whats more challenging?

[AngryBob]

being a [glowpurple]hacker[/glowpurple] or being the [gloworange]security[/gloworange] ?


my feeling is being the hacker because the security should already know all of the ins and outs of their systems.

[allenb1963]

I call it even....security and hacking is kinda like a chess game, IMHO.

[aeallison]

I have to agree with Bob, I think the hacker has to stay in tune with his coding and study in order to maintain a certain edge on security, as security might be a bit more stressful ( waiting for the hacker to find another hole to exploit ) Of course security would rather see a hacker than a determined cracker. Cool thread Bob, lets see how this one goes.

[alittlebitnumb]

I have to say the sys admin has a rougher time than the cracker because the cracker is always one step ahead of the game. Virii come before the virus definition, a patch is released after the exploit is found, you get the picture.

[Palemoon]

Well Bob don't know why your angry but software is not set it sort of mutates. Yeah hackers have an advantage why? Cause sys Admn is not only dealing with server issues but also software license compliance and EULA's, end users and some most lame. Throw into that they have a home life like a girl friend, wife and maybe kids. Yeah hackers have it over me is an 8 hr job, but then hackers spend days finding a flaw have no life and give me the info for free. Me hackers now days work damn hard but not to smart, me I like working smart but not hard. After all I don't spent countless hours for bragging rights..me well auto depost works just fine

[Dome]

The admin just has to know his own system and keep up with updates and such. The Hacker has to study alot of different kinds of systems, and code different exploits and such to break in. I say the hacker has alot more work then the admin does.

[Syini666]

Id have to say security would be harder, cause you have to defend your system from all threats, both internal and external. A hacker would be looking for holes in a single sytem. Though a good security person should try to find the holes before someone malicious does.

[Palemoon]

Security is all about not only knowing what is out here as far as exploits but in also understanding the nature of the hacker. Most modern day firewalls will take care of most budding hackers, and they have now to figure out if the easy target is well just open or a honey pot...BBBBZZzzzzzzzzz little bees they are. Hackers may yes find a flaw but a cracker or script kidde simply uses their published work often times for criminal means or bragging rights. Not often you find a hacker that uses an exploit in another system, only upon their test systems. Advantage is Security wise you have to understand the impact of the exploit on your network. Crackers may just read about it and run all of their latest tool kits not even knowing what OS they are breaking into and well when they find out have to do more homework.
Advantage is Security given the fact that most Sys Admin if the system has a full time one is on top as much info as any cracker.

[droby10]

attackers have clear advantages in my opinion.

sec admins have limitations of:
1) finances (you wanted checkpoint and you got brand x which doesn't include an enterprise management module for the 8 firewalls that are deployed)

2) time (don't go over 40 hours...and why is it taking you so long to update the firewall policies?)

3) numbers (one to ten of the guys/gals in white vs. an undeterminable number of possible attackers)

4) general practice (policies and procedures that require all of the above, and in immediate need in an after the fact approach - all of the documentation a hacker will do has already been done.)

5) ethics (he/she's probably willing to do something admins won't)

6) planning (alluded to in 4: a specific game plan has already been set before the first real attack - defensive planning is generalized and lacks focus on the situation at hand)

7) distractions (coke cans, coffee mugs, cigarette trays, pizza boxes - the bad guys don't plan on leaving or haven't had a history of doing so - vs. patch distributions, email filtering/virus updates, log and alert review, illegal usage statistics/reports, expansion plans)


and none of these are the faults of the administrators - it's just the typicall environment they fall into in the corporate security realm.

[aeallison]

Hi droby10,
Good point, and I can definately agree with you an the security procerdures you have listed. Just for gags lets look at the hackers POV.

1. finances ( You wanted that new mobo you saw while surfing only to find that its twice
what you expected, so instead of the mobo you buy the new shoot-em-up and sluff off
for a week trying to beat the boss )

2. time ( Whats that? Oh...you mean 18 to 20 hours a day? )

3. numbers ( I am just one dude against a thousand or more companies that need to be
taught that their security has holes and potential hazards they need to address
immediatly )

4. general practice (policies and procedures that require all of the above, a swift and
properly timed sweep, bot deployment, and data collection. )

5. ethics ( I know that this might p*ss him off but here goes, hope he don't have an anurism
or something trying to figure out how to plug this new hole I just found. )

6. planning ( Da**! This admin has his sh*t together, Where did I put that utility I just
downloaded yesterday? or was it last week? )

7. distractions ( Kids running around the house, screaming and putting dirt in their little
sisters pants, Mrs. Smith down the street is needing you to show her that when the
mouse gets to the bottom of the pad , but the cursor is in the middle of the screen that
its not defective hardware... )

None of these are the fault of the hacker - its just how it is man -- Sh*t Happens!


I will probably get negged for this post. But this Just kinda came to me and I couldn't help see the humor in it...don't take offense droby10, please, I am half asleep and just funnin.