Have got to learn this stuff
Results 1 to 6 of 6

Thread: Have got to learn this stuff

  1. #1
    Junior Member
    Join Date
    Aug 2002
    Posts
    2

    Exclamation Have got to learn this stuff

    Recently, one of my customers systems got hacked and the hacker "borrowed" the email server to send 27,000 spam emails from their location. This made me feel like an idiot because I set the system up and thought that we were pretty secure. Anyway, the customer bought a 3com firewall and I installed it yesterday. How can I know that we are secure and how can I learn enough to be able to assure my customers that they are safe. I feel stupid for not learning this stuff before. I am good at programming and setting up networks large and small but have absolutely no security knowledge. WHERE DO I START. I have to cover these customers.

    Thank You

  2. #2
    Senior since the 3 dot era
    Join Date
    Nov 2001
    Posts
    1,540
    You can start with reading several tutorials here at AntiOnline in the tutorials section.
    If you system is ready and online, you should test / audit. You can ask another company to do this for you, or you can do it yourself. For instance you can start with a nmap from a linux box outside your network to your network boxes. Or do a simple test from a pc in your network with sites like www.grc.com or www.securityspace.com

    Make sure you always install the latest patches, especially for your OS, networking software, webbrowsers, ftp, www-servers, ...
    Keep an eye on sites like this one, it keeps you alert. Always use strong paswords (A-Z,a-z,1-8,$%). Make sure physical access to the servers is only granted for people you trust / know what their doing.

  3. #3
    Senior Member problemchild's Avatar
    Join Date
    Jul 2002
    Posts
    551
    I would also add that the Bugtraq mailing list is an indespensible resource to keep you on top of the latest vulnerabilities. Head on over to securityfocus.com and sign up, and read it every morning before you start work.
    Do what you want with the girl, but leave me alone!

  4. #4
    Senior Member
    Join Date
    Oct 2001
    Posts
    677
    My nmap tutorial may help. get a linux box, get nmap, scan your system to be sure its not open to the world.

    http://www.antionline.com/showthread...hreadid=234206
    One Ring to rule them all, One Ring to find them.
    One Ring to bring them all and in the darkness bind them.
    (The Lord Of The Rings)
    http://www.bytekill.net

  5. #5
    Senior Member
    Join Date
    Jul 2002
    Posts
    225
    Don't forget Nessus. Nessus is a free vulnerability testing tool that makes finding most common holes easier then falling off a log. Good "first knife" for a security audit. get it at nessus.org

    Nessus works through a client/server model, and has an advanced scripting language for launching custom scans. Overall, it comes highly recommended.
    \"Now it\'s time to erase the story of our bogus fate. Our history as it\'s portrayed is just a recipe for hate!\"
    -Bad Religion

  6. #6
    Junior Member
    Join Date
    Jun 2002
    Posts
    17
    I do the same type of work you are in and I can definately understand where you are coming in with the embaressing part. It will be fairly expensive for another company to come in and try to exploit your customer but worth it. These company who do this have people that get paid to sit at antionline.com, astalavista.box.sk, undernet, and other security sites and IRC server just to learn basically how to hack. Learning to hack your own system is always a good paint on your palette but take your time. It will take a lot of reading for you to get good but it is definately worth it. But your best bet here will be a company that does this stuff on a normal basis and keep yourself learning all along.
    I am just a reoccuring memory of that unfinished story that is our so called lives...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •