View previous topic :: View next topic |
Author |
Message |
flw Forum Fanatic
Joined: 27 May 2002 Posts: 16777215 Location: U.S.A.
|
Posted: Thu Mar 06, 2003 6:03 am Post subject: Making a beginner faq on security for non-security people. |
|
|
I'm putting together a beginner FAQ on net security. This would be for people with OS and App knowledge but no security knowledge.
The topics I have at his point are:
How do hackers hide?
How do they take control of a computer on the Internet?
What is a Buffer Overflow and how is it used?
What is the Microsoft Windows Shell and how is it used?
What is IP spoofing and how is it used?
Do hackers talk to each other and how?
What is a packet sniffer and how is it used?
What is a port scanner and how is it used?
What is fringerprinting and how is it used?
What is Denial of Service (DOS) or Distrubuted Denial of Service?
I don't have yet but am going to include Socal Engineering and PKI.
Since I only what to cover the common buzz words the audience has heard of before but have no idea what it really is. Are there any topics not covered that you think should be for Non-security computer personnel?
Some not directly covered topics are acutally subtopics. i.e. malformed data packets for a bufferoverflow or unicode is a subset of how hacker takeds control of your server via your web server.
So are there any topics not covered that you think should be for Non-security computer personnel?
|
|
Back to top |
|
|
ThePsyko SF Mod
Joined: 17 Oct 2002 Posts: 16777178 Location: California
|
Posted: Thu Mar 06, 2003 7:10 am Post subject: |
|
|
Looks good to me.. how about something about backdoors/sidedoors to the network (i.e. rogue servers, user installed applications, etc) ?
|
|
Back to top |
|
|
browolf Trusted SF Member
Joined: 19 Apr 2002 Posts: 1
|
Posted: Thu Mar 06, 2003 11:18 am Post subject: |
|
|
..
You should have a short overview of tcpip stuff like packets and ports.
|
|
Back to top |
|
|
ShaolinTiger Forum Fanatic
Joined: 18 Apr 2002 Posts: 16777215 Location: Kuala Lumpur, Malaysia
|
Posted: Thu Mar 06, 2003 11:30 am Post subject: |
|
|
Perhaps a bit about prevention aswell..
1) What is XXX?
1a) How to stop XXX.
Etc.
I would include something on Social Engineering, PKI, VPN and SSH and perhaps the basic differences between application layer firewalls, appliances and normal home broadband routers (lot's of common misconceptions there).
And a section on *nix Vs Windows.
|
|
Back to top |
|
|
Networkguy Trusted SF Member
Joined: 29 Apr 2002 Posts: 16777215 Location: UK
|
|
Back to top |
|
|
CHeeKY Just Arrived
Joined: 13 Feb 2003 Posts: 3
|
Posted: Thu Mar 06, 2003 1:20 pm Post subject: |
|
|
I hack servers all day, you need a hand shout me run bots for everything via scripting so more than glad to help!
|
|
Back to top |
|
|
effortless Just Arrived
Joined: 13 Feb 2003 Posts: 8 Location: grounded
|
Posted: Thu Mar 06, 2003 3:34 pm Post subject: |
|
|
Trying to explain motives for hacking helps clients take it seriously. They have no concept of risk. "Why would anyone hack me?"
|
|
Back to top |
|
|
Networkguy Trusted SF Member
Joined: 29 Apr 2002 Posts: 16777215 Location: UK
|
Posted: Thu Mar 06, 2003 3:59 pm Post subject: |
|
|
effortless wrote: |
"Why would anyone hack me?" |
BECAUSE THEY CAN
|
|
Back to top |
|
|
myhatisred Just Arrived
Joined: 11 Jan 2003 Posts: 0
|
Posted: Thu Mar 06, 2003 4:10 pm Post subject: |
|
|
my friends used to say that all the time: "Who would ever try to hack me? Blah blah blah" until one day I decided to shut them up.
|
|
Back to top |
|
|
ThePsyko SF Mod
Joined: 17 Oct 2002 Posts: 16777178 Location: California
|
Posted: Thu Mar 06, 2003 4:39 pm Post subject: |
|
|
Networkguy wrote: |
effortless wrote: |
"Why would anyone hack me?" |
BECAUSE THEY CAN |
That seems to be one of the hardest concepts for small companies to grasp - they figure nobody cares what's on their server because they don't have anything interesting or nobody knows they're there
|
|
Back to top |
|
|
ShaolinTiger Forum Fanatic
Joined: 18 Apr 2002 Posts: 16777215 Location: Kuala Lumpur, Malaysia
|
Posted: Thu Mar 06, 2003 4:48 pm Post subject: |
|
|
I agree with that sentiment, this company was like that too until I installed an NIDS/Firewall and showed them the sometimes 80+ attempts per day to get in.
Admittedly most of them were Opaserv/Other worms trying to spread through port 137 but still it opened their eyes.
|
|
Back to top |
|
|
snootalope Just Arrived
Joined: 14 Jan 2003 Posts: 4 Location: IA _ USA
|
Posted: Thu Mar 06, 2003 5:25 pm Post subject: |
|
|
What about some tools? like brutus or Nuke.. and built in.. like tracert, ping, whois.. not a "How to use ping" but a more advance.. like ping -l 30000 80.71.x.x -t and what not.. maybe even some nbtstat remote stuff.. idk.. I always like learning something new on what the basic tools can do!
|
|
Back to top |
|
|
ShaolinTiger Forum Fanatic
Joined: 18 Apr 2002 Posts: 16777215 Location: Kuala Lumpur, Malaysia
|
Posted: Thu Mar 06, 2003 5:27 pm Post subject: |
|
|
Er it's a basic intro to security for newbies, not a l33t h4x0ring guide to 0wn j00r g|bs0nz.
|
|
Back to top |
|
|
snootalope Just Arrived
Joined: 14 Jan 2003 Posts: 4 Location: IA _ USA
|
Posted: Thu Mar 06, 2003 5:31 pm Post subject: |
|
|
ShaolinTiger wrote: |
Er it's a basic intro to security for newbies, not a l33t h4x0ring guide to 0wn j00r g|bs0nz. |
ok.. can I ask you something while your in the mood for answering questions? what the hell does this say? "l33t h4x0ring guide to 0wn j00r g|bs0nz" I always see people talking like that and I can't understand it.. maybe I need a FAQ on that..
|
|
Back to top |
|
|
ShaolinTiger Forum Fanatic
Joined: 18 Apr 2002 Posts: 16777215 Location: Kuala Lumpur, Malaysia
|
Posted: Thu Mar 06, 2003 5:39 pm Post subject: |
|
|
LOL, I said:
It's not an elite hacking guide to take control of your Gibson.
STFW for leet speak or l33t speak.
If you had trouble with what I just said (fairly simple l33t speak) this thread will give you a headache
http://www.security-forums.com/forum/viewtopic.php?t=1976
|
|
Back to top |
|
|
snootalope Just Arrived
Joined: 14 Jan 2003 Posts: 4 Location: IA _ USA
|
Posted: Thu Mar 06, 2003 5:45 pm Post subject: |
|
|
omg WTF is that!?! oh yeah well.. (@ck 0|-\- \/ p%|<E 0\- &!||t
|
|
Back to top |
|
|
|