being a [glowpurple]hacker[/glowpurple] or being the [gloworange]security[/gloworange] ?
my feeling is being the hacker because the security should already know all of the ins and outs of their systems.
Printable View
being a [glowpurple]hacker[/glowpurple] or being the [gloworange]security[/gloworange] ?
my feeling is being the hacker because the security should already know all of the ins and outs of their systems.
I call it even....security and hacking is kinda like a chess game, IMHO.
I have to agree with Bob, I think the hacker has to stay in tune with his coding and study in order to maintain a certain edge on security, as security might be a bit more stressful ( waiting for the hacker to find another hole to exploit ) Of course security would rather see a hacker than a determined cracker. Cool thread Bob, lets see how this one goes.
I have to say the sys admin has a rougher time than the cracker because the cracker is always one step ahead of the game. Virii come before the virus definition, a patch is released after the exploit is found, you get the picture.
Well Bob don't know why your angry but software is not set it sort of mutates. Yeah hackers have an advantage why? Cause sys Admn is not only dealing with server issues but also software license compliance and EULA's, end users and some most lame. Throw into that they have a home life like a girl friend, wife and maybe kids. Yeah hackers have it over me is an 8 hr job, but then hackers spend days finding a flaw have no life and give me the info for free. Me hackers now days work damn hard but not to smart, me I like working smart but not hard. After all I don't spent countless hours for bragging rights..me well auto depost works just fine :)
The admin just has to know his own system and keep up with updates and such. The Hacker has to study alot of different kinds of systems, and code different exploits and such to break in. I say the hacker has alot more work then the admin does.
Id have to say security would be harder, cause you have to defend your system from all threats, both internal and external. A hacker would be looking for holes in a single sytem. Though a good security person should try to find the holes before someone malicious does.
Security is all about not only knowing what is out here as far as exploits but in also understanding the nature of the hacker. Most modern day firewalls will take care of most budding hackers, and they have now to figure out if the easy target is well just open or a honey pot...BBBBZZzzzzzzzzz little bees they are. Hackers may yes find a flaw but a cracker or script kidde simply uses their published work often times for criminal means or bragging rights. Not often you find a hacker that uses an exploit in another system, only upon their test systems. Advantage is Security wise you have to understand the impact of the exploit on your network. Crackers may just read about it and run all of their latest tool kits not even knowing what OS they are breaking into and well when they find out have to do more homework.
Advantage is Security given the fact that most Sys Admin if the system has a full time one is on top as much info as any cracker.
attackers have clear advantages in my opinion.
sec admins have limitations of:
1) finances (you wanted checkpoint and you got brand x which doesn't include an enterprise management module for the 8 firewalls that are deployed)
2) time (don't go over 40 hours...and why is it taking you so long to update the firewall policies?)
3) numbers (one to ten of the guys/gals in white vs. an undeterminable number of possible attackers)
4) general practice (policies and procedures that require all of the above, and in immediate need in an after the fact approach - all of the documentation a hacker will do has already been done.)
5) ethics (he/she's probably willing to do something admins won't)
6) planning (alluded to in 4: a specific game plan has already been set before the first real attack - defensive planning is generalized and lacks focus on the situation at hand)
7) distractions (coke cans, coffee mugs, cigarette trays, pizza boxes - the bad guys don't plan on leaving or haven't had a history of doing so - vs. patch distributions, email filtering/virus updates, log and alert review, illegal usage statistics/reports, expansion plans)
and none of these are the faults of the administrators - it's just the typicall environment they fall into in the corporate security realm.
Hi droby10,
Good point, and I can definately agree with you an the security procerdures you have listed. Just for gags lets look at the hackers POV.
1. finances ( You wanted that new mobo you saw while surfing only to find that its twice
what you expected, so instead of the mobo you buy the new shoot-em-up and sluff off
for a week trying to beat the boss )
2. time ( Whats that? Oh...you mean 18 to 20 hours a day? )
3. numbers ( I am just one dude against a thousand or more companies that need to be
taught that their security has holes and potential hazards they need to address
immediatly )
4. general practice (policies and procedures that require all of the above, a swift and
properly timed sweep, bot deployment, and data collection. )
5. ethics ( I know that this might p*ss him off but here goes, hope he don't have an anurism
or something trying to figure out how to plug this new hole I just found. )
6. planning ( Da**! This admin has his sh*t together, Where did I put that utility I just
downloaded yesterday? or was it last week? )
7. distractions ( Kids running around the house, screaming and putting dirt in their little
sisters pants, Mrs. Smith down the street is needing you to show her that when the
mouse gets to the bottom of the pad , but the cursor is in the middle of the screen that
its not defective hardware... )
None of these are the fault of the hacker - its just how it is man -- Sh*t Happens!
I will probably get negged for this post. But this Just kinda came to me and I couldn't help see the humor in it...don't take offense droby10, please, I am half asleep and just funnin. :D
no offense taken...it's a different type of 'hacker'.
personally, i like #7 best...i'm a sucker for kids, mud, and mrs. smyth's fresh apple pies.
hehe droby10, I thought I was gonna feel the wrath of you unleashing that Cray your messin with...Kinda like me, only I can't claim hacker staus yet, I guess I am more of a tweaker, oops!
now I'm a freaker cause I know that is going to leave a mark! " You have just activated the world self destruct sequence, You now have 10 minutes to leave the solar system!!!"
This would be my luck after 10 days of trying to find holes in some gov. network....eeeek!!!
My mind is getting foggy need sleep....gnite all.
The security job is tougher, hands down... in the "hacking" side of thing (and we have to include kidddies in this, I'm sorry), there's a lot of incest. That is, there's a lot of "knowledge sharing" in the individual cliques/groups/whatever. Chances are, if you can find a box out there and identify something running on it, you have "a way in" and something that, in this day of information overload, you at least have "a lead." <edit>That is to say it's a cycle of enumerate, research and penetrate (not quite that simple but it's not too far off) - and yes, sometimes that "research" can be "involved."</edit>
The security professional, on the other hand, has to keep up with everything on each system, the potential vulnerabilities in it and know when they might need to go look at it. They also need to monitor systems for "suspicious activity" or "things that just don't look right to me, Bob." Given any of those, they need to investigate these individual incidents.
Meanwhile, in most environments, they have to "balance" that with user interaction... such as the "web master" who just wants to install this little Perl script on the server to do this one little thing. And you all know what that means... another vicious cycle of:
- "Why do you REALLY need this?"
- "Can you live without it?"
- "Is there a better way to do it?"
- "Ok, let me look at and audit the code for security problems."
In short, you have to balance the need of the user with the overall usefulness (or uselessness) of the request while also potentially educating the user and/or management. This is much more difficult than it sounds... in magnitudes. For example, the whiny director, "But I really need this insert important customer here to be able to log in to my machine across the Internet."
And this is just the stuff you have to do on a daily basis...
Meanwhile, there's the typical sysadmin side of it:
- talking with vendors that won't leave you alone
- talking with consultants who seem to think a pen-test is translating "nmap's cryptic output" for you or something equally assinine
...and screening all the "wonderous bullsh*t that some management weanie's brother works at and we really, really, really have to use." (some people here are probably nodding like hell and laughing their a**es off right now)
This is followed by doing yet more security audits of your environment to make sure things are "still the same way you'd expect them to be" - then going back to investigate all the anomalies. This goes further in to other pen-tests and system assessments (investigating user accounts, making sure someone didn't install something they weren't supposed to or that short-circuits your security, etc).
Oh, and I haven't even got to the whole intrusion detection thing -- the part that most people seem to "focus" on when they think "network security engineer." Going back and looking at your logs every damn day and blackholing people that just won't learn, investigating yet more attempts in to your network, etc. Oh, and did I mention going off to nice handy sites like Incident.Org or Giac or any of those others, looking for new attack signatures and possibly integrating them in to your environment?
And all the while, you're supposed to be keeping up on your research, learning, and staying ahead of the hackers - because, after all, that's actually what you were hired to do.
(And, BTW, I am sure that I missed a few points in there...)
hrmmm. I take it as a risk thing, cushy admin job? or living in your parents basement hopeing you don't get busted by the cops.
Read this article on the FBI's new project, and the Hacker retaliation that is expected. Security is MUCH tougher.
media.guardian.co.uk/newmedia/story/0,7496,767443,00.html
to sort of repeat what syini666 said, i'd have to say the security. you have to find all of the possible holes and get rid of them, which could be very, very many, while the attacker only has to find one.
Okay let me wade into this fray :D
First you have to define tough or difficult.
If we define tough as the difficulty to learn the specific job then I believe that true hackers (not script kiddies) have to have more detailed knowledge of more systems as well as programming, networking etc. Security does well to know these but they have the help of other professionals who are putting out patches, developing software etc. to help them plug their system. This is not to diminish the amount of learning it takes to become an effective security officer. I believe that with time a good security officer could become a good hacker as well and combine the strengths of inside knowledge and the skills to find your own vulnerabilities before someone else does. This is my personal goal.
However if we define tough as being the overall job then Security has it tougher. I give you two reasons, the first very simple. Security is my job, hacking is a hackers hobby. While I have to work hard and learn stuff for my hobby (Military History and Gaming) I do not categorize this as work. While I enjoy working with computers, security is still a job.
Secondarily, as has been stated previously I am not left alone just to work on security. I have to attend meetings, deal with users, deal with vendors, evaluate software, implement changes, and respond to emergencies (real or perceived), write and attempt to enforce policies, and conduct training.
So while my hours are not as long as a hackers may be they are work hours. While I get paid for them I don't get paid for my hobby so I do not consider that a valid argument.
Therefore it depends upon your definition of tough. For my evaluation I will merely state that I fall back on the fact that Security is my Job, Hacking is a hacker's hobby. I do not complain when I am up until 3 a.m. playing Anarchy Online or Counter Strike or for the hours I spend reading Military History Magazine or Science Fiction books. These are my hobbies and I donate time to them freely and happily.
My advice to hackers is that you should get a job in security because there can't be too many things better than working at your hobby, even if it is from the opposite side.
Sincerely,
Good discussion and interesting to read everyone's thoughts.
I agree that the sys admin has the tougher job if for no other reason than the hacker, in theory, has one target to shoot at. The sys admin HOLDS the target with many guns pointing at him/her.
Hackers, crackers, virus writers, etc... comprise the "guns" on a daily basis.
As others have said, sys admins also have the ever-changing variables of users, the ever changing technology and all newly discovered vunerabilities to try and keep up with. Can anyone tell I oversee a MS network? :(
I guess I see hacking as focusing on one task and having to try, I'm sure, many, many times to achieve the desired result. I'm sure it is not, in any manner, "easy".
But I don't think it holds as many challenges as a sys admin.
Delyn
Guess it's kinda split up:
When you're the sec, you know all the ins and outs of the system (right, AngryBob) and you should know how to avoid most of the security-holes in it but you are the security and do all the stuff to avoid sec-leaks because you are in such fear of hackers and alikes.
When you're the hacker, you try to understand the system and try to map the mechanisms working in it. You always have to be aware of the sec not to get caught when doing so. So you do your task in fear as well as the sec does it's.
In general I would say it's more though to be the hacker cause you are alone against the sec sitting in their house. You try to get in and they block the door. When you break the door and rush in, they might recognize you and track you down but when you learn to use different techniques and ways you might find another possibility to get in right behind them without even being seen!
Then we have the sec on the other hand: They are blocked in their house, waiting for someone to break the door. That certain someone has got all the time out there to prepare that strike and get to know all the holes in the security-organisation.
The sec also learns by trial and error but generally they try to take the first step and counter your attack.
So it's a war of intellect, a fight of mind against mind. The hacker against the system - so IMHO both sides have the thrill and learn alot.
And as you know - learning is worth alot in your every-day-situations ;)
Thanks for your ear, ladies and gentlemen!
Sledge
I TOTALLY agree with draziw on that.
The odds are very much against admins (security):
-because of the limited time a single admin manages to dedicate to security
-because of having to balance usability/accessability with security
...
I was gonna say that too... I'd even add that you have to keep on top of all the vulnerabilities , all the time while a hacker (most of the time) needs a single vulnerability at any particular time.Quote:
Originally posted here by spitfire087
to sort of repeat what syini666 said, i'd have to say the security. you have to find all of the possible holes and get rid of them, which could be very, very many, while the attacker only has to find one.
This also reflects in detection: a single hacker can/could easily get lost in a see of logs in an unlimited timeframe while the admin has to find a single attack at a single time...
My point is that you sort of have to multiply the odds of protecting / detecting by the uptime of the system...
Ammo
i guess we also need to define or rank an order for success measurement. which is a more important determination for success:
- keeping hacker's out -vs- a hacker getting in?
- preventing data tampering -vs- tampering with data?
- tracking the culprit -vs- getting away with it?
because, as alluded by many here, we're really dealing with two different time tables.
an attacker will initiate a strike, thus be the first to act. an admin will attempt to detect and protect - a response to the attack. while there are proactive measures that can be deployed, you can't feasibly rely on anything to stop an attacker before he strikes? i think most will agree that the best defense is accountability...who did what and where (and how reliable is the proof of record).
i think that from an overall standpoint it's rediculous to think that an administrators success should be based on keeping people out. it's ideal - but not realistic. however the determinant with the longest lifespan (tracking the attack/getting away with it) is to the definate advantage of the administrators; provided that the proactive accountability measures have been taken.
Good point. It's true that nowadays we are expecting (well, pushing for) total security (no breaches ever) but it's indeed unrealistic... Just like police, security guards, alarm systems and other security systems in day to day life, are perfect and prevent all "crimes"/intrusions.Quote:
Originally posted here by droby10
i think that from an overall standpoint it's rediculous to think that an administrators success should be based on keeping people out. it's ideal - but not realistic. however the determinant with the longest lifespan (tracking the attack/getting away with it) is to the definate advantage of the administrators; provided that the proactive accountability measures have been taken.
It might be a little hard on the ego at first, but I think we should start accepting it..
Ammo