• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Making a beginner faq on security for non-security people.

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Goto page 1, 2  Next
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> General Security Discussion

View previous topic :: View next topic  
Author Message
flw
Forum Fanatic
Forum Fanatic


Joined: 27 May 2002
Posts: 16777215
Location: U.S.A.

Offline

PostPosted: Thu Mar 06, 2003 6:03 am    Post subject: Making a beginner faq on security for non-security people. Reply with quote

I'm putting together a beginner FAQ on net security. This would be for people with OS and App knowledge but no security knowledge.

The topics I have at his point are:

How do hackers hide?
How do they take control of a computer on the Internet?
What is a Buffer Overflow and how is it used?
What is the Microsoft Windows Shell and how is it used?
What is IP spoofing and how is it used?
Do hackers talk to each other and how?
What is a packet sniffer and how is it used?
What is a port scanner and how is it used?
What is fringerprinting and how is it used?
What is Denial of Service (DOS) or Distrubuted Denial of Service?

I don't have yet but am going to include Socal Engineering and PKI.

Since I only what to cover the common buzz words the audience has heard of before but have no idea what it really is. Are there any topics not covered that you think should be for Non-security computer personnel?

Some not directly covered topics are acutally subtopics. i.e. malformed data packets for a bufferoverflow or unicode is a subset of how hacker takeds control of your server via your web server.

So are there any topics not covered that you think should be for Non-security computer personnel?
Back to top
View user's profile Send private message Visit poster's website
ThePsyko
SF Mod
SF Mod


Joined: 17 Oct 2002
Posts: 16777178
Location: California

Offline

PostPosted: Thu Mar 06, 2003 7:10 am    Post subject: Reply with quote

Looks good to me.. how about something about backdoors/sidedoors to the network (i.e. rogue servers, user installed applications, etc) ?
Back to top
View user's profile Send private message Send e-mail
browolf
Trusted SF Member
Trusted SF Member


Joined: 19 Apr 2002
Posts: 1


Offline

PostPosted: Thu Mar 06, 2003 11:18 am    Post subject: Reply with quote

..
You should have a short overview of tcpip stuff like packets and ports.
Back to top
View user's profile Send private message
ShaolinTiger
Forum Fanatic
Forum Fanatic


Joined: 18 Apr 2002
Posts: 16777215
Location: Kuala Lumpur, Malaysia

Offline

PostPosted: Thu Mar 06, 2003 11:30 am    Post subject: Reply with quote

Perhaps a bit about prevention aswell..

1) What is XXX?
1a) How to stop XXX.

Etc.

I would include something on Social Engineering, PKI, VPN and SSH and perhaps the basic differences between application layer firewalls, appliances and normal home broadband routers (lot's of common misconceptions there).

And a section on *nix Vs Windows.
Back to top
View user's profile Send private message Visit poster's website
Networkguy
Trusted SF Member
Trusted SF Member


Joined: 29 Apr 2002
Posts: 16777215
Location: UK

Offline

PostPosted: Thu Mar 06, 2003 11:59 am    Post subject: Reply with quote

Have you read this

http://security-forums.com/forum/viewtopic.php?t=3703

Whilst not going into as much detail as you are wanting to, it might be a good starting point.
Back to top
View user's profile Send private message
CHeeKY
Just Arrived
Just Arrived


Joined: 13 Feb 2003
Posts: 3


Offline

PostPosted: Thu Mar 06, 2003 1:20 pm    Post subject: Reply with quote

I hack servers all day, you need a hand shout me run bots for everything via scripting so more than glad to help!
Back to top
View user's profile Send private message
effortless
Just Arrived
Just Arrived


Joined: 13 Feb 2003
Posts: 8
Location: grounded

Offline

PostPosted: Thu Mar 06, 2003 3:34 pm    Post subject: Reply with quote

Trying to explain motives for hacking helps clients take it seriously. They have no concept of risk. "Why would anyone hack me?"
Back to top
View user's profile Send private message Send e-mail
Networkguy
Trusted SF Member
Trusted SF Member


Joined: 29 Apr 2002
Posts: 16777215
Location: UK

Offline

PostPosted: Thu Mar 06, 2003 3:59 pm    Post subject: Reply with quote

effortless wrote:
"Why would anyone hack me?"


BECAUSE THEY CAN Twisted Evil
Back to top
View user's profile Send private message
myhatisred
Just Arrived
Just Arrived


Joined: 11 Jan 2003
Posts: 0


Offline

PostPosted: Thu Mar 06, 2003 4:10 pm    Post subject: Reply with quote

my friends used to say that all the time: "Who would ever try to hack me? Blah blah blah" until one day I decided to shut them up.
Back to top
View user's profile Send private message Visit poster's website AIM Address
ThePsyko
SF Mod
SF Mod


Joined: 17 Oct 2002
Posts: 16777178
Location: California

Offline

PostPosted: Thu Mar 06, 2003 4:39 pm    Post subject: Reply with quote

Networkguy wrote:
effortless wrote:
"Why would anyone hack me?"


BECAUSE THEY CAN Twisted Evil


That seems to be one of the hardest concepts for small companies to grasp - they figure nobody cares what's on their server because they don't have anything interesting or nobody knows they're there
Back to top
View user's profile Send private message Send e-mail
ShaolinTiger
Forum Fanatic
Forum Fanatic


Joined: 18 Apr 2002
Posts: 16777215
Location: Kuala Lumpur, Malaysia

Offline

PostPosted: Thu Mar 06, 2003 4:48 pm    Post subject: Reply with quote

I agree with that sentiment, this company was like that too until I installed an NIDS/Firewall and showed them the sometimes 80+ attempts per day to get in.

Admittedly most of them were Opaserv/Other worms trying to spread through port 137 but still it opened their eyes.
Back to top
View user's profile Send private message Visit poster's website
snootalope
Just Arrived
Just Arrived


Joined: 14 Jan 2003
Posts: 4
Location: IA _ USA

Offline

PostPosted: Thu Mar 06, 2003 5:25 pm    Post subject: Reply with quote

What about some tools? like brutus or Nuke.. and built in.. like tracert, ping, whois.. not a "How to use ping" but a more advance.. like ping -l 30000 80.71.x.x -t and what not.. maybe even some nbtstat remote stuff.. idk.. I always like learning something new on what the basic tools can do! Razz
Back to top
View user's profile Send private message AIM Address Yahoo Messenger MSN Messenger
ShaolinTiger
Forum Fanatic
Forum Fanatic


Joined: 18 Apr 2002
Posts: 16777215
Location: Kuala Lumpur, Malaysia

Offline

PostPosted: Thu Mar 06, 2003 5:27 pm    Post subject: Reply with quote

Er it's a basic intro to security for newbies, not a l33t h4x0ring guide to 0wn j00r g|bs0nz.
Back to top
View user's profile Send private message Visit poster's website
snootalope
Just Arrived
Just Arrived


Joined: 14 Jan 2003
Posts: 4
Location: IA _ USA

Offline

PostPosted: Thu Mar 06, 2003 5:31 pm    Post subject: Reply with quote

ShaolinTiger wrote:
Er it's a basic intro to security for newbies, not a l33t h4x0ring guide to 0wn j00r g|bs0nz.


ok.. can I ask you something while your in the mood for answering questions? what the hell does this say? "l33t h4x0ring guide to 0wn j00r g|bs0nz" I always see people talking like that and I can't understand it.. Crying or Very sad maybe I need a FAQ on that..
Back to top
View user's profile Send private message AIM Address Yahoo Messenger MSN Messenger
ShaolinTiger
Forum Fanatic
Forum Fanatic


Joined: 18 Apr 2002
Posts: 16777215
Location: Kuala Lumpur, Malaysia

Offline

PostPosted: Thu Mar 06, 2003 5:39 pm    Post subject: Reply with quote

LOL, I said:

It's not an elite hacking guide to take control of your Gibson.

STFW for leet speak or l33t speak.

If you had trouble with what I just said (fairly simple l33t speak) this thread will give you a headache Wink

http://www.security-forums.com/forum/viewtopic.php?t=1976
Back to top
View user's profile Send private message Visit poster's website
snootalope
Just Arrived
Just Arrived


Joined: 14 Jan 2003
Posts: 4
Location: IA _ USA

Offline

PostPosted: Thu Mar 06, 2003 5:45 pm    Post subject: Reply with quote

ShaolinTiger wrote:
LOL, I said:

http://www.security-forums.com/forum/viewtopic.php?t=1976


omg WTF is that!?! oh yeah well.. (@ck 0|-\- \/ p%|<E 0\- &!||t Razz
Back to top
View user's profile Send private message AIM Address Yahoo Messenger MSN Messenger
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> General Security Discussion All times are GMT + 2 Hours
Goto page 1, 2  Next
Page 1 of 2


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register