whats more challenging?

[droby10]

no offense taken...it's a different type of 'hacker'.

personally, i like #7 best...i'm a sucker for kids, mud, and mrs. smyth's fresh apple pies.

[aeallison]

hehe droby10, I thought I was gonna feel the wrath of you unleashing that Cray your messin with...Kinda like me, only I can't claim hacker staus yet, I guess I am more of a tweaker, oops!
now I'm a freaker cause I know that is going to leave a mark! " You have just activated the world self destruct sequence, You now have 10 minutes to leave the solar system!!!"

This would be my luck after 10 days of trying to find holes in some gov. network....eeeek!!!
My mind is getting foggy need sleep....gnite all.

[draziw]

The security job is tougher, hands down... in the "hacking" side of thing (and we have to include kidddies in this, I'm sorry), there's a lot of incest. That is, there's a lot of "knowledge sharing" in the individual cliques/groups/whatever. Chances are, if you can find a box out there and identify something running on it, you have "a way in" and something that, in this day of information overload, you at least have "a lead." <edit>That is to say it's a cycle of enumerate, research and penetrate (not quite that simple but it's not too far off) - and yes, sometimes that "research" can be "involved."</edit>


The security professional, on the other hand, has to keep up with everything on each system, the potential vulnerabilities in it and know when they might need to go look at it. They also need to monitor systems for "suspicious activity" or "things that just don't look right to me, Bob." Given any of those, they need to investigate these individual incidents.

Meanwhile, in most environments, they have to "balance" that with user interaction... such as the "web master" who just wants to install this little Perl script on the server to do this one little thing. And you all know what that means... another vicious cycle of:

• "Why do you REALLY need this?"
• "Can you live without it?"
• "Is there a better way to do it?"
• "Ok, let me look at and audit the code for security problems."

In short, you have to balance the need of the user with the overall usefulness (or uselessness) of the request while also potentially educating the user and/or management. This is much more difficult than it sounds... in magnitudes. For example, the whiny director, "But I really need this insert important customer here to be able to log in to my machine across the Internet."

And this is just the stuff you have to do on a daily basis...

Meanwhile, there's the typical sysadmin side of it:

• talking with vendors that won't leave you alone
• talking with consultants who seem to think a pen-test is translating "nmap's cryptic output" for you or something equally assinine

...and screening all the "wonderous bullsh*t that some management weanie's brother works at and we really, really, really have to use." (some people here are probably nodding like hell and laughing their a**es off right now)

This is followed by doing yet more security audits of your environment to make sure things are "still the same way you'd expect them to be" - then going back to investigate all the anomalies. This goes further in to other pen-tests and system assessments (investigating user accounts, making sure someone didn't install something they weren't supposed to or that short-circuits your security, etc).

Oh, and I haven't even got to the whole intrusion detection thing -- the part that most people seem to "focus" on when they think "network security engineer." Going back and looking at your logs every damn day and blackholing people that just won't learn, investigating yet more attempts in to your network, etc. Oh, and did I mention going off to nice handy sites like Incident.Org or Giac or any of those others, looking for new attack signatures and possibly integrating them in to your environment?


And all the while, you're supposed to be keeping up on your research, learning, and staying ahead of the hackers - because, after all, that's actually what you were hired to do.


(And, BTW, I am sure that I missed a few points in there...)

[zepherin]

hrmmm. I take it as a risk thing, cushy admin job? or living in your parents basement hopeing you don't get busted by the cops.

[PapaGrande]

Read this article on the FBI's new project, and the Hacker retaliation that is expected. Security is MUCH tougher.

media.guardian.co.uk/newmedia/story/0,7496,767443,00.html

[spitfire087]

to sort of repeat what syini666 said, i'd have to say the security. you have to find all of the possible holes and get rid of them, which could be very, very many, while the attacker only has to find one.

[SodaMoca5]

Okay let me wade into this fray

First you have to define tough or difficult.

If we define tough as the difficulty to learn the specific job then I believe that true hackers (not script kiddies) have to have more detailed knowledge of more systems as well as programming, networking etc. Security does well to know these but they have the help of other professionals who are putting out patches, developing software etc. to help them plug their system. This is not to diminish the amount of learning it takes to become an effective security officer. I believe that with time a good security officer could become a good hacker as well and combine the strengths of inside knowledge and the skills to find your own vulnerabilities before someone else does. This is my personal goal.

However if we define tough as being the overall job then Security has it tougher. I give you two reasons, the first very simple. Security is my job, hacking is a hackers hobby. While I have to work hard and learn stuff for my hobby (Military History and Gaming) I do not categorize this as work. While I enjoy working with computers, security is still a job.

Secondarily, as has been stated previously I am not left alone just to work on security. I have to attend meetings, deal with users, deal with vendors, evaluate software, implement changes, and respond to emergencies (real or perceived), write and attempt to enforce policies, and conduct training.

So while my hours are not as long as a hackers may be they are work hours. While I get paid for them I don't get paid for my hobby so I do not consider that a valid argument.

Therefore it depends upon your definition of tough. For my evaluation I will merely state that I fall back on the fact that Security is my Job, Hacking is a hacker's hobby. I do not complain when I am up until 3 a.m. playing Anarchy Online or Counter Strike or for the hours I spend reading Military History Magazine or Science Fiction books. These are my hobbies and I donate time to them freely and happily.

My advice to hackers is that you should get a job in security because there can't be too many things better than working at your hobby, even if it is from the opposite side.

Sincerely,

[Delyn-WK]

Good discussion and interesting to read everyone's thoughts.

I agree that the sys admin has the tougher job if for no other reason than the hacker, in theory, has one target to shoot at. The sys admin HOLDS the target with many guns pointing at him/her.

Hackers, crackers, virus writers, etc... comprise the "guns" on a daily basis.

As others have said, sys admins also have the ever-changing variables of users, the ever changing technology and all newly discovered vunerabilities to try and keep up with. Can anyone tell I oversee a MS network?

I guess I see hacking as focusing on one task and having to try, I'm sure, many, many times to achieve the desired result. I'm sure it is not, in any manner, "easy".

But I don't think it holds as many challenges as a sys admin.

Delyn

[Sledge]

Guess it's kinda split up:

When you're the sec, you know all the ins and outs of the system (right, AngryBob) and you should know how to avoid most of the security-holes in it but you are the security and do all the stuff to avoid sec-leaks because you are in such fear of hackers and alikes.

When you're the hacker, you try to understand the system and try to map the mechanisms working in it. You always have to be aware of the sec not to get caught when doing so. So you do your task in fear as well as the sec does it's.


In general I would say it's more though to be the hacker cause you are alone against the sec sitting in their house. You try to get in and they block the door. When you break the door and rush in, they might recognize you and track you down but when you learn to use different techniques and ways you might find another possibility to get in right behind them without even being seen!

Then we have the sec on the other hand: They are blocked in their house, waiting for someone to break the door. That certain someone has got all the time out there to prepare that strike and get to know all the holes in the security-organisation.
The sec also learns by trial and error but generally they try to take the first step and counter your attack.



So it's a war of intellect, a fight of mind against mind. The hacker against the system - so IMHO both sides have the thrill and learn alot.
And as you know - learning is worth alot in your every-day-situations


Thanks for your ear, ladies and gentlemen!



Sledge

[ammo]

I TOTALLY agree with draziw on that.

The odds are very much against admins (security):
-because of the limited time a single admin manages to dedicate to security
-because of having to balance usability/accessability with security
...

Originally posted here by spitfire087
to sort of repeat what syini666 said, i'd have to say the security. you have to find all of the possible holes and get rid of them, which could be very, very many, while the attacker only has to find one.

I was gonna say that too... I'd even add that you have to keep on top of all the vulnerabilities , all the time while a hacker (most of the time) needs a single vulnerability at any particular time.

This also reflects in detection: a single hacker can/could easily get lost in a see of logs in an unlimited timeframe while the admin has to find a single attack at a single time...

My point is that you sort of have to multiply the odds of protecting / detecting by the uptime of the system...


Ammo