Which takes more skill - defence or attack? - Page 4

View Poll Results: Who will win the worldcup?

Voters
21. You may not vote on this poll
  • Brazil

    6 28.57%
  • Czech republic

    1 4.76%
  • Holland

    2 9.52%
  • England

    5 23.81%
  • France

    1 4.76%
  • Italy

    2 9.52%
  • Argentine

    1 4.76%
  • Germany

    5 23.81%
Multiple Choice Poll.
Page 4 of 8 FirstFirst ... 23456 ... LastLast
Results 31 to 40 of 79

Thread: Which takes more skill - defence or attack?

  1. #31
    Junior Member
    Join Date
    Jun 2005
    Posts
    3
    Asking the wrong question. Should be: "What kind of skill does it take to be an attacker or a defender". It's an ubiquitous question that can be spread over a wide range of level-playing-field competitions.

    What if the field isn't level? People bring up packaged programming as an advantage for either side, but as soon as one side comes up with a defense or an attack, it doesn't take long for the other side to come up with a response.
    - Somna

  2. #32
    Member
    Join Date
    Jun 2005
    Posts
    55
    Originally posted here by Spyder32
    Co-sign and an excellent point. It is one person against an entire world of people. People who are capable of anything and people who eventually one of them will be smarter/skilled than you are. Thus, that one person has more to bare with and deal with. Excellent point, crashburn181.
    It is not except on the smallest of systems 1 person against the world. Defence is, has to be, a team effort and the team even includes the users (hence user awareness campaigns etc).

    For example, how do you defend against this piece of code or similar


    function catchme()
    {
    ifyou()
    }

    function ifyou()
    {
    can()
    }

    function can()
    {
    catchme()
    }


    Assuming you don't just strip all active code at the firewall, becoming less and less of an option these days, the answer is multilayered and not all options are appropriate to every business.

    Measures might include

    1. Site categorisation and filtering to reduce possible exposure
    2. Restrict web usage to business only
    3. Strip active code unless the site code has been inspected and trusted;
    4. Might be possible to get some sites authenticated i.e. the site is signed and the site code has not changed.
    5. Active code blocked at client level and users educated not to activate except for business reasons
    6. Users educated not to touch their machines if they detect anomalous behaviour and to call help desk.
    7. Antivirus signature updates will catch common code traps
    8. Emails (in which encoded links could be buried and or which lead to code traps like this) should be in plain text only (at least slows the user down and avoids spoofing/social engineering attacks)
    9. Train Help desk staff to deal with incidents like the above.

    etc

    None of the above is adequate by themselves and ultimately the problem is that web sites with rich functionality are a business plus and rapidly turning into a business necessity. The web functionality does what it is supposed to do i.e. runs active content - the problem is preventing users reaching pages with deliberately badly written active content which will screw up their machine, even if only temporarily.
    No one can foresee the consequences of being clever.

  3. #33
    Senior Member
    Join Date
    Feb 2004
    Posts
    270
    Develop browser that detects endless loops.

    Since the beginning of time, Man has searched for the answers to the big questions: \'How did we get here?\' \'Is there life after death?\' \'Are we alone?\' But today, in this very theatre, you will be asked to answer the biggest question of them all...WHO LIVES IN A PINEAPPLE UNDER THE SEA?

  4. #34
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,130
    Originally posted here by neel
    imo the attacker doesn't have less skill as the defender... of course there's alot of people who download some exploit and run it, but defenders have that same problem just downloading a firewall and running it...
    Agree.
    I think that we need to remove script kiddies or newbies admins from discussion.
    I think that an attacker is a "master" on just ONE discipline. e.g. he/she knows a lot of "php" and can make a url construction that causes a specific servlet do crash.
    However an attack doesnt need to know deeply every discipline. His/Her knowledge is more "open". An admin need to follow the current attack vectors, know what kind of vulnerability is more "dangeour"... something like this
    Meu sítio

    FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
    If I die before I sleep, I pray the Lord my soul to encrypt.
    If I die before I wake, I pray the Lord my soul to brake.

  5. #35
    Frustrated Mad Scientist
    Join Date
    Dec 2004
    Posts
    1,152
    Without getting too specific.

    I would have to take the opinion that it take more skill to successfully defend than to successfully attack.

    The attacker just has to find a single flaw and put all of his/her resources into exploiting that flaw and can carry that out at a time and place of their choosing. The defender has to be able to deal with any attack from any direction at any time.

    It's a very general question and I've given a general answer but if you want to get into specific situations you can flip it either way.

  6. #36
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,192
    Hi Aspman

    I would have to take the opinion that it take more skill to successfully defend than to successfully attack.
    That is a very good point."successfully", as was the previous point about a level playing field in skill level.

    I agree with your analysis, as it is what I was trying to get across with my computer game analogy.

    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  7. #37
    Senior Member
    Join Date
    Dec 2003
    Location
    Pacific Northwest
    Posts
    1,675
    Good Day,

    This is much like chess, making the first move does not necessarily equate to victory. To win, a combatant must possess not only a thorough knowledge of the game but be a very effective strategist. So tell me in advance, who will win the chess match?



    ~cheers~
    Connection refused, try again later.

  8. #38
    AO BOFH: Luser Abuser BModeratorFH gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Some people seem to think defending is hard..

    Home user: installs a firewall with Macfee or Norton. Done.

    Attacker has to code an exploit, find a way in, use it, get admin or root, and hide his tracks.

    Yea, I can see why someone would say it's harder...
    Kill the lights, let the candles burn behind the pumpkins’ mischievous grins, and let the skeletons dance. For one thing is certain, The Misfits have returned and once again everyday is Halloween.The Misfits FreeBSD
    Cannibal Holocaust
    SuSE Linux
    Slackware Linux

  9. #39
    Banned
    Join Date
    May 2005
    Posts
    173
    Their only saying that just to flow with the crowd, this whole thing is biased... I keep saying it and everyone is to full of themselves to admit it. AO, a place where alot of talk and not much else is considered a skill and ego rains supreme.

    Most of you call this place a security site... many go as far as to say things such as "security professionals"... those words speak for themselves.

  10. #40
    ********** |ceWriterguy
    Join Date
    Aug 2004
    Posts
    1,608
    Next poll - check your local listings for date and times -

    Which takes more skill? To be intentionally offensive, or to share knowledge as inoffensively as possible?
    Even a broken watch is correct twice a day.

    Which coder said that nobody could outcode Microsoft in their own OS? Write a bit and make a fortune!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides