Can somebody know computer security good without hacking practice?I think, how many of the peole here are hackers?
Printable View
Can somebody know computer security good without hacking practice?I think, how many of the peole here are hackers?
wront question. "can someone be a hacker without knowing security?" of course not.
"i think, how many of the peole here know security?".
Depends on how you define hacker. I personally define it as someone who knows a particular system inside-out, whether that system is networking, being a good programmer or being an expert at hockey. That said, in a broader sense, yes someone could be a hacker and not know security. If I'm a game "hacker" and manipulate the game to create cheat codes and such, there's little security needed for that.Quote:
"can someone be a hacker without knowing security?" of course not.
Once you define what a hacker is, you probably can answer this question. I personally don't consider myself a hacker but rather look at myself as someone who is very curious about things and likes to solve problems. I still have a lot of learning to do before I'd ever put myself into that category.Quote:
how many of the peole here are hackers?
No, you do not need to have been a hacker to know how to do computer security well, but you do need to know how hackers operate so you now one of the things you are protecting yourself against.
I do use hacking practices for forensics and plain out curiousity. I love challenges and I'm curious about computers. I'm not a hacker, and I still have plenty to learn about cmputers.
of course, i also like to try exploits, see the code of some virus... but better than that i like to know how to make a system secure.
My answer, for what it is worth, is that most people here are not "hackers" in the modern sense of the word? but they do know how ;) ...in the "proper" sense?
There are a lot of similar characteristics to being either a hacker or a security expert.........firstly you need to understand operating systems?
If you do not, you are a "skiddie", or a "director/EVP" ( this latter term is an anagram for ******* or wanker?)
Hah!............now I know why I am typing this in braille :D ......they do say that it sends you blind?
All I can do is quote the philosopher general Tsun Tsu (apologies for spelling):
"If I know nothing about myself, and nothing about my enemy, I shall surely lose.
If I know everything about myself, and nothing about my enemy, my chances of winning are even
If I know everything about myself, and everything about my enemy, I shall surely prevail"
Kinda makes sense?
From the same source:
"When the whole world is at peace, a wise man walks with his sword at his side"
So update your AV and firewall and other stuff!!!......direct order from a general?
Good luck!
Getting arrested for any kind of computer crime will not help on ones resume. Felons and security jobs do not go together. One might point to mitnick with his lectures and book but with his ability to social engineer he could have owned a string of security companies or anything else he wanted. Now he’s pretty much a failure.
Learning to hack in a laboratory environment is essential to learning security well.
There's no point at looking for a definition of the word hacker.
It used to mean "computer guru", now it means: "a person that breaks into other's computers", and there's no way of getting back it's original meaning, who cares anyway it's just a word.
Very true, but keep in mind not everyone has such a "laboratory".Quote:
Learning to hack in a laboratory environment is essential to learning security well.
(Like me) thus I like to do vulnerability assessment on my own. This may be illegal but I'm not harming anything so...
It's like reverse engineering which is illegal too, but who cares, you do it anyway. As long as you keep your findings for yourself I don't think there's a real problem with it.
EDIT: I believe though that not too many members will agree on this...
if you can afford to gamble your future go ahead but i dont consider my network open for public edu. if you say you cannot get more machines for testing purposes with all the good machines being thrown away (older hubs too) or a copy of vmware which is given away free from time to time and always available on the net, then i say your lazy if your using "learning" as an excuse for hacking others machines or you dont have the ingineuity required to get what you want. i haven't paid a dime for anything computer related i own except maybe a game and some refill ink carteidges.
I can get more machines but my parents won't allow me to get multiple boxes for myself, they will say I'm exagerating. And my box is too slow to run vmware. Also there's a problem that would make it to cost me money if I want to lan other computers with a NIC to my wlan.
and you have no friends that would be interested in letting you set up a lan at their place for your mutual benifit? what i saying is if you wanted to hack just to learn security you would find another way rather than breaking into others computers. your lifes conditions are not anyone elses responsibility as you seem to think. because your parents (god i cant believe im having this conversation) wont allow you to have more equipment dosen't give you a license to break the law. 'IF' you get caught you may be living with your parents much longer than you intend to because no one will hire you to a position of responsibility,
hacking with the "excuse" or obtaining knowledge it a bunch oh bullshit. you do it because you like to....theirs always a way if your willing to find one.
I've an article about hacker, it said that hacker doesn't mean the person who hack others system without permission. It can be Network Specialist, Computer Specialist n etc.
I think that Tedob1 has some good advice.
I think that you might have to "educate" your parents?...........hell not so long ago my wife threatened to divorce me if I brought another computer into the house (seriously!)...........she later "rescued" 11 from her workplace!.....one of my drinking pals is a teacher at the school across the road, and I had got these machines for their new computer lab...........In my experience people are actually helpful inspite of themselves
"Let them mess with these and shoot them if they mess with the real kit" was my message to Padroig.............I think that is Tedob1's message to you?
You need to get the flat desktop machines 486 and above. Put blocks of wood about 25mm in each corner to allow good airflow. They will really take up no space as you only have the "footprint" of the one machine and the rest is vertical?
These are your "labrat" system :)
I would recommend that you try social engineering.get an older person in the business to speak to your parents...I have done this several times:
Friend: "My son wants a new computer"
Me: "He is lying.....he needs at least three"
Friend: "Oh good......I'll tell him that"
There are more ways of killing a cat than choking it with cream?
Good luck mate! (Bon Chance...........sorry I don't do Dutch)
neogen
I got pretty good on my security concepts by letting my friends on my system remotely, we used ytalk and spent weeks trying to get it secure.... it is alot more secure but it is still vulnerable the first thing I fixed on my box was limitations wow I didn't realize how important it is to set them. I think it is good to learn what the enemy does though. Otherwise what do you know what to secure or not.
But in a lab it's a controlled environment where you already know how everything is set up etc.Quote:
Learning to hack in a laboratory environment is essential to learning security well.
Compare to in the real world where you have to worry about un-educated users , management and the sort.
Wouldn't learning security in both enviroment be different ?
Just wondering .....
This kinda summarizes [ I think ] what Tedob1 is trying to say :
Gaining Security Experience Painlessly
Just my 2cents.
I have a buddy who lives on the other side of town who, like me, is always interested in what can and cannot be done with a machine. He and I each have a box at our house that we have labled a tear'em up box.
He configures his to be "hacker proof" and I have the same. and like a drag race we try and find the weekness in each others.
1 - legal
2 - fun
3 - educating
4 - extremely cheap (paid $20 at a pawn shop for an old 486)
there are always alternatives to jail or worse, having your computer privaleges taken away for years
Yes you may think it is legal but (not that I don't do the same) have you read your ISP's AUP to see what you are and aren allowed to do you'd be amazed Comcast my ISP doesn't allow uploading, servers, LAN, Security scanners(locally), and a crap load more,. I was amazed on the stuff that they don't allow I think it is mainly that they are trying to hold there rights for future events... I haven't been banned yet so they must monitor there subscribers rarely.
I have comcast :). Never had any of those restrictions. I've setup a gaming server at times, Have launched IP scans from my PC, and have also uploaded certain files to an FTP folder so my friends could get a hold of them. They never gave me any problems, and as a matter of fact, they sent me a letter a few days ago saying that they have doubled my broadband speed for being a good customer :D.
I have found some guide in dowload section of antionline...
it was Guide for Almost Harmless Hacking or something like that...
Many things I read there about hacking/tweeking Win95 I alerady know, so I ask myself: If I know how to edit registry, how to remove virus/troyan/spyware manualy, or to tweek XP ... optimise services running... how to set my LAN to access internet.. how to setup firewall.. does it all makes me hacker... or I'm just IT professional?
in the bottom line, it doesn't matter if you or others calls you hacker or not.. you just try to learn as much as you can without geting in trouble... it is better to ask first
I'm usually not one to disagree with MsMittens....but this time I must!
Irregardless of what you choose to label yourself, IMHO, this very statement makes you a hacker, MsMittens, by the "classical" definition of the term, as that is the type of person the term originally referred to. The term has since been perverted and distorted and no longer means the same thing in popular culture.Quote:
I personally don't consider myself a hacker but rather look at myself as someone who is very curious about things and likes to solve problems. I still have a lot of learning to do before I'd ever put myself into that category.
So.......In my book, MsMittens is a hacker! (a good one, of course :D )
I think it depends on what you mean by 'know computer security' and what exact field your in
Id say many people in the computer security profession do not need to know anything about 'hacking', they just need to know how to run vulnerablity assesment and how to install patches and what is required to lock down a system.
If your going to be a programmer in the computer security field then yes should now what goes into hacking what vulnerablitlies a hacker is looking for and what it takes for you as the programmer to write safe code, but this still doenst mean you having to know so much hacking just how to be safe.
Now if your a code auditer or vulnerability researcher then obvioulsy yes you should know about hacking and the more the better.
I'm going to attempt to answer the question, in the sense of the word hacker as you used it here.
You don't need to compromise computer systems in order to become a computer security expert. You would want that type of skill if you are going to be auditing or pentesting a system. Computer security is a large feild in itself, and doesn't always meen compromising a system. Lots of people don't realize that there is much more than being able to get into a to system to being a computer security expert.
Most people don't realize that computer security specialists also have to create computer usage policies. Work hand in hand with management to discuss disaster recovery, and business continuity procedures, review logs, always learning, and keeping up to date with the latest security issues.
So, if you ask what makes a good computer security expert, I'd say that person would need to have some of those abilities.
--PuRe
A brief answer to the question is of course you can know computer security without being a hacker.
However I will again re-emphasise that it depends upon your definition of a hacker.
I'm guessing that what is meant here is "Can you be a computer security expert without having the skills to compromise systems?"
And the answer to that is yes, easily.
In order to provide good security for my personal systems and those systems I am responsible for at work I do not require the ability to compromise any of those systems.
By reading AO, keeping the systems up to date, deploying a viable security model, making the most of AV & firewall, keeping security in the minds of IT staff & users, using vunerability scanners (such as nessus/ nmap etc.) and ensuring the internet profile shown offers little help to 'hackers' I am able to provide security to these systems that has so far has not been compromised.
I have no idea how to exploit a vunerable wuftp server, deface a website or other typical 'hacks'.
Now I am not stupid enough to think these systems are totally secure, but on a risk/cost analysis they are (so far) doing the job.
Being an expert at security in a business environment is all about the business case. Keeping the organisation's IT secure at a cost the business can understand and is willing to pay for, explaing to the business what isn't secure and why the costs aren't justified.
On a personal note, a security expert means that your home system hasn't been compromised.
Steve
Do you mean by others or yourself? :DQuote:
On a personal note, a security expert means that your home system hasn't been compromised.
You do not need to know how to hack to protect a computer or network. If you go to any of the hacking challenge websites and look at the top dogs they are major programmers. They know every programming language you can think of: VB, Java, JavaScript, C, C++, etc., etc.
Alot of very experienced and successful network security experts I've met had minimal or no programming at all. I even had to help one security guy with html for a web page. And html is extremely easy to learn.
In my eyes if you do all of this just to be called something as childish as "hacker" then your nothing at all to begin with. This is one of the many reasons why I would almost be offendid to be called anything of the sort. Also nobody seems to remember back when "hacker" meant that you enjoyed something technical and it was often something you spent long hours on... or maybe you were the first to do something. Now that the word "guru" is also being thrown in the mix here, I not only dislike many of the peaple who use the word hacker... but most of the time it can be viewed as nothing but a big pissing contest at best due to words like expert and guru being thrown into the mix.Quote:
Originally posted here by ikalo
I have found some guide in dowload section of antionline...
it was Guide for Almost Harmless Hacking or something like that...
Many things I read there about hacking/tweeking Win95 I alerady know, so I ask myself: If I know how to edit registry, how to remove virus/troyan/spyware manualy, or to tweek XP ... optimise services running... how to set my LAN to access internet.. how to setup firewall.. does it all makes me hacker...
Want to crack software & maybe find a buffer overflow? learn assembly... Wanna do lame and stupid sKiddie stuff like trojan someone's box? Maybe dDoS? Get a compiler and play with sockets... Defacements interesting to you? Get into a mixture of programing and web-dev...
I don't see how prancing around repeating the words hack and hacker over and over agian has anything to do with security... yet alone computers. Its all a way for users & little kids to feel good about themselves or feel a sence of belonging around other peaple who have the ability to look at a screen, use a mouse, and press buttons on a keyboard.
well in my views, until n unless you know how the other person breaks in , how will you know how to stop him/ her? You need to think like him/ her.
I guess it is very important to have the fundamentals of network, application and other underlying technologies to be very clear clear....
I am sure that most of the hackers as they call themselves and many that I have known seriously depend on a host of tools freely available on the network...... I am not against using tools..... But my point here is often they dont know what to expect as output and are always amazed to see the output of target PC.. amataeur hackers as we call them....
I guess anyone could do that once he / she decides to spend say 6 hours for a week and learn a couple of OS.....
But defending is something else....... All the years of effort can go in vain by one succesful attempt of an hacker...
So it is like ... A security professional has to win at all times to meet his security objectives ..while a hacker has to win only once.. and his objectives are met....
Finally back to the question....
No u dont need to be hacker to learn good security but often because ur security concepts are very clear it would be very easy for u to play a role of hacker also....
Very funny...Quote:
I've never manaaged to compromise my home system except by social engineering.
/me Dearest, I need to do some work setting up bluetooth syncronisation to your phone, what's you logon password?
/my_partner Its ******
/me Thank you.
Steve
hey this is not necessary that to know security u have knowledge of hacking , if ur operating system fundas are clear then u can secure ur system,ya this other factor that u must know about how to hacking a system or n/w.
I think that playing around on a home lan is a good way to learn security. it may not be the only way to learn but its fun and legal.
I dont think being an "hacker" in the main stram pop sene using canned programs and social enginering will teach you about security.
It all depends on your definishion of hacker.is it a person who looks for flaws legaly or a person who mindlessly explotes them with no real knowlege of what their doing.
Security is not just about hacking....
Security for any organization evolves from the following basic fundamentals
Confidentiality - Only authorized people can view authorized information
Integrity- No Person wheter authorized or unauthorized can make unauthorized changes to the organization Information assets
Availabilty... Information shall be made avaiable to authorized user on demand...
Apart from above mentioned Security also needs to concerned about Efficiency and Effectiveness of Information Assets used by the organization....
Now when you analyze this.. It is quite clear that security is a vast domain.. Hacking can only form a very small part of it.....
Effective security implementation can happen only with a team of qualified people from diverse backgrounds (Functional , Policy, Admins etc etc.)
So definetely Hacking a not a pre-requisite to learn security. Inspite of not knowing a single hack tool u can still contribute to the security organization in various other functions....
Take Care
Yes, I know, you are completely right, note though that I do not compromise other's systems, I only do assessment, and email the webmaster about vulns. But sigh, here in Belgium, even a port scan is illegal. I never claimed that I do it to obtain knowledge, it's just: putting your knowledge in practice in a sort off non-damaging way.Quote:
and you have no friends that would be interested in letting you set up a lan at their place for your mutual benifit? what i saying is if you wanted to hack just to learn security you would find another way rather than breaking into others computers. your lifes conditions are not anyone elses responsibility as you seem to think. because your parents (god i cant believe im having this conversation) wont allow you to have more equipment dosen't give you a license to break the law. 'IF' you get caught you may be living with your parents much longer than you intend to because no one will hire you to a position of responsibility,
hacking with the "excuse" or obtaining knowledge it a bunch oh bullshit. you do it because you like to....theirs always a way if your willing to find one.
Most of the time the admin(s) appriciate it when I notify them, either way the vulns mostly get fixed, with or without a reply. Yet that doesn't make it right to do so, I know. This issue has been brought up many times.
And nihil, my dad knows enough about computers to understand why I would need multiple computers. Although I don't think he really knows I'm busy with security...not sure, it would be too strange that I would tell him: can I get some other computers, to hack into? Also, we already have 4 computers, of which 2 are mine. That 2nd is completely independent from the wlan as it runs slackware but there are no linux drivers for the adapter I use. (And it cannot be plugged in directly in the router as that one is on another floor).
Excuse me if my post sounds damn boring, to me it sounds like that.
Since I sorta got into the middle of this I'll give my take on the original question. No. What MsM said was I suppose, correct in the old sense of the word. It meant guru. So technically you can a vollyball hacker, etc.. But as Specialist said, it no longer really means anything. It is used by the media and MS to scare stupid people and sell more stuff. It has been so completely distorted why even bother with it.
-Cheers-
Hacking is a good way to test holes in your own system.
I want to offer one peice of advice on the word "hacker"
Semantics and grammer are formed by what society uses, not what the past dictates it as. Thus if society sees the word hacker as "someone who penetrates network security" then that is, in fact, what it means because it has become a mainstream and majority standard. It is time to stop fighting the semantics of it, and let it go.
This again goes back to defining a hacker. I ask you this. Why would you need to protect yourself from them? Do you see them as bad people? Do you see them as people who abuse security holes and bugs? Do you view them as credit card thieves and people who act in malicious ways against technology?Quote:
Originally posted here by R0n1n
No, you do not need to have been a hacker to know how to do computer security well, but you do need to know how hackers operate so you now one of the things you are protecting yourself against.
To me a hacker is much like MsMittens said. Someone who knows a certain subject so well, that he/she might even know more than those who made the computer/car/hockey team/etc...
Speaking technology wise, they know as much as they can and always want to learn more. They will do thier best to figure out how something works, why it works, or even why it doesn't work. They study why it does what it does. They study why it wont do what it wont. They know what could go wrong and what they could possably do to prevent it from going wrong. They will more than likey know how to program using diff. languages. This of course is assuming they are good. (I'm not going to get into the whole White and Black Hat thing) So, is there a bad hacker? If they are malicious, would they be a hacker? I think not, but some may disagree. Overall, they are the security experts that want to do good. They learn as much as they can about the technology out and put forth thier best effort to help it evolve and make it better. :)