Know security without hacking

[576869746568617]

I'm usually not one to disagree with MsMittens....but this time I must!

I personally don't consider myself a hacker but rather look at myself as someone who is very curious about things and likes to solve problems. I still have a lot of learning to do before I'd ever put myself into that category.

Irregardless of what you choose to label yourself, IMHO, this very statement makes you a hacker, MsMittens, by the "classical" definition of the term, as that is the type of person the term originally referred to. The term has since been perverted and distorted and no longer means the same thing in popular culture.

So.......In my book, MsMittens is a hacker! (a good one, of course )

[S3cur|ty4ng31]

I think it depends on what you mean by 'know computer security' and what exact field your in

Id say many people in the computer security profession do not need to know anything about 'hacking', they just need to know how to run vulnerablity assesment and how to install patches and what is required to lock down a system.

If your going to be a programmer in the computer security field then yes should now what goes into hacking what vulnerablitlies a hacker is looking for and what it takes for you as the programmer to write safe code, but this still doenst mean you having to know so much hacking just how to be safe.

Now if your a code auditer or vulnerability researcher then obvioulsy yes you should know about hacking and the more the better.

[PuReExcTacy]

I'm going to attempt to answer the question, in the sense of the word hacker as you used it here.

You don't need to compromise computer systems in order to become a computer security expert. You would want that type of skill if you are going to be auditing or pentesting a system. Computer security is a large feild in itself, and doesn't always meen compromising a system. Lots of people don't realize that there is much more than being able to get into a to system to being a computer security expert.

Most people don't realize that computer security specialists also have to create computer usage policies. Work hand in hand with management to discuss disaster recovery, and business continuity procedures, review logs, always learning, and keeping up to date with the latest security issues.

So, if you ask what makes a good computer security expert, I'd say that person would need to have some of those abilities.


--PuRe

[steve.milner]

A brief answer to the question is of course you can know computer security without being a hacker.

However I will again re-emphasise that it depends upon your definition of a hacker.

I'm guessing that what is meant here is "Can you be a computer security expert without having the skills to compromise systems?"

And the answer to that is yes, easily.

In order to provide good security for my personal systems and those systems I am responsible for at work I do not require the ability to compromise any of those systems.

By reading AO, keeping the systems up to date, deploying a viable security model, making the most of AV & firewall, keeping security in the minds of IT staff & users, using vunerability scanners (such as nessus/ nmap etc.) and ensuring the internet profile shown offers little help to 'hackers' I am able to provide security to these systems that has so far has not been compromised.

I have no idea how to exploit a vunerable wuftp server, deface a website or other typical 'hacks'.

Now I am not stupid enough to think these systems are totally secure, but on a risk/cost analysis they are (so far) doing the job.

Being an expert at security in a business environment is all about the business case. Keeping the organisation's IT secure at a cost the business can understand and is willing to pay for, explaing to the business what isn't secure and why the costs aren't justified.

On a personal note, a security expert means that your home system hasn't been compromised.

Steve

[MrLinus]

On a personal note, a security expert means that your home system hasn't been compromised.

Do you mean by others or yourself?

[One Who Watches]

You do not need to know how to hack to protect a computer or network. If you go to any of the hacking challenge websites and look at the top dogs they are major programmers. They know every programming language you can think of: VB, Java, JavaScript, C, C++, etc., etc.

Alot of very experienced and successful network security experts I've met had minimal or no programming at all. I even had to help one security guy with html for a web page. And html is extremely easy to learn.

[|The|Specialist]

Originally posted here by ikalo
I have found some guide in dowload section of antionline...
it was Guide for Almost Harmless Hacking or something like that...
Many things I read there about hacking/tweeking Win95 I alerady know, so I ask myself: If I know how to edit registry, how to remove virus/troyan/spyware manualy, or to tweek XP ... optimise services running... how to set my LAN to access internet.. how to setup firewall.. does it all makes me hacker...

In my eyes if you do all of this just to be called something as childish as "hacker" then your nothing at all to begin with. This is one of the many reasons why I would almost be offendid to be called anything of the sort. Also nobody seems to remember back when "hacker" meant that you enjoyed something technical and it was often something you spent long hours on... or maybe you were the first to do something. Now that the word "guru" is also being thrown in the mix here, I not only dislike many of the peaple who use the word hacker... but most of the time it can be viewed as nothing but a big pissing contest at best due to words like expert and guru being thrown into the mix.

Want to crack software & maybe find a buffer overflow? learn assembly... Wanna do lame and stupid sKiddie stuff like trojan someone's box? Maybe dDoS? Get a compiler and play with sockets... Defacements interesting to you? Get into a mixture of programing and web-dev...

I don't see how prancing around repeating the words hack and hacker over and over agian has anything to do with security... yet alone computers. Its all a way for users & little kids to feel good about themselves or feel a sence of belonging around other peaple who have the ability to look at a screen, use a mouse, and press buttons on a keyboard.

[riya_here]

well in my views, until n unless you know how the other person breaks in , how will you know how to stop him/ her? You need to think like him/ her.

[anjali]

I guess it is very important to have the fundamentals of network, application and other underlying technologies to be very clear clear....

I am sure that most of the hackers as they call themselves and many that I have known seriously depend on a host of tools freely available on the network...... I am not against using tools..... But my point here is often they dont know what to expect as output and are always amazed to see the output of target PC.. amataeur hackers as we call them....

I guess anyone could do that once he / she decides to spend say 6 hours for a week and learn a couple of OS.....

But defending is something else....... All the years of effort can go in vain by one succesful attempt of an hacker...

So it is like ... A security professional has to win at all times to meet his security objectives ..while a hacker has to win only once.. and his objectives are met....

Finally back to the question....

No u dont need to be hacker to learn good security but often because ur security concepts are very clear it would be very easy for u to play a role of hacker also....

[steve.milner]

Originally posted here by MsMittens
Do you mean by others or yourself?

Very funny...

I've never manaaged to compromise my home system except by social engineering.

/me Dearest, I need to do some work setting up bluetooth syncronisation to your phone, what's you logon password?
/my_partner Its ******
/me Thank you.

Steve