Which takes more skill - defence or attack?

View Poll Results: Who will win the worldcup?

Voters
21. You may not vote on this poll
  • Brazil

    6 28.57%
  • Czech republic

    1 4.76%
  • Holland

    2 9.52%
  • England

    5 23.81%
  • France

    1 4.76%
  • Italy

    2 9.52%
  • Argentine

    1 4.76%
  • Germany

    5 23.81%
Multiple Choice Poll.
Page 1 of 8 123 ... LastLast
Results 1 to 10 of 79

Thread: Which takes more skill - defence or attack?

  1. #1
    Member
    Join Date
    Jun 2005
    Posts
    55

    Which takes more skill - defence or attack?

    Hi

    This post grows out of the current thread on Hiring Hackers as Security Consultants, but deserves separate treatment.

    Does it take more skill to attack a network or defend a network? or is it about even?

    Also, to what extent do attacker and defender share the same skillset and to what extent is it different?
    No one can foresee the consequences of being clever.

  2. #2
    King Arana: Super Moderator
    Join Date
    Oct 2002
    Posts
    4,055
    IMO -- Defense. The person attacking can easily learn how to, easily knows what to expect (for the most part), and is the one "in the drivers seat" of the situation. Defense however, is difficult (for some people) especially when you know not what you must defend against. The "defender" doesn't know what to expect, and the situation is for the most part dictated by the attacker. Thus, the Defense of the situation requires more skill. Just my thoughts/opinions.
    Space For Rent.. =]

  3. #3
    Flash M0nkey
    Join Date
    Sep 2001
    Posts
    3,447
    in my opinion developing POC's takes the most skill

    attackers for the most part will use known bugs/flaws/exploits to gain entry
    defnders will try to pre-empt possible attacks and patch known bugs/etc

    where as the people developing/finding new ways of beating defence blocks (which most attackers dont have the ability/knowledge to do) have the most skill - not people who just use someone elses exploit.

  4. #4
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Simply put... It's cat and mouse.... But the attacker is always the cat, because they have time and inclination..... The defender has to try to predict.... Watch the weathermen sometime then observe the weather.... tell me when they get it _right_....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  5. #5
    Senior Member
    Join Date
    Jun 2004
    Posts
    379
    Well i think that hands down it takes more skill to defend a system then it takes to hack into a system. some one who is trying to defend a system need to be up on the new attacks and needs to be able to set up complex things such as ACLs on routers and be able to use the command line to configure his firewall(depending on what kind he is using) wile an attacker can just go to their favorite security site and check out the newest vuln in win server 2003 and copy the proof of concept and use that, so in that case the person defending the system is skilled the attacker is not and just knows how to use google as is most of the time their are very few skilled hackers out their and a unending supply of skiddies.

  6. #6
    Member
    Join Date
    Jun 2005
    Posts
    55
    Not trying to rock the boat or anything but is there not some skill involved even in being just a skiddie?

    For example, day before yesterday I didn't know any javascript. Today I wrote my first bad boy proof of concept. Doesn't that take some skill?

    Second, command line firewalls? I thought the last one of those was used in the Garden of Eden. Most netadmins these days use nice GUI interfaces and the firewalls come majority preconfigured out of the box.

    Fact is Imho I think the defenders will end up knowing less and less and more and more will be done and is being done automatically - antivirus, patching, firewall, applications proxies - more and more stuff is going black box.

    Soon even managers will be able to system architect cause everything will have gone plug and play.
    No one can foresee the consequences of being clever.

  7. #7
    Senior Member
    Join Date
    Jun 2004
    Posts
    379
    Not trying to rock the boat or anything but is there not some skill involved even in being just a skiddie?
    No not really the only reall skill and a skiddy has is to search google for a proof IE the name script kiddie some one who uses others programs for hacking.

    For example, day before yesterday I didn't know any javascript. Today I wrote my first bad boy proof of concept. Doesn't that take some skill?
    not much javascript is not a very hard language to learn but it is cool that your learning it it is a good starting point and most script kiddies dont know any programing and if they say the do its html or something like that.

    Second, command line firewalls? I thought the last one of those was used in the Garden of Eden. Most netadmins these days use nice GUI interfaces and the firewalls come majority preconfigured out of the box.
    First if you use a preconfigured firewall with no changes you should be fired one the spot and second buy a good firewall from symatec most will be command line their was actually a thread on this a few weeks back.

    Fact is Imho I think the defenders will end up knowing less and less and more and more will be done and is being done automatically - antivirus, patching, firewall, applications proxies - more and more stuff is going black box..
    I dont think that that is true your firewall and your proxies should no be run with an out of the box config on them if they are like i said you should be fired and what dose antivirus and system patching automaticaly have to do with how much the admin knows about his system all that that means is that he dosent have to go around pusching the button,

    Soon even managers will be able to system architect cause everything will have gone plug and play.
    I do not think that that will ever happen ever sorry.

  8. #8
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    For example, day before yesterday I didn't know any javascript. Today I wrote my first bad boy proof of concept. Doesn't that take some skill?
    No, not at all, thats not big and its not clever. Any idiot can write a bad javaScript program that creates an endless loop, thats just bad programming.
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  9. #9
    King Arana: Super Moderator
    Join Date
    Oct 2002
    Posts
    4,055
    Any idiot can write a bad javaScript program that creates an endless loop, thats just bad programming.
    Not only can any idiot write one BUT they can easily LEARN how to write one. Thus making a script kiddie.
    Space For Rent.. =]

  10. #10
    Senior Member
    Join Date
    May 2003
    Posts
    1,199
    Second, command line firewalls? I thought the last one of those was used in the Garden of Eden. Most netadmins these days use nice GUI interfaces and the firewalls come majority preconfigured out of the box.
    the true voice of somone who has never had to set up any type of corporate level security.
    Everyone is going to die, I am just as good of a reason as any.

    http://think-smarter.blogspot.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •