How to identify the offender in the computer class?

lemuya2017-01-29 23:28:03

Computer networks

lemuya, 2017-01-29 23:28:03

Hello, I recently came to work as an administrator (not a network one) in one of the training centers. The center has a certain number of computers without a password. Students are often in their teens.
Problem: some people try to do bad things during classes, try to perform sql injections on websites, and so on. How could you track who exactly is doing this, preferably without installing software on working machines. Somewhere I heard that you can shoot traffic at the router level, but it seems that this will not work for https.
What can you think of? How, for example, do uncles from department K look for violators in such cases?
I apologize in advance for a stupid question, but I don’t communicate much with IT.

Answer the question

In order to leave comments, you need to log in

6 answer(s)

index0h, 2017-01-29
@index0h

The center has a certain number of computers without a password.

Reduce this number to 0. For each student, we start a separate single account (you can look in the direction of LDAP) + our own small sandbox. At the expense of sql injections - if these are the sites of your institution - cut access to the most do not indulge. If strangers - as if to hell with them, it's not your task to protect the entire Internet from shkololo. Log activity.
Announce a competition: to bypass protection. At the same time, as in reality, there should be significant benefits for disclosure, and significant problems for hidden hacking. For example:
* white hack - "excellent" automatic
* black hack - "count", without the right to retake

Dimonchik, 2017-01-29
@dimonchik2013

How, for example, do uncles from department K look for violators in such cases?

fingers in the door
you need a tractor, chief (c)

Abdula Magomedov, 2017-01-29
@Avarskiy

The boys are doing everything right, leave them alone, let them learn. Future IS specialists...

rPman, 2017-01-29
@rPman

You need a specialist to help you, at least a level higher than these teenagers, or become one yourself.
There are no ready-made technical means of the level - I plugged the CD into the computer and pressed yes-yes-of course - it does not exist.
ps direction for reflection, at least logs are needed, from which computer to which server on the network network packets were sent / received (cheap routers do not even know how to do this, if the router is a server, then this is real), ideally - which ones (in general case these are expensive devices, read about DPI)
But the analysis of these logs is a highly intelligent task, and a specialist is needed for this.
On the other hand, these logs will help you identify the culprit when they come to you with questions - 'who climbed into us on such and such a date', you just need to link log entries with log entries - who was sitting at which computer.

CityCat4, 2017-01-30
@CityCat4

You - just invite a specialist :) Here, of course, they will say a lot of smart words, and I myself could roll the sheet off - but what's the point?

Alexey Kharchenko, 2017-02-01
@AVX

As an example: allocate a server, proxy on it, slaughter Internet access for everyone on the router, leave it for the server. On all computers we put a proxy in the settings. And on the server we destroy, to whom where it is possible and impossible. Well, without passwords of course it is impossible.