Which takes more skill - defence or attack? - Page 8

View Poll Results: Who will win the worldcup?

Voters
21. You may not vote on this poll
  • Brazil

    6 28.57%
  • Czech republic

    1 4.76%
  • Holland

    2 9.52%
  • England

    5 23.81%
  • France

    1 4.76%
  • Italy

    2 9.52%
  • Argentine

    1 4.76%
  • Germany

    5 23.81%
Multiple Choice Poll.
Page 8 of 8 FirstFirst ... 678
Results 71 to 79 of 79

Thread: Which takes more skill - defence or attack?

  1. #71
    Senior Member genXer's Avatar
    Join Date
    Jun 2005
    Posts
    252
    From being both in IT and Auditing I can tell you that it is harder to defend than to attack. There are similiarities to both areas:

    1. Both areas have tools that can automate that process of securing or breaching
    2. Both areas require at a minimum, some time and effort to learn and experience the better or best ways to practice their craft; however, to fully master defense or attack, one needs to commit oneself, like any craft, to it every day - I was in IT for quite awhile and when I flipped to auditing, I found I was a novice in a different arena of thought.

    Having stated the above, it just feels to me that defense takes more work - why because as previously stated throughout this thread, defense it more a guessing game, the attack can be better planned. With defense, one needs to plan for every contigency that can be imagined.

    Also because some feathers seemed ruffled in this great thread, I thought I would share a fairy tale - don't worry it has been deemed "The Worlds Shortest Fairy Tale!" Please God, don't let my wife see this - if she does - honey I love you and this is just a joke! :

    Once upon a time a guy asked a girl, "Will you marry me?"
    She said, "No !"
    And the guy lived happily ever after.
    THE END
    \"We\'re the middle children of history.... no purpose or place. We have no Great War, no Great Depression. Our great war is a spiritual war. Our great depression is our lives. We\'ve all been raised by television to believe that one day we\'ll all be millionaires and movie gods and rock stars -- but we won\'t. And we\'re learning slowly that fact. And we\'re very, very pissed off.\" - Tyler (Brad Pitt) Fight Club.

  2. #72
    Senior Member
    Join Date
    Jun 2002
    Posts
    174
    Better late then never genXer. Welcome to AO.
    I\'m back.

  3. #73
    Junior Member
    Join Date
    Dec 2001
    Posts
    4

    Defense is definitely more difficult in a business environment

    With the limited time (even using automated tools) to detect and respond to an attack - which means detailed log review, the task of the defender is the greater and more challenging. And if a forensic level analysis is required, you'd better budget at least one hour of time for every minute an attacker was in your system.

    Log correlation, multi-layered (and frequently non-integratable) tools means a lot more work. Bugs happen and exploitation of them is a damn sight easier than having to mitigate or work around a vulnerability because some programmer, in his/her infinite wisdom, found that they could do really cool programming tricks!

    And, yes, I have had to deal with business applications that actually used cross-site scripting vulnerabilities in Internet "Exploder" to achieve a business function. Patching caused apps to break and left an exploitable weakness in the network.


    Having stated the above, it just feels to me that defense takes more work - why because as previously stated throughout this thread, defense it more a guessing game, the attack can be better planned. With defense, one needs to plan for every contigency that can be imagined.

  4. #74
    Senior Member
    Join Date
    Jun 2002
    Posts
    174
    I think we've beat this to death... and we pretty much all agree....
    I\'m back.

  5. #75
    Senior Member genXer's Avatar
    Join Date
    Jun 2005
    Posts
    252
    Better late then never genXer. Welcome to AO.
    DOH! Sorry - just realized the date on the last post before I posted. Sorry about that. I will try to avoid that in future.
    \"We\'re the middle children of history.... no purpose or place. We have no Great War, no Great Depression. Our great war is a spiritual war. Our great depression is our lives. We\'ve all been raised by television to believe that one day we\'ll all be millionaires and movie gods and rock stars -- but we won\'t. And we\'re learning slowly that fact. And we\'re very, very pissed off.\" - Tyler (Brad Pitt) Fight Club.

