From: Don Parker (dparker@rigelksecurity.com)
Date: Mon Jan 19 2004 - 13:05:10 EST
I fully agree that to defend one *must* know how to attack. I too often hear some
of my peers say how ,such and such, attack is very script kiddiesh. My usual retort to
that is "do you know how to do it?". Most network security people I know have no concept
on how to use an exploit, and invoke it let alone code one. Sending someone on
an "Ethical Hacking" course can fill most of these gaps in. As I have already stated
though the student must come to one of these courses with a certain amount of knowledge
before hand or the money is wasted. Prerequisites for such courses must be clearly laid
out in the course marketting imho.
Cheers
-------------------------------------------
Don Parker, GCIA
Intrusion Detection Specialist
Rigel Kent Security & Advisory Services Inc
www.rigelksecurity.com
ph :613.249.8340
fax:613.249.8319
--------------------------------------------
On Jan 18, Jimi Thompson <jimit@myrealbox.com> wrote:
<SNIP>
>Why not spend the time in researching how to correct security exploits
>in enforcing secure coding standards and forcing vendors to clean up
>their act and making their products work more efficiently and securely.
>
>
</SNIP>
Precisely how do you think that the aforementioned "security exploits"
are discovered?
My experience has been that unless you know how to hack and how to look
at your network from the outside like one of the bad guys, that you
aren't going to have much of an idea of what is vulnerable, what is
poorly coded, and what does not work efficiently and securely.
2 cents,
Jimi
---------------------------------------------------------------------------
----------------------------------------------------------------------------
---------------------------------------------------------------------------
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:46 EDT