Security Schools

[MrLinus]

erm.. some securtiy certificate provided by some Uni or training center are actually useless! like Security+, Certified Ethical Hacker, even CISSP that conduct by some unresponsible training center~!! those trainer or lecturer are actually being trained to conduct class only~! some even have no real industrial working experience, not to mention experience in hacking or couter measure~!! what the trainer do is conduct the class through powerpoint slide, and just keep trying all the tools~!! Example in CEH course, they give u a CD with more than 300 tools (mostly trail version) and keep testing on those tools. If 1 didnt work then immediate jump to other tools.... lastly all can't use (maybe is the lack of skill to used~!) , they will said, the import is let u know the concept~! aiks~~! >_<

That's not true of all courses and classes (and I say this as an educator). I'd say that's a generalization and honestly, if people who are paying for university, corporate courses or whatever educational method they are taking, aren't investigating what they will get out of it .. well.. you get what you pay for. Courses like those at SANS that cover specific areas are probably in-depth. But not everyone needs to take them. Some university courses can be worthwhile, sometimes in ways you don't expect. Now, if you take a Bachelor's Degree in Comp Sci, of course they won't teach security. The reality is there is only so much you can put into a degree program before you truly overwhelm students (and in today's education where students have 2-3 jobs on the side to pay for the stuff loans don't, it can be overwhelming -- at least in Canada)

Now, the CEH as a certification has been under fire and is a questionable certification to begin with. The CISSP and SANS certs, IMHO, are worth their paper. CISSP is for a more managerial, "how does this affect the bottom line" view point while the SANS deals with the hands-on, "how do I stop it from affecting the bottom line". Granted it does depend on what the teaching center is like (although I believe you have to be certified and approved by SANS to teach their courses, not sure about CISSP) but that just gets back to the amount of research you do into the course and find out how in-depth it really is.

What about schools? Most school districts are on the internet, yet I know that even their repair people do not know about security. I know a few of them and when you talk about trojans or viruses, they give you the look of: "What the heck are you talking about?"

Depends on the school and district. Also, keep in mind many school boards (I'm going to assume this is pre-University/college) have extremely limited budgets. The idea is good but the reality of when this would be taught ... that's hard. Educators are stretched to the limit. Certainly having someone with expertise go in and teach would be good except for one thing: it's one thing to have knowledge, it's another to be able to pass that on well enough to others so they understand. (Worst example of a teacher I saw: when asked why ACLs were put on one side of a router versus the other he replied indignantly, "Because that's what the book says!").

Certainly the idea is good and will probably help some. Will it be our saviour against "stupid users"? I doubt it. There are always those that believe there is nothing to steal on their computers, that they are safe because they don't piss anyone off, that they do not know enough and don't want anyone else to know they are clueless, etc. If a school board is willing to have a guest speaker come in, that might be one way to go (it'd have to be freebie). If a fee is charged, on a per person basis it'd have to be small. Maybe a tie-in with a bookstore that highlights some of the security books and a nominal fee. The other thing is to use something like articles for major newspapers (get the word out as it were) and drum up business that way.

Some random thoughts at an early hour..

[Cybr1d]

NEVER!

Less peoples educated, more jobs for me!

Indeed thats true. The bank I worked at, always needed some sort of troubleshooting with the computers. My manager, whom i'm good friends with, didn't know much about computers and I'd always help him out with stuff. He would always ask "How'd u do that?"....the answer was simply "If I told you, you wouldn't need me anymore. My knowledge is worth more than what you're paying me right now". I've said the same thing to people higher in the ranks that i've helped out. Besides...it was worth it for them to keep me around, Bank teller who could fix their computers, thats a good deal if u ask me.

I wouldn't mind teaching the average user a bit about computers, but I would not teach them much...just so I could have a job. The competition is insane...last thing we need is less people needing us.

Cheers.

[kruptos]

I tend to agree with MsMittens on this..

Having been a instructor for a IT Certification training school....there is now way that you can teach every student everything. I have taken the Security+ exam and passed, currently studying for SSCP and Cetified Ethical Hacker certifications. Although I do not get alot of kicks on getting the certification...it does help open the doors for many jobs that would otherwise be shut...

I will admit, all the tools that they give you in CEH, and sec+ and so on DO NOT work all the time. Chances are that the holes have already been plugged up and that is why some of the tools do not work. But......I still believe that the courses do add value to those who are newly initiated into the world of network security. In my case I like to be able to cover the 5 domains in the security+ studies and the 22 modules in CEH to get the "Buffet" to get my mouth watering...but then I go back to the areas taht interest me the most and dig deeper in my own exploration or reading papers on the topics...

Education as a whole is very important in anything you do..even security...so I do not knock the courses that help you gradually digest the information...

To reply tot he original question...I think its a great idea....the more users you educate the better you will be off..as an example...my Mother-In-Law lives in California....I live in Texas...she had a old desktop for a long time..think it was a gateway(yuck)...anyway....she couldent even open email when i first started dating her daughter...now married for 4 years she calles me every once in a while...but through my help she has learned how to use email, ad-aware, norton a/v, netmeeting(to see her grandson :-) ) and even just installed a firewall and upgraded from dial up to cable....the moral to this story and the key to her getting up to speed on this is one thing...I made it fun for her to learn and understand what a Virus is...how cable modems work....how firewalls work...and so on....all she wanted was a nice person to teach her....

Lastly...and ill step down off the soapbox...I think your idea is great...and there is a good amount of money in it.....just make sure that if you decide you wish to pursue it...money is always involved.....and sometimes people would jump at the oportunnity to evolve and learn...but not is a $ tag is attatched....just from personall experince...make it sound like a great deal, and they will come :-)

[Cybr1d]

kruptos, I see your point, and agree with it. Indeed we have to teach "some" people how to take care of their own in the computer world, there's absolutely no harm in that. I was refering more into the business world of teaching everyone how to use computers .

[kruptos]

Haha,

Thats for sure....for my family..yes ill teachem everything they wish to know....

but for work....teach them what they need to know to get the work done.....and thats it.. If they can do it all..then they wont need me.....lol

I agree Cybr1d...totally..... If my boss could do my job...why will he pay me :-)

Case in point...the other day he asked me to configure a folder so only he could access it...very simple with NTFS and NT4.0 doamin to do....took me about 2 minutes to do...but he may think its rocket science.....will i show him how to do it..nope..thats why i studied my ass off and got my certs and practice on my home lab for new stuff.....if he wants the knowledge of how to be a sys admin...grab a book and set up a lab and start playing..otherwise ill pick up my check every friday like i do now :-)

Got to look out for number one :-)

[TrinityTime]

How can you say that thier tech-guys don't know anything about security. Our school has so many hackers, that the tech-guys were trained in the art of defense.
But I can see how other schools might not be that secure.
My old school's network got all the big named Worms.

[txsidewinder1]

I can see your points and they are very good ones. I just wanted to see if it was a good idea or not. The downside to that is in the government and school sector. How much taxes are you paying because all their coumpters have to be cleaned up? If you got a county government of 200 employees that are on computers, they all got the worm when it came out. How much did that cost the county government? Now take the city government. The same thing. Now, this happens about 3 to 4 times a year. How much do you charge to clean one computer? Now take 200 computers and charge the same thing. If you have a 1000 local governmental computers that are down 3 to 4 times a year (this is just a figure), how much tax money did that cost? Last year, over 16 billion dollars was lost in business due to computer hacking and viruses, not counting adware. These businesses have to make up for their losses by charging more for their products. There have already been 10 billion dollars lost this year due to all of this and this is just month 4. My local county government has already been down 3 times so far. Every computer they had was down. That means that they probably will be down at least three more times. My county government has almost 2000 computers and someone has to clean them up. He probably has made his money for the year and knowing my people here, probably driving the best pick up money can buy. At least he is making it. You can think of it in money terms or you can think of it in tax terms. I know most of the commisioners and if I was able to, I could be that person. But I hurt all the time and do not feel good most of the time.

What about the adware going out all over the internet that we hate so much? How many school computers are sending this out because most of the teachers think that password is the best security, so no one can break into it?

With this thought, I will leave it to you to digest. Money or taxes? Start your own business and get money out of the local governments and do individual homes. I drive my local computer man mad when I pick his mind, but now I have surpassed him in knowledge of security and how to prevent this nosense of picking up viruses or adware.

[Galdron]

Originally posted here by Angusky
erm.. some securtiy certificate provided by some Uni or training center are actually useless! like Security+, Certified Ethical Hacker, even CISSP that conduct by some unresponsible training center~!! those trainer or lecturer are actually being trained to conduct class only~! some even have no real industrial working experience, not to mention experience in hacking or couter measure~!! .

Greetings:

I think that Education is a relative term, it's not all about what you know, but in the end how you apply the knowledge.

However to discount the importance of "Uni's", is a mistake. Teachers, and professors are incredibly important, and many of them have dedicated their lives to passing on the knowledge, I say passing on because it is the only way that innovation will continue.

Remember, at this point Technology is based on a cycle of evolution, and revolution combined.

LOL I remember punchcards. Regardless, it is mathematics based on ancient theory.
,
Although you did say "some", I would never discourage anyone from being taught the information by a qualified individual, or as in many cases a team of Experts.

IE:

http://www.cs.caltech.edu/overview.html

I encourage ppl. to seek out education. Learning the basics, is only the beginning of ones life, and career.

"Blessed are the meek!" (Proff's)

-The Holy Grail



P:

Have a great week.

[JohnHACK]

Originally posted here by Cybr1d
"How'd u do that?"....the answer was simply "If I told you, you wouldn't need me anymore. My knowledge is worth more than what you're paying me right now".

I like this...