  6. #76
    Banned
    Join Date
    May 2005
    Posts
    173
    So basicly your analogy is that if more work is put into something then this person has more "skill". And I'd kinda have to agree with that...

    Any random jackass standing on a highway, wearing an orange vest while picking up trash or digging ditches clearly has five million times more skill than most people who work with computers.

    And Neg, do I need to remind you of what happend last time you deleted one of my posts? Yeah thats right... I actually have that saved. Even now you and I would both agree I was in the right but your just to anal to admit it.

  7. #77
    Senior Member genXer's Avatar
    Join Date
    Jun 2005
    Posts
    252
    So basicly your analogy is that if more work is put into something then this person has more "skill". And I'd kinda have to agree with that...

    Any random jackass standing on a highway, wearing an orange vest while picking up trash or digging ditches clearly has five million times more skill than most people who work with computers.
    Not sure if this was an attempt of a slam or not - because it had about as much merit as you do - nil. Also, what is your speciality - besides that of being an assclown? An assclown who obviously has nothing better to do than to rejoin an organization who has booted - hmm - how many times now?!? Oh wait, I'm sorry, that's right - you're an H4xX0r1337. Wow... no one is impressed.

    Also - I would love for you to take that little jackass comment to the actual people doing that work and see what they think of your pontificating. Lastly, before I joined this fine organization, and it is fine, no matter how much you bash it - then join/rejoin it, I read through some of your posts. Something happened to you - something dark, or light, or whatever - because you don't curse as much anymore - could it be that the organization that routinely exorcizes you from their membership ranks are actually training you - making you conform? Hey - mouth breathing troglodytes can learn new tricks! Maybe you can use that life experience to get a job that lasts longer than a week and move out of your Mother's basement. Now before you piss me off, why don't you?

  8. #78
    Junior Member
    Join Date
    Mar 2003
    Posts
    14
    IMO I would say the attacker. They both take skill, but attackers usually have more expertise. What I mean by that is a system administrator might be a specialist in locking down a windows server, but attackers have expertise in many operating systems because they usually do not limit themselves to one specific type of hacking.

    The security admins can lock down things by general permissions and knowledge of the OS comes into play in that respect, but a lot of it is staying up on patches. If an attacker goes up against a system that has locked down all known vulnerabilities, it requires a lot more work than people give them credit for.

    Another thing is the whole pressure situation. When you attack, especially illegally, the pressure can get to you. A security admin at most can lose their job if they fail at securing the system, which rarely happens, the company just reacts and locks down the system. An attacker fails at an attack and he goes to prison usually. That factors in a lot, especially when your actually in the middle of the attack.

    Also attacking isn't just getting in, it is everything. Footprinting, scanning, etc like one of the posters quoted from text. You have to do a lot of work just to get in, then you have to do more work to clean the logs, get admin access if you only got user level access, plant backdoors and other accounts for a return to the system if needed.

  9. #79
    Member
    Join Date
    Jun 2005
    Posts
    55

    Re: Defense is definitely more difficult in a business environment

    Originally posted here by Cyberruk


    Having stated the above, it just feels to me that defense takes more work - why because as previously stated throughout this thread, defense it more a guessing game, the attack can be better planned. With defense, one needs to plan for every contigency that can be imagined.
    I disagree. It is impossible to plan for every contingency that can be imagined. A defender can only afford (or rather he will only and just barely have the resources for, and maybe not even then) to deal with the most likely contingencies.

    You could say the real skill is determining the most likely risks (risk analysis), persuading management to cough up the dough (mucho persuasion) and then implementing an optimal solution (money, time, people and effectiveness wise) before crossing one's fingers, sticking one's head between one's legs and hoping to h3ll you don't have to ki55 your a55 g00dby3!!!
    No one can foresee the consequences of being clever.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides