From: Kurt (kurtbuff@spro.net)
Date: Mon Jan 19 2004 - 19:49:37 EST
And yet, not knowing why and how a castle or bunker falls down or
collapses under load, or under the various adverse conditions of the
environment to which you expect it to be exposed, disqualifies you for
expert rating in how to build them.
| -----Original Message-----
| From: Meritt James [mailto:meritt_james@bah.com]
| Sent: Monday, January 19, 2004 10:06
| To: DeGennaro Gregory
| Cc: Teicher Mark (Mark); Rob Shein; Andy Cuff [Talisker];
| pen-test@securityfocus.com
| Subject: Re: Ethical Hacking Training
|
|
| Here we go again. I believe that those skills necessary to build a
| building are different than those to demolish a building. There are
| construction engineers and there are demolition experts. Different
| things. And the skills to fix a car engine are not those necessary to
| vandalize one. "Know your enemy" is nice, "know your job" is, in my
| opinion, better.
|
| "DeGennaro, Gregory" wrote:
| >
| > Very good statement and you do need to know your enemy.
| >
| > Just because you're a police officer, soldier, or in our
| case, information
| > security engineers, does not mean you or I really know our
| enemy and their
| > full or potential capabilities.
| >
| > Ethical hacking gives us an overview or lets us peer into
| the cracker's
| > world. Of course, the classes do not have the latest
| cracks unless they
| > have a honey pot running and receiving such traffic. Nor,
| does it make us
| > crackers. It is only a look see and not cracker training.
| >
| > Ethical Hacking is really a coin term for the public and
| those who do not
| > know the difference between hacker, wacker, and cracker.
| The public only
| > knows or thinks they know what a hacker is. In reality,
| they have no clue
| > that a hacker is good and the other two are not.
| >
| > Also, how do you propose a professional runs pen and vuln
| tests against
| > their network to secure holes in their fortifications?
| There are good
| > products on in the market; however not everyone can afford
| them, use them
| > properly, or the software or device is not totally up to
| date or catches
| > everything.
| >
| > Regards,
| >
| > Greg DeGennaro Jr., CCNP
| > Security Analyst
| >
| > -----Original Message-----
| > From: Teicher, Mark (Mark) [mailto:teicher@avaya.com]
| > Sent: Friday, January 16, 2004 7:10 PM
| > To: Rob Shein; Andy Cuff [Talisker]; pen-test@securityfocus.com
| > Subject: RE: Ethical Hacking Training
| >
| > Talisker,
| >
| > I still have an issue with the term "Ethical hacking" It was a term
| > born out of the Big Six when they were trying build their security
| > practices and leverage their existing client base. I still feel the
| > term is somewhat of slant on those who practice "holistic
| security" and
| > actually attempt to help customers improve their network security
| > posture instead of pointing out the "glaring" hole that those who
| > practice "Ethical Hacking" like to do.
| >
| > I have worked in the past with those who preach and teach "Ethical
| > Hacking" Many of those people have published books
| exploiting that exact
| > theme.
| >
| > Why not spend the time in researching how to correct
| security exploits
| > in enforcing secure coding standards and forcing vendors to clean up
| > their act and making their products work more efficiently
| and securely.
| >
| > /mark
| >
| >
| --------------------------------------------------------------
| -------------
| >
| --------------------------------------------------------------
| --------------
|
| --
| James W. Meritt CISSP, CISA
| Booz | Allen | Hamilton
| phone: (410) 684-6566
|
| --------------------------------------------------------------
| -------------
| --------------------------------------------------------------
| --------------
|
|
---------------------------------------------------------------------------
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:46 EDT