Page 3 of 3 FirstFirst 123
Results 21 to 28 of 28

Thread: pitching network security

  1. #21
    Junior Member
    Join Date
    Aug 2003
    Posts
    2
    Am I the only one that noticed that "576869746568617" is hex for "whitehat". It's missing a few digits on the end, assumably because the number of caharacters exceeded the max.

  2. #22
    rebmeM roineS enilnOitnA steve.milner's Avatar
    Join Date
    Jul 2003
    Posts
    1,021
    This thread has been refreshing.....

    Although when I first strated reading I was wondering why it had not been left to die a quiet death.

    The business case is always a good one to take to the managementand & catch has demonstrated an excellent way to make that case.

    But there is another case worth considering as well - The statuatory obligaiton. There may exist a legal obligation to protect information held by your company. A similar caluclaion can be used resulting in anual probability of the CIO/CEO being sent to gaol based on your risk assesment.

    The test that will be made legally (in the UK anyway) is whether you can demonstrate that you have taken reasonable care to protect the systems your company is responsible for.

    Now this is not being stated due some peak testosterone levels just to frighten the management, but as a professional in the IT industry, my CV & reputation will be ruined if my CEO gets imprisoned because of lack of relevant investment and I haven't made them aware of the risk. Remeber, file that all important memo

    Steve
    IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com

  3. #23
    Yes, that's my CC number! 576869746568617's Avatar
    Join Date
    Dec 2003
    Location
    Earth
    Posts
    397
    Coming from a similar backround (DARPA, DoD,etc.) Catch, I figured that you would know what I was getting at. Maybe it was the way I came across (like a 14 year old punk drooling at the Cult of the Dead Cow website or something). I'm just worried that you guys may think that I'm saying to just hack, hack, hack your systems, gain root, and use the power for evil. That's far from my intention. Sorry if I came across like a punk that just wanted to get someone fired. I just think that if one wants to be a great security admin, they should be able to think from the other side of the fence.

    Also, I have read your paper in the past. It is a great informational resource and should definately be added to any admin's library.

  4. #24
    Yes, that's my CC number! 576869746568617's Avatar
    Join Date
    Dec 2003
    Location
    Earth
    Posts
    397
    Good obervation, aegis.

  5. #25
    Yes, that's my CC number! 576869746568617's Avatar
    Join Date
    Dec 2003
    Location
    Earth
    Posts
    397

    Resources for Security Info

    Here are some informational resources for you guys. There are links to "tools" as well, investigate these at your own risk. Some of them are tools of the blackhat, so I wouldn't download these onto any system that you do not own.

    Hope it helps, and please, use responsably, as you will be responsable for anything you break!

  6. #26
    Yes, that's my CC number! 576869746568617's Avatar
    Join Date
    Dec 2003
    Location
    Earth
    Posts
    397
    Here it is. It's a .zip archive.

  7. #27
    Yes, that's my CC number! 576869746568617's Avatar
    Join Date
    Dec 2003
    Location
    Earth
    Posts
    397

    Ethics

    Also, If anyone feels the need to attempt anyhing in my posts, please read this first. Your job (and possible criminal record or lack thereof) may depend on it.

    http://www.cs.berkeley.edu/~bh/hackers.html

  8. #28
    Yes, that's my CC number! 576869746568617's Avatar
    Join Date
    Dec 2003
    Location
    Earth
    Posts
    397
    For those who may still feel that therecommendations in my first post were irresponsible, please read the following.

    Any time a trusted, secure system is accessed, a login banner should be displayed. This is common practice, especially on DoD systems. Take a look at this excerpt from the ACERT (United States Army Computer Emergency Response Team) logon Banner:

    "DoD computer systems may be monitored for all lawful purposes, including to ensure that their use is authorized, for management of the system, to facilitate protection against unauthorized access, and to verify security procedures, survivability, and operational security. Monitoring includes active attacks by authorized DoD entities to test or verify the security of this system."

    That is exactly what I was talking about. A responsable use of hacking, not a malacious attempt to wrest control.

    Hope that clears things up.

    P.S. just learned that I could Edit...Guess i should have read the F.A.Q. a little closer. Anyhow, the point that you have made, Steve, is the same one I was trying to make, just in a different, (and possibly wrong) way. Your point is well taken, and I appreciate the constructive criticism. (I guess I did, considering my lack of explination in the first post, and my repeated posts, lol.) I do appreciate the comments from Catch as well...nothing beats hard numbers.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •