}

function dir_toggle1_func {
echo $dir_toggle1
activedir=$workdir
}

function dir_toggle2_func {
echo $dir_toggle2
activedir=$workdir
}

##flow
check_dirs
echo
menu_main

My systems administration philosophy is that everythihng should be automated. Nothing should be too sacred to automate. In this way I’m a windfall for employers. My first objective is always automating my own objectives.

The script is called listr and it queries the user about what kind of lists need to be created and writes them into a text file so they can be implemented in other scripts. The solution is editable and scableable, allowing the users the easily edit lists that have been written with listr. This is the second “major” script I’ve written and I’m enjoying the logical predictability programming offers. If you put garbage into a program you get garbage out, reliably, everytime. If you’re logically consistent with the syntax you can do anything.

The final product is a program that can be transferred across Linux platforms to create lists on the fly. Let’s take a look at the code one line at a time.

Once the program was functional I was able to continue writing the additional features. This is congruent with the end goal: Efficiency and functionality.

Let’s take a quick look at the program in action. The program is a command line application so we launch it straight from the Bash console using the source command. This reads the script and runs it.
Since this is a first run, we’ll have to set the test and working directories. Listr can use two directories, “test” and “working”. These could be renamed to anything. The purpose of this functionality is to be able to work in two seperate directories if there’s a need to seperate the output.

01.png

We’ll set the demo test and working directories to a demo folder. Since setting these variables depends on a first run, once they’re set the program will launch into the main menu on subsequent uses. Upon subsequent runs, the working directory, test directory, and the selected operating path will be stated.
The main menu consists of 3 options, an additional placeholder option for additional features in the future, and a quit option that terminates the program.
Entering a number brings up the corresponding submenu. Let’s take a look at the setup wizard. This walks through the list creation process, legibly formats the code, and exports it to the operating directory.
The setup wizard begins by asking the user for a list name. For this example we’ll enter “Greetings”. Next, the process asks whether this lists needs to exclude a standalone header or footer. If the list is being appended to another program, a header and footer is not needed. For this example, we’ll run the list as a standalone program and choose to include these features.
Next we’re prompted to specify whether the list will be nested or not. This affects the back button. In this instance we are not.
The next step, we specify how many options will be included in the menu. In this case we’ll use 4. Next we’ll input each of the options in the menu. For our “Greetings” example, we’ll input four different greetings.
The next two prompts ask the user if they’d like to include a “Back” and “Quit” option. Since our example isn’t nested, we’ll only include the “Quit” option.]
After the navigation options, we’re prompted for a menu title. We’ll keep it simple and just name it “greeting”.

05.png
At this point our list has been created and exported to the operating directory. The user is then asked if they’d like to create another list. The process is repeatable as many times as necessary.

07.png
Let’s take look at the list listr has just created.
The bash header is included because we choose to include standalone headers. The program is ready to run out of the box (almost).
Comments are automatically written to make the code more legible. The configuration menu is provided at the top. By changing the options here, the menu can be tweaked without retooling the whole program. The Greetings_opt array will need to include any new entries, as well as the actual options in the menu. I some situations it would be faster to run the setup wizard and create another menu.
Excuse the excessive echoes that have been written to the file. This seems to be a configuration error on the terminal I’m using. The program still has a fair share of bugs. I thought it would be important to publish this as soon as possible to get experience documenting a program.
The menu function is automatically defined, named, and implemented.
The previous_dir and current_dir variables are a work in progress. The intention is to make the menu titles and back button easier to automate and implement.
The menu itself is formatted out of the box.
For easier editing, the menu options call their associated functions which are written below the menu function. Out of the box, the options have placeholder text assigned to them. For our greetings example, let’s change each one to the representative greetings. This is simple enough, requiring changes to 4 lines of the scripts in this example.
At the bottom, commented under “flow” is the original function call. This is included because we chose standalone header and footers. All the above functions are just definitions. This is the actual bit the begins the program. I’m not sure what the formal name for this part of the program would be. Excuse my lexicon if it’s wildly incorrect.
Let’s run our greeting scripts and see how it turned out.
Works like a charm! This list is ready to run as a standalone program or be implemented into another program (without the headers and footers).

12.png

Alongside the setup wizard in the listr main menu are a few additional directory options if you want to change directories after the first run or toggle between the working and test directory. This is still a work in progress.
The future plan for listr might include writing individual components of the list (just the header, just the config, just the options, etc.).
I hope someone can find use for this program. I had a great time writing it. I learned a lot about automating the writing text to files and formatting an export in the syntax of the scripting language. Here’s to hoping for more successful scripting in the future.

 

Below is the greeting menu listr created in this example. Again, please excuse the excess echoes.


#!/bin/bash

##Greetings
##Greetings config
Greetings1="Hello"
Greetings2="Good Morning"
Greetings3="Good Evening"
Greetings4="Sup"
echo
function menu_Greetings {
previous_dir=$current_dir
current_dir=$menu_Greetings
echo "greeting"
Greetings_opt=("$Greetings1" "$Greetings2" "$Greetings3" "$Greetings4" "Quit")
select opt in "${Greetings_opt[@]}"
do
case $opt in
##Greetings1
"$Greetings1")
echo
Greetings1_func
;;
##Greetings2
"$Greetings2")
echo
Greetings2_func
;;
##Greetings3
"$Greetings3")
echo
Greetings3_func
;;
##Greetings4
"$Greetings4")
echo
Greetings4_func
;;
##Quit
"Quit")
break
;;
*)
echo invalid option;;
esac
echo
menu_Greetings
done
}
##Greetings1
function Greetings1_func {
echo $Greetings1
echo "Hello!"
}
##Greetings2
function Greetings2_func {
echo $Greetings2
echo "Good morning!"
}
##Greetings3
function Greetings3_func {
echo $Greetings3
echo "Good evening!"
}
##Greetings4
function Greetings4_func {
echo $Greetings4
echo "Sup, dude!"
}

##flow
menu_Greetings

 

Mapping Malicious Access Attempts

Data provides an illuminating light in the dark in the world of network security. When considering computer forensics assessments, the more data available, the better. The difference between being clueless and having a handle on a situation may depend on one critical datapoint that an administrator may or may not have. When data metrics that accompany malicious activity are missing, performing proper forensics of the situation becomes exponentially more difficult.

Operating a media server in the cloud has taught me a lot about the use and operation of internet facing devices. This is provided by a 3rd party who leases servers in a data center. This machine runs Lubuntu, a distribution of Linux. While I’m not in direct control of the network this server is operating on, I do have a lot of leeway in what data can be collected since it is “internet facing” meaning it connects directly to the WAN, allowing it to be be interacted with as if it was a standalone server.

If you’ve ever managed an internet facing service you’ll be immediately familiar with the amount of attacks targeted at your machine, seemingly out of the blue. These aren’t always manual attempts to gain access or disrupt services. These attempts are normally automated and persistent, meaning someone only has to designate a target and the botnets and other malicious actors, tasked with the heavy lifting, begin a persistent threat, an attack that is capable of operating on its own, persistently, without human interaction.

While learning to operate the server, I found myself face to face with a number of malicious attacks directed at my IP address seeking to brute force the root password in order to establish an SSH connection on the server. This would essentially be an attacker gaining complete control of the server and a strong password is the only thing sanding between the vicious world of the internet and the controlled environment of the server. This list provided a number of IP addresses which, like any good geographer, I was eager to put the data on a map to spatially analyze what part of the world these attacks were coming from to glean some information on who and why these actors were targeting my media server, an entity with little to no tangible value beyond the equipment itself.

Screenshot_20170527-000900

This log of unauthorized access attempts can be found in many mainstream Linux distributions in the /var/log/auth.log folder and by using the following bash command in the terminal it is possible to count how many malicious attempts were made by which unique IP and rank them by count.

grep "Failed password for" /var/log/auth.log | grep -Po "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+" \ | sort | uniq -c

Running
this command will allow a system administrator to quickly see which
IP addresses failed to authenticate and how how many times they
failed to do so.

Parsing operations like this allow system administrators to quickly see which IP address failed to authenticate and how many times they failed to do so. This is part of the steps that turn raw data into actionable knowledge. By turning this raw data into interpretable data we actively transforming it’s interpretability and by result its usability.

This list is easily exported to an excel spreadsheet where the IPs can be georeferenced using other sources like abuseipdb.com. Using this service I was able to link each IP address and the number of the access attempts to the geographic location associated with it at the municipal, state, and national level.

After assigning each IP address a count and a geographic location I was ready to put the data on map. Looking over the excel spreadsheet showed some obvious trends out of the gate. China seems to be a majority of the access attempts. I decided to create 3 maps. The first would be based on the city the attack originated from and a surrounding, graduated symbology that expressed the number of attacks that originated from the data point. These would allow me to see at-a-glance where the majority of the attacks globally and spatially originated.

The first map was going to be tricky. Since the georeferecing built-in to ArcMap requires a subscription to the Arc Online service to use, I decided to parse my own data. I grouped all these entries and consolidated them by city. Then went through and manually entered the coordinates for each one. This is something I’d like to find an easier solution for in the future. When working with coordinates, it’s also important to use matching coordinate systems for all features in ArcMap to avoid geographic inaccuracies.

map2b

Full resolution – http://i.imgur.com/sY0c7IJ.jpg

Something I’d like to get better at is reconciling the graduated symbology between the editing frame and the data frame. Sometimes size inacuracies can throw off the visualization of the data. This is important to consider when working with graduated symbology, like in this case, where the larger symbols are limited to 100 pts.

The second map included just countries of origination, disregarding the cities metric. This choropleth map was quick to create, requiring just a few tweaks in the spreadsheet. This would provide a quick and concise visualization of the geographic national origins of these attacks in a visually interpretable format. This would be appropriate where just including cities in the metric would be too noisy for the reader.

The following is a graphical representation of the unauthorized access attempts on a media server hosting in the cloud with the IPs resolved to the country of origin. Of the roughly 53,000 access attempts between May 15 and May 17, over 50,000 originated from China.

To represent this chloropleth map I saved the data into a .csv file and imported it into ArcMap. Then came the georeferencing. This was easily done with a join operation with a basemap that lists all the countries. The blank map shapefile was added twice. One for the join and one for that background. During the join operation I removed all the countries I didn’t have a count for. Then I sent this layer to the top layer so all the colorless empty countries would appear behind the countries with data. This is one thing I continue to love and be fascinated with about ArcMap, the number of ways to accomplish a task. You could use a different methodology for every task and find a new approach each time.

map3

Full resolution – http://i.imgur.com/XyqOexM.png

I decided the last map should be the states in China to better represent where attacks were coming from in this area of the world. The data was already assembled so I sorted the excel spreadsheet by the country column and created a new sheet with just the Chinese entries. I was able to refer to the GIS database at Harvard which I wrote about in an earlier article concerning the ChinaX MOOC they offered. This was reassuring considering my familiarity with the source. The excel spreadsheet was then consolidated and a quick join operation to the newly downloaded shapefile is all it took to display the data. A choropleth map would be appropriate for this presentation. I had to double check all the state names to make sure there were no new major provincial changes had been missed by the dataset considering the shapefile was from 1997.

map4

Full resolution – http://i.imgur.com/ZhJpHLM.png

While the data might suggest that the source of the threats are originating from China, the entities with a low number of connections might be the most dangerous. If someone attempts to connect 1 time, they might have a password that they retrieved the means of a Trojan horse or a password leaks. These are the entities that may be worth investigating. All these entries were listed in the abuseipdb database so they all had malicious associations. While these threats aren’t persistent in that they are automated, they might suggest an advanced threat or threat actor.

Some of the data retrieval might be geographically inaccurate. While georeferencing IP addresses has come a long way, it’s still not an entirely empirical solution. Some extra effort might be required to make sure the data is as accurate as possible.

How does this data help? I can turn around and take the most incessant threats and blacklist them on the firewall so they’ll be unable to even attempt to log in. Using this methodology I can begin to create a blacklist of malicious IPs that I can continue building upon in the future. This allows me to geographically create a network of IPs that might be associated with a malicious entity.

The Internet can be a dangerous place, especially for internet facing devices that aren’t protected by a router or other firewall enabled devices. Nothing is impossible to mitigate and understand for a system administrator that is armed with the correct data. The epistemological  beauty of geography is the interdisciplinary applications that can be made with almost anything. Even something is insignificant as failed access attempts can be used to paint a data-rich picture.

WannaCry/Wanacrypt0r/Wcry Worm: The Origin Story

Today, May 12, 2017, a massive ransomware attack was detected affecting unpatched Windows machines via a previously NSA exlusive SMB exploit. This attack uses several leaked tools combined with an a ransomware component. The attack seeks to infect as many unpatched Windows systems as possible and maliciously encrypt their systems for profit. The attack is being called several names, WannaCry, Wanacrypt0r 2.0, Wcry, Wanacrypt, Wanacrypt0r 2.0, and Wana Decryp0r.

unnamed

In April 2017 a group calling themselves “The Shadow Brokers” leaked several tools that belonged the United State’s National Security Agency’s computer compromisation capability. Among these tools was an exploit called EternalBlue. EternalBlue is, or was, a 0day exploit involving all distributions of Windows from XP to Windows 10. EternalBlue relied on a vulnerability in the SMB (server message block) component of Windows systems and used this vector to gain access to the systems. It is believed the NSA enjoyed almost exclusive access to this exploit for years, which it likely used to compromise its targets. SMB is normally used for network file sharing activity.

The exploit was disclosed in February 2017 by security researcher

What is being called version 1.0 of the wcry ransomware component of the attack was detected in Feburary by Malwarebytes developer, S!Ri. This attack is being called version 2.0 of the Wanacrytp0r methodology and is spreading like wildfire thanks to the retooled vector using the EternalBlue exploit.

Six weeks later on March 14, 2017, Microsoft included a patch for the SMB exploit when rolling out patches for Windows systems. Anyone who has yet to patch their system is exploitable by this virus. This includes internet facing end-of-life software like Windows XP. Attackers are targeting users with unpatched systems with the EternalBlue exploit and are rumored to be using another component of the Shadow Brokers’ leak, DoublePulsar, to drop the malware onto vulnerable systems.

The geography of the attacks are very diverse, affecting people, businesses, and infrastructure all over the world. With the majority of the infections so far in Russia. Since the attack relies on a ransom message to extort bitcoins from infected users, the legibility of the ransom message is critical. The malware authors have thought ahead, as the ransomware supports more than 2 dozen languages, increasing the linguistic scope and capability of the attack. Reportedly the malware has been spotted in 74 different countries. 

WannaCrypt.png

This map shows Wanacrypt0r 2.0 infections in real time. 

In Spain, the malware has successfully infected several industrial and infrastructure providers: Telefonica, a telecommunications prociders, Gas natural, a natural gas supplier, and the utilities company Iberdrola.

In the UK the NHS and several other healthcare providers have been successfully infected by the malware.

The most effective way to protect yourself from this attack and others like it is to keep your Windows systems up to date. All the systems affected by this attack have failed to keep their systems updated. This is a cardinal sin of systems administration and it is surprising to see targets like hospitals and utility companies buckling under these easily preventable attacks.

This also brings the ethical question of the developers of these tools. Who is ultimately responsible for this attack? Is the NSA responsible because they created the tools? Are the Shadow Brokers responsible for leaking them into the wild? Is Microsoft responsible for not detecting and patching this vulnerabilities for years?

And remember, never pay the ransom if you happen to be infected! This is computing equivalent of negotiating with terrorists!

Massive Open Online Courses Could Be Massively Game Changing

Introduction

“Education is the most powerful weapon which you can use to change the world”. Nelson Mandela said it best when he exclaimed the importance of education in modern society. In the eternal struggle against poverty, melancholia, social engineering, and anything that hampers the unbridled pursuits of human curiosity, education is the cornerstone of progress.

MOOCs 1

 

MOOCs are a relatively new innovation. They have the potential to turn the education industry on its head and redefine how we impart knowledge from generation to generation. The acronym “MOOC” is broken down into 3 concepts that separate MOOCs from traditional education. The “Massive” component refers to the broad scope of classes that MOOCs provide. Several thousands of students can be taught by an unusually small number of facilitators, sometimes only one. This is the mass-consumption model for education, moving as many students through the course as possible. The largest single MOOC course is an English language learning course that has over 440,000 students enrolled in a single course from over 150 countries. The reason why these courses can grow to such size is partly due to the “Open” component of the MOOC model. This refers to the nontraditional enrollment process; no prerequisites, no application process, no geographic or age restrictions. This openness brings education to more people than ever before, and if you subscribe to the philosophical thought that education is a human right, this massive openness is an extremely altruistic undertaking, aimed at bettering and empowering populations all across the globe. The “Online” component of the MOOC acronym refers to the medium of communication. The communications revolution that was spearheaded by the mass-adoption of the internet has managed to incorporate itself into many facets of modern day life.  It is only a matter of time before education is modulated to adhere to these new technologies. MOOCs, by offering courses online, seek to bring education to students that would traditionally be unable to access education, whether they are from areas of the world that don’t have local academic instructions, or they have schedules that don’t allow them the time to access educational facilities in a traditional manner.

Examples of popular MOOC platforms that have already been deployed are EDx, Duolingo, Acumen, Udacity, Khan Academy, MIT Open Courseware, and, the most popular with over 7 million students, Coursera. MOOCs began to see adoption in the mainstream when platforms like Blackboard, Moodle, and Canvas were employed by traditional academic institutions to supplement on-campus education goals. MOOCs started to become popular in the non-academic sphere online around 2011 when several of the examples above began to roll out there presence online.

MOOCs 3

Purpose Statement

We live a world of exponentially improving technologies. Many facets of life benefit from the steady march of technological innovation. Innovations such as the internet and smartphones have changed, and continue to change, the ways we communicate and interact with changing the way we understand diseases and the full potential of the human body and mind. Innovations in warfare are changing the way power is projected and conflicts are fought. In this world of seeming limitless applications of technology, where are the ground-breaking innovations and technological applications in education?

We’ve seen the importance of education change in the past few decades, with the philosophy that the more educated a population is, the more successful the community as a whole will be. With a new sense of urgency, efforts to make undergraduate and other forms of post-secondary education available to the general population have been rolled out around the world. This is an admiral position and we see the advent of online education provide opportunities that allow nontraditional form of education to reach areas and demographics who once existed beyond its scope. This is arguably a move in the right direction considering the application of new technologies, like the internet, to proliferate education and opportunity.

MOOCs, are the next logical step in furthering education. These MOOCs, by allowing more students the opportunity to access educational material despite their economic, geographic, or education circumstances are pushing the educational envelope by suggesting the creation of a global population that is able to pursue whatever their educational ambitions may be. These courses are open for anyone to enroll, alleviating the need for costly prerequisites and traditional academic restrictions. This “open” element of the MOOC model attempts to reach people that would traditionally not have been able to access education. The “massive” element of the MOOC allows resources to be shared with more students, providing a similar level of education for a fraction of the cost. Online classes are nothing new. Traditional colleges and other post-secondary institutions have offered them for over a decade to supplement a traditionally academic experience. The “online” element furthers the availability to those regardless of their proximity or association with a university. Using the power of “mass-education”, these courses offer content that would traditionally cost a student thousands of dollars and drive them into debt — currently, there is over $1.2 trillion in outstanding student loan debt in the United States. Addressing this quickly inflating burden on an academically hungry society should be at the forefront of any research on fundamental education reform. The alleviation of the financial barrier would allow more people to pursue education who would traditionally not have been able to participate.

The MOOC model attempts to compartmentalize the current model of education into self-paced segments, allowing students to use resources like pre-recorded lectures to get exposed to course content outside of traditional hours of education. This opens the doors to working individuals, those with obligations during the day, night owls, adults with children, and other nontraditional students. The online-only reach of MOOCs removes students from the physical campus that accompanies the understanding of a contemporary, traditional college experience. This traditional college experience is a huge financial element for traditional educational facilities. Online courses alleviate the need for on-campus housing due to students being able to access the content despite whatever spatially strenuous elements are presented. With students physically removed from a campus, the need to provide services and amenities is reduced. The language element is also worth considering. Currently only 12% of MOOCs are offered in a language other than English, offering an opportunity for expansion in a multifaceted linguistic approach. These language barriers pose a unique problem to expanding the scope of the “open” component of the MOOC system.

Any attempt to fundamentally change the education system will be slow and arduous. As a country that leads in educational institutions and educationally exports, the United States stands to see a large portion of money and funding switch hands if the education system is ever reorganized. This type of financial reallocation is bound to upset the powers that be A lot of change will accompany the switch between physical campuses and the online realm. Arguments will be made for the benefits and complications of switching between physical campuses and online campuses that the MOOC concept tries to sell. Mitigating the changes that are beneficial to the current working theory of how education should be provided are the main focus. Introducing ways which education might be improved through this new medium is the secondary focus.

MOOCs 2

Potential problems

These new innovations come with their own unique challenges that will need to be addressed in order for the MOOC model to succeed and provide the best possible experience for students. Arguably the online communication inherent in MOOCs, the facilitation of instructors and the interaction between peers would be less personal, removing a critical part of contemporary educational philosophy. This philosophy encourages the interaction and collaboration among students and instructors as much as possible. An effort to mitigate and adapt this issue would have to create an innovative solution involving the internet and its role in encouraging facilitation between instructors, secondary facilitators, and peers. Culture elements would likely be “lost in translation” with the shift to strictly online spaces and some might argue that student exchange programs benefit from the immersion in different cultures. In the absence of physical meeting spaces these cultures might not likely be experienced in the same manner through an online medium, removing a critical part of the student exchanging experience. Mannerism that might be critical to communicating ideas might be lost in the switch between the physical and the online world. Classrooms offer students an opportunity to be removed from distraction. IBM, a pioneer of working from home and telecommuting has started to bring its employees back into the office as an effort to encourage collaboration and remove distractions. If professionals are starting to act on perceived downsides of working from home, how can educators justify that the concept of MOOCs are fundamentally different and won’t succumb to the same problems. Computers, being the powerful tools they are and in conjunction with the educational methods of MOOCs courses, pose the potential to be massive distractions for undisciplined online learners. Students, when left to their own instructional devices, may focus less on their work and may be prone to distractions at the expense of their education. Cafeterias would not be necessary to feed thousands of students daily, eliminating the costs and subsidies associated with these elements. School libraries could also be eliminated. Content would be indexable and searchable online or students could take advantage of community resources like public libraries. Discussion would be facilitated on online spaces, eliminating the need for meeting rooms, and other peer-organizing facilities. Gyms and other athletic programs would also not be present in their current form under the MOOC model.

Instructors

 The role of the instructor is an element that would need to be stringently examined. MOOCs taut the roles of the professors as “hands-off”. Traditionally professors and instructors are evaluated for academic positions with a consideration of what they bring to the physical classroom. For example, great professors may exude a certain classroom presence that would not translate into the online realm. The best teachers in the classrooms might see their teaching styles unable to translate to the online realm. Indeed, instructors which adapt their course to the students, whom they get to know personally in their classroom, would find themselves unable to do this in a MOOC. The role a teacher would play in the MOOC ecosystem might be traditionally different than what has been expect from educators in the past. In the MOOC realm, instructors would have the opportunity to use prepackaged materials and lectures that might have been recorded and distributed to other platforms. As a result of that, there would be an increasing need for teaching assistants, facilitators, and moderators rather than those who create content. A few content creators would control a majority of content that MOOC instructors, who might have created content in a traditional academic setting, distribute without incorporating their own interaction and expertise. They might not be personally familiar with the new teaching these elements, causing their educational efficacy to suffer without existing knowledge on how to educate this new breed of instructors. This line of work might not offer full-time employment to instructors, forcing them to choose how they split their time professionally. This might create a situation where instructors are spread too thin in regards to their teaching scope. If the pay is not there people will not be as emotionally or professional involved. The ability for professors to give quality feedback would be hampered in some cases. Knowing students, their faces, their personalities, their specific mannerisms, and their specific abilities allows teachers to craft a unique learning environment that caters to the strengths and helps alleviate the weaknesses of every student. A professor’s time would be split between possibly thousands of students, affecting the communication with individuals greatly. Modern universities tout the low ratios of faculty to students at their university, claiming the less students a faculty member has to interface with, the better quality of education provided. The MOOC model is inherently the opposite of this established philosophy.

Accreditation

The most extreme departure of MOOCs from traditional education is the “Open” portion of their implementation. In an open educational system, how are prerequisites handled? Are students allowed to register for whatever they wish? The instructor will not be blamed if students fail to compete the work, as MOOCs already have an understood mechanic of the limited resources an instructor can offer in the system and self-determining nature of the programs. Will these elements be lined out a legally binding disclosure of policy to protect the institution from lawsuits? This aligns with the philosophy of self-enrichment that states students should be free to pursue their interests but eliminates the “liberal arts” curriculum that has been philosophically justified for the last century as a cornerstone of a well-rounded education. MOOCs offer a vehicle to change this long-standing standard of education through invoking internal processes and channels in the educational system. How would accreditation work? Would certifications, degrees, and other credentials issued from the institutions be as valuable as those provided by traditional facilities? How would the accreditation process work and would it be effective in eliminating the degree mills that pop up and allow individuals to “pay-to-progress”, stressing more on the financial element than the educational content? Will these elements be able to transfer between traditional universities? Will the credits earned in either institution be interchangeable? Currently there are no graduate level programs. How would athletic programs be adapted to fit this model? Without the funding and the physical element of traditional facilities, these programs might be left in the dust. This is inherently against the philosophy of physical education as a cornerstone of modern education that has been in place since the ancient Greeks first established the idea of post-secondary education.

Degrees Offered

MOOCs have typically not offered undergraduate degree programs a critical part of post-secondary education but that is changing with the introduction of the new programs offered by established MOOC providers as recently as 2015. MOOC providers have begun to offer graduate level programs, Coursera in particular provides an MBA course in data science which costs $20,000, comparable to typical university tuition. This is an interesting trial run to get an idea of how effective this post-secondary education can be. Students who enroll in these programs would have to be aware of the inherent risks involved in blazing the trail of this experimental educational delivery.

Student Behavior

The behavior of the students and the discipline required to operate in an educational facility would be tested in news ways in the MOOC system. How would attendance be calculated and enforced? What would stop students from logging into their class while they’re driving, shopping, or doing some other activity, which would arguably affect the quality of their education experience. How could MOOC platforms create guidelines that would prevent safety issues, hazards, or other complications and alleviate themselves from liability if a student gets into a wreck while trying to submit an assignment before a deadline. How do you prevent the academically dishonest collaboration between students? How do you curtail cheating and violations of the honor code which is a large part of contemporary education? Online courses provide a unique approach to education but also allow unprecedented opportunities to cheat and collaborate in a way that diminishes the quality of education that is provided. In certain institutions, students in online courses are proctored in exams at the campus. This prevents students from using resources that aren’t permitted during exams. The use of “lockdown browsers” attempts to prevent this kind of cheating remotely but tech-savvy students would be able to bypass these restrictions, compromising the integrity of the test. At the end of the day, education is focused on exposing students to new content, enriching their base of knowledge, and encouraging them master content in an academically-sound method.

Completion Rates

One of the major drawbacks of MOOCs since their inception has been the abyssal completion rates. HarvardX and MITx have reported completion rates of less than 5.5%, far lower than traditional universities. For example, in 2015, UNCC had a six-year completion rate of 53.3%. Comparatively, EDx’s completion rate, though not directly comparable with a graduation rate, is drastically lower by almost 10 times. This, on the surface, could seem like a bad thing if the main prerogative of the institution is “completing” or “graduating” students. However, the amount of self-discipline that is required to complete these early iterations of MOOCs makes their completion much more valuable. If you have to choose between an employee who graduates from an institution that pushed out graduates at 53.3% and one that graduates students at 5.5%, which one would your intuition tell you had the harder route to earn their credentials? Which set of credentials at face value seem more impressive? Would these “low rate” credentials be interpreted as only being awarded to the most tenacious learners?

Peer Interaction

How do instructors facilitate academically beneficial conversation and collaboration between students? How would group projects work? It’s not an excessively outlandish thought to imagine all the group communication taking place online through a proprietary interface of the institution or through email. Would this kind of interaction be voluntary or involuntary? Would this be a “participation” grade that affects the student’s final grade? Is this type of communication between students necessary for all students? How do you determine what students need this kind of interaction for a quality education and which students don’t necessarily need this kind of interaction? How do you evaluate the interaction between students if this is decidedly an important part of education?

Acceptance

In the contemporary educational system, the ability to deny applicants creates a sense of exclusivity and creates a sort of economic “club good” that can then be monetarily inflated to reflect its perceived exclusivity. The MOOC model, like many other elements, breaks the mold in the sense that it takes what has traditionally been a club good and drastically increases its reach to consumers. This creates a competing product that may be perceived as inferior due to the price-point and inclusivity. Is this necessarily the case? What kind of effect with this have on the competing models of MOOC-based and traditional-based education. Does this inclusivity or exclusivity naturally increase quality or drive it down in the purely economic sense. Would there be quality control elements included, like withdrawal limits that prevent students from recklessly dropping classes (similar to the 15 credit withdrawal limit at UNCC). Would this infringe on the “Open” part of the model? Currently MOOCs are plagued by incompletion rates due to fact they are so easy to forget and the consequences for nonparticipation are minimal. Would there be a traditional GPA score as we understand it today or would it be replaced by something different and more akin to a pass or fail model similar to public education countries like Finland?

Scalability

The business side of the MOOC model is very straight forward. It is the natural progression of education reformation in a free-market system. Profitability would be an element that would be worth considering. Would these systems benefit from public endowments like their physical counterparts or would they rely completely on the monetary contributions of students. The appeal of MOOCs would be the commodification of education. Would investors be called to play a part in the funding? Is the model scalable? Where do you draw the line in terms of the number of students in a “classroom”? Is the endgame 100,000 students in one class? 1 million students? Would there be the public/private duality like there is in contemporary education? Who audits all these entities? Would there be a governing body that evaluates the quality of education? Is this necessary? What are the ethics involved with offering this type of course without an auditing process. How would the textbook industry react? Would these materials be provided, included in the fee, or would their necessity be eliminated entirely?

At the end of the day the criticisms of MOOCs boil down to quality of education. If the reach is greater but the product is of less quality is there an ethical component involved in the implementation of this technology. What do the scholars and educators say about the viability of MOOCs and how do they compare to modern day, contemporary systems.

MOOCs 4

Potential Solutions

All of these problems create a less effective learning environment, undesirably reducing the quality of education that students receive, leading to detrimental macro and micro societal factors. Society suffers by having a less educated society and individuals suffer by not approaching life through with the asset of an educated mind. The quality of education is the most concerning factor of the jump between traditional education environments and the MOOC environment.

Several conceptual solutions have been identified to address the problems that would need to be mitigated, addressed, or have completely new solutions developed for them. These solutions would assure that the quality of education does not suffer from the transfer between online realm and the traditional physical realm of education. Addressed would be a reexamination of the educational philosophy and how students should be evaluated. This would look at how we approach education and how this approach could be readdressed for the information age. How we approach cheating and peer collaboration is something that will be a modulated factor considering the online delivery of education. Students should not be discouraged for collaborating or using resources that promote beneficial life skills like critical thinking, academic skepticism and challenging the status quo. In the wake of professors not being as accessible, students will have to be available as resources to each other, presenting an opportunity to conduct academically beneficial collaboration. MOOC students can take the initiative and create study groups, set up meetings outside of online spaces and jointly tackle collaborative projects, allowing them to learning leadership and teamwork skills. This new medium allows for new approaches to keeping students motivated during the educational process like gamification, the process of taking advantage of instant gratification to incorporate elements that make learning feel psychologically more like a game. The lack of physical elements in the online arena is addressed through alternatives available either in the community or through emerging implementations of online social spaces.

The drastic change in scope MOOCs allow cannot be implemented without a drastic change in how education is administered. Necessity is the grandfather of invention and the online vector for distributing education requires new solutions that might not readily obvious. The administration of course content and how it will be evaluated is the number one concern further implementing MOOCs. Minimizing withdrawal rates and cheating are the most immediate objectives.

Peer Collaboration

Firstly, the definition of “cheating” when assessing the viability of MOOCs is malleable. In the same way that calculators changed the way mathematics is taught, MOOCs might enable a fundamental shift in focus on more advanced conceptual topics, like cheating in the world of online education. We might eventually look back at traditional education the way we look back on slide rules. Acquiring knowledge in the information age is fundamentally different than it has been in the past and one of the major concerns MOOCs should address moving forward.

Collaboration between students is not always a bad thing. When you remove the element of testing, collaboration becomes an important part of a complete education. Working together provides students the experience of working in a group and life, as it turns out, is like a long group project. An inability to collaborate is not only a personal and professional inadequacy of the student, it’s a failure of educators to project the importance of these skills. Instead of approaching collaboration of students, whether academically honest or dishonest, as a problem, this ability should be hailed as an educational innovation and focused on as something to be perfected, providing students with an important tool in their life-skills toolkit.

Critical Thinking

We live in an age where a majority of the world’s collective knowledge is able to be accessed from a device that can fit in your pocket. Not allowing students to become adept dealing with this new application of technology puts them at a disadvantage when they enter the professional workplace. The natural draw to use the collective knowledge body of the internet is inherently part of the human experience. Curiosity and necessity lead people to seek out answers, and MOOCs need to develop students’ abilities to acquire and process this ever-growing body of knowledge.

Parsing and analyzing mass amounts of data are not just for data sciences. The “fake news” epidemic we’re currently witnessing in contemporary popular culture is a direct response to the lack of critical thinking in the population, a direct effect of a poorly equipped populace to deal with vast amount of data and information that requires skepticism, critical thinking, and collaborative discourse to process. Students should be able to resist overt attempts to affect their emotional suggestibility and should be able to articulate and defend their beliefs with logic, which is for more difficult to manipulate. Social engineering is at an all-time high and being an effective citizen in the 21st century requires an information processing toolkit that should be provided by an equally 21st century education.

Evaluation

Contemporary education relies on the questionable methods of “teaching for the test”, although educators are moving away from this, noticing the benefits of teaching for content and the process of thought. When the process of concepts and their associated elements is known, students will be able to develop and learn more advanced stuff in the future instead of seeking to memorize seemingly unrelated and insular facts Studying for a test helps you out one day of your life; the day you take the test. Teaching for an understanding helps you out every day of your life. Like the Chinese proverb, “Give a man a fish, and you feed him for a day. Teach a man to fish, and you feed him for a lifetime”. Teach a student the answers to a test and you educate them for a day. Teach them the tools to solve problems and you educate them for a lifetime. Testing in the nascent era of MOOCs will require a complete rework; increasing the quality of education that an already test-reliant system uses as a cornerstone, impart a knowledge of how to solve problems rather than just memorization of materials, and curb the ever-growing epidemic of cheating.

If exams are still present during skill assessment in the future of MOOCs, new technical solutions might be required. A central, controlled environment where tests can be proctored would be necessary. Crafty students, however, will be able to technologically subvert these methods. Due to these issues and the lack of effectiveness in exams, moving towards project-oriented evaluations would be a more effective solution. In the professional world there are no tests, no one-size-fits all solutions, no singular multiple choice questions. There are just problems and possible solutions to the problems. A quality education should reflect the necessities of any path in life and a majority of these paths require solutions that may not be obvious or as straight-forward as test evaluations may suggest and prepare students for. MOOCs provide an opportunity to change the status quo and might foster fundamental changes and what have been universally adopted as facets of modern education, further driving philosophical thought into the future.

Motivation

In the modern age of instant gratification, criminally reduced attention spans, and constant distractions, some form of incentive and accountability is necessary to keep people focused and involved. To counter the concerning completion rate that plague the current MOOCs, it might be beneficial to incorporate some type of point system or gamification. Instant gratification is a powerful psychological motivator and appropriating this human behavior to the education system would drastically increase its effectiveness. Some type of social media incorporation might be beneficial to motivate the socially-minded. This has to be implemented tactfully. Not everyone would be thrilled about including their nerdy passions in what they disclose to their social base. Those, however, who enjoy the pursuit of knowledge and surrounding themselves with people that have similar interests would benefit greatly from this kind of incorporation. Social media has permeated through every other product on the market, why should education be any different? This kind of content on social media would be beneficial, adding education to the social media record. When people look back centuries from now, they might actually see educational content posted on social media, instead of plates of food, tens of thousands of selfies, and pictures of children. Putting this kind of content on social media might tell a story that isn’t just gluttony, vanity, and breeding. This would also project to future data scientists the critical role the education plays in our contemporary societies.

Responsibility

Educational peer interaction would have to be redefined. Ivan Illich claims the institution is not enough to produce a quality of education, and the personal element as well as the peer element is necessary for a complete product. With the presence of facilitators and instructors spread thinner than traditionally desired, peers will have the chance to pick up the slack and develop their leadership skills. Some sort of peer-mentoring and teacher’s assistance programs would be beneficial. Some type of credit or reward could be offered to encourage students to rise to the responsibility of assisting peers who request or require it. Peer-evaluation could be implemented. Guided discussion could be used with minimal cost to the instructor or peers besides occasionally stepping in to steer or moderate the discussion, tasks which could be delegated to students. The type of discussion would have to be implemented and incentivized in a different manner than it already is. Requiring students to make a certain number of posts a week for a grade is not an organic solution that facilitates collaborative discussion. Use should be incentivized by making the work more natural and valuable for students. For projects, students could share and run ideas by their peers and see their academic evaluation benefit from their involvement in other student’s work that does not directly affect the content they are producing. This type of collaboration satisfies sharing component of the four “learning-enhancing” objective proposed by Illich. This type of exchange would benefit the students by having the discussion available online, helping nonparticipants, as well as encouraging and progressing the learning goal of acquiring and analyzing information through digital channels like discussion forums. This is an adaptation to the new education for information oriented societies.

Physical Presence

The physical element of being present in a classroom, having similar resources that students on a physical campus have access too, and being physically present with other peers is a huge leap the mass-adoption of the MOOC system will have to address. The classroom would be digital, meaning students would have to learn how to manage their time and manage their distractions. Having classes take place at a certain time is something that contemporarily available MOOCs have not tried. Part of the appeal of the MOOC is to accommodate students who may not have the temporal resources to dedicate to a traditional academic setting and experience, so this element cannot be ignored. However, the mass adoption of full-time students with the time to spare would benefit from a structure schedule where they have to be present for online lessons or meeting, even if the content is prerecorded. This guarantees that students will not have an insular experience when logging on to their online content. Other students will be present and can communicate in real time about the lectures, emulating the social and educational experience offered by a physical classroom. A study published in the Journal of Computer Assisted Learning states students who are socially involved in MOOCs are more likely to complete the course. A lot of physical elements of a university are not necessary when a completely digital route is taken. A lot of amenities on campus; food options, housing, parking, and many services that supplement these are not required when the educational content is delivered digitally. Physically meeting spaces can be provided without at the additional, supplementary service, for those students who prefer the face-to-face interaction in their academic experience.

Physical Education

Physical education can still be provided in a MOOC setting. In the absence of infrastructure provided by a university, the community’s public resources can be utilized. This would give students who are in geographically similar circumstances a chance to meet with other students and use and experience community resources like parks, which often go underutilized and underappreciated. This will make every day feel like a field trip and will help break up the monotony of coming to the same campus and using the same equipment each day. Students who take on these academic endeavors could foot the costs themselves, alleviating the MOOC operators of the financial burden. The students would have to absorb the cost of these activities but that would be no different compared to attending a physical location where these facilities and activities would be paid for in the form of fees. This would spare other students who aren’t benefitting or taking part in these programs from subsidizing those that do, compartmentalizing costs and tailoring costs to the personal academic experience provided.

Accreditation

Addressing accreditation is a critical component of the educational process. Without a thorough audit of the education being provided, a student, without doing their due diligence concerning their educational consumption, would be unsure if their education is of federally or professionally acknowledged quality. If someone is taking a MOOC to advance their professional skills or viability in the workplace, they should feel guaranteed that their education is relevant to whatever interests they are pursuing?

The accreditation process should take into account the differences in education MOOCs offer in comparison to traditionally offered courses. A different set of guidelines and evaluation practices should be implemented to reflect the change, account for the different medium, and evaluate the academic quality, both professionally and personally. Consumers ultimately bear the responsibility of whether MOOCs are treated like a degree from a traditional university. If the market is flooded with MOOC educated individuals, employers will have to start making concessions and investigating the compatibility of the individuals with their operations. Today, the situation is no different. Educational opportunities can be cutthroat, offering what the claim to be professional viable degrees, which turn out to be worthless. Accreditation is a critical part of this process and some research will have to be done to assure students and employers that MOOCs and the education they provide will stand the test of professional scrutiny.

MOOCs 5
Barcelona FLAN presentation 27th January 2017 – @lisaharris @nic_fair – University of Web Science Institute

Conclusion

In this methodology many interesting new problems and solutions are yet undeveloped for the implementation of this new technology. In this proposal, we examined potential problems that may be present or arise in the MOOC system, their immunizations which can be implemented or investigated to protect against these problems, or implement alternatives that would move the philosophy of education in to the information age, and the counterarguments to the fact that they may not be problems in the first place. We take an objective look at the elements of this system and how it could possibly effects both the students and instructors in this new, innovative system.

In conclusion, MOOCS offer a unique opportunity to rewrite the rules of higher education. Some changes are drastic and the implementation of whatever changes are deemed appropriate would be slowly implemented. No one wants to see an education system that they have experience with change and have the effectiveness not immediately obvious.

The role of instructors and students might benefit from being redefined. Peers can collaborate in a way that was not possible due to the ubiquitous nature of the internet. It might be time to reevaluate the way the educational philosophy is applied to education. Critical thinking and solutions to evaluate the abilities of students might need to be reworked to account for changing technologies and epistemological methods in which knowledge is acquired in contemporary society. Administrative issues like accreditation and acceptance are initially redefined by the concept of “open courses”. This bold solution to increasing the scope and availability of education will need to be addressed by making sure the product being provided is comparable to the traditional institution, or, as a service, it will continue to remain just another gimmick to supplement the already established, flawed system. The physical infrastructure and education that would be bypassed by moving the system online is mitigated by using community resources and allowing peers to organize solutions that fit their learning style. The more options the better and MOOCs are certainly an opportunity to redefine how individuals approach learning in the 21st century. In 50 years we may look back and wonder why we ever spent time in windowless rooms in institutions with tens of thousands of people, getting a quality education on how to find parking.

uncc_parking_2401490_ver1.0_1280_720
WSOCTV

 

Jumping the Airgap

One of the most useful tools in the network security toolkit is the use of an airgapped network to store and protect data from wide area networks like the Internet. “Airgapping” a network essentially means disconnecting that network from a gateway (router/modem) that bridges its connection to the larger internet. Essentially, it is a computer that can’t connect and/or never connects to the internet. If you’re not connected to the internet your chances of getting attacked drop considerably. Automated programs can still operate and propagate within an airgapped network but cannot connect to command and control entities to receive instructions or exfiltrate data. These networks  operate with a gap of air between their networks and the networks connected to the internet, hence the name “airgap”. Jumping the airgap refers to the ability for malicious attacks to transverse this airgap, infect computers in separated networks, and exfiltrate data found on it.

What constitutes an airgapped network? A wifi connection to your laptop is not an airgap. It represents a bridge between between a transmitter (wireless router) and the receiver (wifi antenna in a laptop). An airgapped laptop would have it’s wireless receiver removed and be connected to isolated networks via an Ethernet cord. A laptop with secured wifi credentials is not a airapped machine in the sense that it is one exploit away from bridging the gap to the wider internet. A computer connected to a LAN which is connected at one point to the larger internet is not airgapped. A computer sitting in a soundproof room, running on a generator or some other mechanism to defeat ethernet over power attacks, behind the NATO recommended wall thickness to prevent radiation leakage, and without any windows to communicate any visual cues would be considered a conceptually perfect airgap. That is, until the next technique is discovered, possibly including some kind of defeat of the computer/biologic barrier.

What kind of situations would an airgapped network be appropriate? According to wikipedia. Military, government, banking, industrial, aviation, and medical networks all would benefit from the security of an airgapped network. Let’s say the US military was using a supposedly secure network running Windows 7 PCs to manage data associated with troop locations and documented strategy policies. This network is locked down from a systems admin standpoint, all the programs are up to date, all the group policies are set correctly, access is audited. Let’s say a Windows 7 exploit is found which allows attackers to maliciously subvert the security measures that are in place. All that work is for naught when the system is exploited to behave like a public node on the larger internet. The point of the airgap is to assure that these exploits aren’t devastating for the security of the data and the users. Essentially a computer on a traditional, nonairgapped network, is one misconfiguration or one exploit away from being bidirectionally compromised.

Unidirectional networks are a large part of operational security when dealing with airgapped networks. Similar to how classified information is moved within an organization, data can move relatively inscrutably onto the airgapped system compared to being moved off of it, similar to how information can be transferred to higher levels of security clearance with minimal concern compared to the extremely restricted act of declassifying data to lower levels of security clearance. This unidirectional flow creates a fail-safe in a situation where a computer is compromised because the malicious actor fails to exfiltrate data back to the attacker simply because the medium to transport that data is not there. The unidirectional flow is necessary because computers need to be updated and need to have data moved to them, both of these require data from that has been connected to the outside internet to be moved onto the machine. The idea is that once data is on these airgapped machines, it never returns to machines that maintain an external internet connection. Imagine a spy that gets into a vault containing state secrets. The idea is that once the spy is inside the vault he may never leave, rendering him unable to report back what he’s found and ultimately rendering his services useless. The creation of airgap jumping malware is essentially the creation of unorthodox methods that allow this spy from communicate what he’s found without leaving the vault. The most intense conditions of airgapping may include policies against transferring this data to internet capable machines at all, choosing to use human elements to interpret, query, curate, and move this data to its applicable uses. Unidirectional data flow does allow malicious activity to enter an airgapped machine. However, unidirectional networks mitigate this by preventing the exfiltration of data by keeping the malicious software and all the data it desires to communicate to its handler on the airgapped network, isolated from the internet.

Imagine being in a room and two dogs were communication via a dog whistle. You would be unaware of this communication going on. This is the case when people employ acoustic measures to exfiltrate and infiltrate data. Recall the movie inception, someone’s dreams would be technically airgapped. The premise of the movie is that data in the dream state can be easily exfiltrated from the dreaming person but data cannot be easily infiltrated or “incepted”. Exfiltrating data and infiltrating data are often two different conceptual problems when considering an approach to an airgapped network. Within an airgapped network data is not easily exfiltrated. So imagine the process of moving data off the system as “EXception”, or the opposite of of the premise of the Inception movie.

Using acoustic elements from the computers operations, malicious attackers can exfiltrate data that exists in an airgapped machine. You’ve likely heard a computer and the noises it makes. These noises can be controlled and interpreted by a listener to convey information beyond traditional means. The idea of moving data using acoustic methods is not new and you may recall the noises used to convey data when picking up a phone that was sharing a line with the internet back in the days of dial-up. However, the methods that are being used today are getting more and more sophisticated. Of course these methods require malware to be on an airgapped computer in the first place. Getting malware onto an airgapped computer that employs a unidirectional data flow is not difficult today. Once on the airgapped machine the malware begins creating sounds a malicious receiver can then pick up. Diskfiltration is one of these acoustic exfiltration methods. The malware uses the hard drive movement to create sounds that can be picked up by a receiver. This is useful for a situation where an airgapped machine is sitting next to another machine with internet connectivity and a microphone. The malware, once it has been dropped onto an airgapped machine uses this technique to exfiltrate data to a machine capable of phoning home. This method is useful when an airgapped machine does not have speakers an attacker could use to transmit audio, typically beyond the range of human hearing, to a receiver.

What if the airgapped computer uses solid state drives which can be practically silent? The diskfiltration method would be defeated before it could even begin its operation. This is an important reason to keep the technical specs of an airgapped system private and employ good operational security when communicating them. If an attacker manages to compromise a system with diskfiltration, the lack of exfiltrated data will let him know the attack was unsuccessful but he won’t be sure whether the issue is with the listening device, the method of exfiltration, or the incompatibility with the hardware. Keeping attackers in the dark like this grants security professionals an advantage.

Fansmitter is capable of defeating the airgap in systems that are immune to diskfiltration. The method uses the computers fan to communicate acoustically. This, like other acoustic methods, creates an bridge across the “audio gap” to exfiltrate data from the airgapped machine. By controlling the speed of the fans and, as a result, the sound waves emitted from them, a malicious receiver, such as a smartphone or compromised internet capable computer can relay data off an airgapped system. This method was slow at 900 bits per hours (0.25 bytes/second) but is enough to slowly transfer passwords, encryption keys, and other sensitive information stored in text files.

AirHopper is another acoustic exfiltration technique that turns monitors and video components into FM transmitters, capable of transmitting data 1 to 7 meters away. This might not seem like a long distance but it could mean the difference between transmitting data between rooms if an airgapped machine is kept in a room by itself, away from computers with internet connectivity. This technique only allows 60 bytes of information to be transferred per second, due to the nature of sound waves. However, 60 bytes a second is 3.6 kilobytes a minute, enough to transfer txt files with hundreds of passwords or expansive excel documents in a matter of hours.

GSMem is an additional acoustic technique that communicates data from a compromised airgapped machine with a compromised cell phone which is then able to use the cell network to phone home the information. Using cellphone frequencies allows much more data to be transferred, making this method exceptionally dangerous. Attacks like this are responsible for the policies disallowing people from carrying cellphones into sensitive areas.

Recently visual elements have been proven capable of bridging the airgap. We’ve all seen the LEDs used for identifying disk activity and power status on desktop and laptop computers. Recently, at Ben-Gurion University in Beersheba, Israel, researchers were able to interpret the communications expressed by malicious software on computers where LEDs were present, effectively exfiltrating data from an airgapped machine through a window on the 3rd floor of an office building using a drone. This may seem like an extreme method but could be useful in exfiltrating data where acoustic and other options are not available. It only requires a view of the computers LEDs directly or indirectly. A view of the LED itself is not necessary. All that is required is a change in light which conveys a message in a binary code that the receiver can understand. This method can easily be defeated by eliminating windows from an airgapped environment. Even stranger is malware like BitWhisper that communicates by using thermal elements to exfiltrate data.

The most advanced attacks will always require the use of airgap jumping to execute, simply because the most advanced security applications will include airgaps to protect sensitive data. We’ve entered an era where creating an airgap doesn’t ensure protection for data. With the advent of IoT devices and the philosophy of constant connectivity, the industry seems set on eliminating the airgap for practical and pragmatic reasons. I remain unfazed until malware can jump the airgap between a computer and a physical notebook.

Privacy in the Age of Technology

“Thanks to technological progress, Big Brother can now be almost as omnipresent as God.” – Aldous Huxley, 1961

images

We have never been more connected than we are today and the steady march of technological innovation continues to expand on this connectivity. The social paradigm shift of constant connectivity reinforces behaviors that encourage activities that aren’t particularly privacy-oriented; sharing passing thoughts on social media, sharing locations with vendors and data brokers, divulging information that is valuable to advertisers on everyday life, and surrendering constitutional rights to various national security apparatuses. . The advent of social media itself encourages sharing thoughts and feelings, sometimes without proper 21st century discipline, indiscriminately with acquaintances, friends, and family. This isn’t necessarily a bad thing for collectivist-minded individuals but may seem like a rapidly approaching privacy-extinguishing singularly for individualists among us. We now have access to more individuals while sitting at a computer in an afternoon than people in the 18th century may have encountered in their entire life. This wide breadth of reach is just one part of the communications revolution that is still ongoing after the dramatic arrival and mass adoption of the World Wide Web in the 1990s.

Privacy is described by Wikipedia as “the ability [for] an individual or group to seclude themselves, or information about themselves, and thereby express themselves selectively”. This is a concept many people may take for granted as they go about their daily lives in an age where we’ve become accustomed to connectivity, the relative extreme access to information it provides, and the quality of life benefits it provides. Privacy is an ancient concept and we can corroborate with the present by comparing behavior in modern day societies with the behavior in ancient societies. The  concept of confidants and the selective distribution of information stretches far back into antiquity as people desire to selectively share certain pieces of information with only a select few individuals. This process of selectively sharing information has been employed since times immemorial. When humans existed as pack entities, controlling the flow of information concerning where your pack maintained food stores, weapons, safe houses, and other pertinent location data could be the difference between life and death. Privacy in the current world is no different and, I’d argue, more valuable considering its compared scarcity. Some may argue that we live in a safer world due to the technologies that others may argue are eroding the traditional definitions of privacy.

Is privacy a human right? Should people have the right to separate themselves from the public domain? The creation of privacy laws has skyrocketed since data collection and data brokering have become a staple of modern business. People expect privacy when dealing with health records and the law affords them this confidence. Financial records are also protected by law. People may not want others to know how much they earn. Is this desire to keep financial records private ethical or not? What about health records? Should people be required to disclose this information when asked if they have nothing to hide? Should Donald Trump be required to disclose his taxes? Should Facebook and Google be required to disclose the data they collect about their customers to the customers themselves? Should individuals be able to opt-out of this data collection for a price? Google partially offers services that disclose the information they collect on users with their “takeout” service as an effort to “not be evil.” This slogan had been dropped the rebranding of their parent company “Alphabet.”,  The new slogan is “do the right thing.” Are Google and Alphabet suggesting that not disclosing the data collected from customers that use their services is evil? Do data brokers like Google and Facebook expect the privacy to protect themselves and their data collection technologies from scrutiny about the data they collect? Is this definition of privacy something they afford and extend to their users? Are mass surveillance programs justified because of their contribution to national security programs? All of these questions inevitably lead you back to the ethics of privacy, a rapidly evolving branch of philosophy.

I argue that the ability to conceal information and to maintain a part of your consciousness that is considered a personal “safe space” known and accessible only to you is a basic component of normal psychology. We see the creation of community safe spaces in colleges. Is this not just an expression of privacy? Should personal safe spaces in the form of privacy be offered to individuals in an increasingly connected world? Should the right to solitude be considered a human right? If I’m keeping a secret for someone, being able to reliably keep that secret because my private thoughts are protected, I argue, maintains a healthy psychology that is essential for the human condition and healthy relationships.

In the modern era, technology is everywhere. This ubiquitous reach of technology creates the ability to monitor and maintain records of almost anything that travels along the internet and its infrastructure. How this data is utilized is up to the power brokers and data brokers. The degree of mass surveillance and national security has been escalated since the September 11th attacks on New York City in 2001. The National Security Agency enjoys extreme latitude in how they can collect data and, most of the time this collection is warrantless and the judicial proceedings concerning the utilization of this data is not conducted in a public court. The policy of data collection for national security seems to be one of “collect now, parse later”. These agencies run a dragnet on all communications, collecting everything without a warrant whether it is useful or not. This is in line with many modern theories of data curation and warehousing. It’s better to have too much data that never gets utilized than be caught in the dark without the same data if and when its availability becomes critical. In the realm of national security, utilizing this data requires a warrant but the collection is typically free game. Your whole online life and any fact of it that is accessible by the ever-permeating reach of technology exists in a database ready to be subpoenaed at any moment. This data is also likely to outlive the individual whom it concerns meaning that this generation, whose lives exists in a big portion in the online sphere, are likely to be the first to have the entirety of their online activities logged for security reasons in the present and likely preserved into the future. Will we eventually have to signify whether we’d like to be data donors in the same way we allow ourselves to be data donors.

Big Data thinks that privacy is the sharing of information with other (human) individuals. Since an algorithm is sorting your data, nobody is technically invading your privacy. Should it be? Is the creation of metadata itself a violation of privacy? If I bake a cake with stolen eggs, is the cake itself stolen? Is it an invasion of your privacy when you record your thoughts in a journal? Is it only an invasion of your privacy when someone reads these thoughts without permission? I’d argue that the creation of metadata in itself is an invasion of privacy. Proponents of big data may argue that historiographically, not collecting data is a disservice to future historians and sociologists who would like to tap into the vast quantities of data created by this age of maddening data creation and curation. If we could go back and look at big data at the scale it exists today for ancient civilizations like Greece or Rome, we would be able to draw conclusions with much more certainty and arguably be able to advance our collective body of knowledge further, improving the understanding of ourselves and civilization as a whole. Should we, in our relatively feeble understanding of the world in the early twenty-first century, be making these kind of information-denying decisions for those who might desperately need this data in the future to understand themselves, improve their quality of life, or bolster their knowledge base? Today, some of the most fascinating material to come from ancient Rome is arguably the graffiti that has been perfectly preserved in Pompeii due to the enlightening social commentary it offers for the period. Would it be right to deny inquiring minds in the future the multitudes of social commentary we have in the form of twitter feeds that people manually opt into sharing today? Why would we not share this information? What would make your information so important to you that sharing it would be damaging to your psychology or well-being? If you wouldn’t mind sharing this information with people centuries from now, what’s stopping you from sharing this information with entities in the present who may use it for the greater good like national security or medical research? Why should you care whether Facebook shares your likes with a 3rd party data broker who uses this to tailor ads that suit your interests?

The fact that people advocate for privacy, but publish incriminating or implicating information about themselves online, creates a separation between what people claim to want regarding privacy compared to the behavior they express. This phenomenon is known as the Privacy Paradox . If I claim that I want people to respect my privacy concerning a recent breakup, then I proceed to post intimate details about it on Facebook, then complain about people posting undesired comments, this would be considered paradoxical in the privacy sense. The privacy paradox can also be observed in the shift of information sharing online. When the internet was first adopted by the masses and children were allowed to browse, many parents told their children to be wary about what they shared online. This is completely contradictory to the current understanding of how online presences are conducted online. People often post their phone numbers, addresses, current locations, and intimate thoughts on the internet. This isn’t inherently bad. It only shows the paradigm shift of information sharing from safety to information presence and ubiquity.

The “nothing to hide” argument is an argument used against privacy activists. In my opinion, it is a cancer on the progression of privacy-minded individuals and concepts. The arguments states that if you have nothing to hide you should inherently not oppose surveillance because you’re not likely to be the subject of said surveillance. This, in my opinion, is akin to allowing someone to go through the trash at your house looking for something incriminating, and then claiming that you should go back into the house and not worry about anything as if you have nothing to hide. Not only would this be a violation of your 4th amendment rights in America, it would probably raise an ethical concern about someone poking around in your garbage without your permission. The intangibility of digital assets likely presents a conceptual leap that many people are not willing to associate with material and assets of a more tangible nature. However, your data assets, I argue, are just as valuable, if not more, than your physical assets. Edward Snowden chimes in about the nothing to hide argument saying “Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say”.

What is the future of privacy? Is it dead? Is it destined to become a relic of the past, something ancient and more basic humans did as a result of evolutionary behaviors to secure their existence in a harsher and more dangerous world? Is privacy even necessary? Does the absence of privacy start dehumanizing people and begin eroding how we exist as individuals today? Can the absence of privacy be reconciled with technology? Can the powers that be use metadata and mass surveillance programs responsibly for the appropriate security apparatuses?

Do you have something to hide?