That seems to be one of the hardest concepts for small companies to grasp - they figure nobody cares what's on their server because they don't have anything interesting or nobody knows they're there.
Many companies have no idea of the value in their networks. They think just because they hold no military secrets, no medical files and no credit card info, that no-one would want what they have.
So they are not able to put a dollar value on their data and protecting it. Almost any company would gladly spend the time and money to add protection if they understood what they really have an the fact that it is valuable.
Some information here about just what malicious hackers look for, the real-life value, and how it gets used.
Harvesting e-mail addresses. Harvesting passwords, online transactions etc etc.
Also mention of because they can - that many hacks are done as part of a learning process. You read it all the time in chat rooms and discussion boards - "I just rooted my first server" or such.
This shows even more hidden value to a poorly protected network - great testing grounds for a student of the dark arts.
Then of course there's the cost of undoing a hack or rooted server. Astronomical to the small company's pocketbook.
I know this info would be more for the Execiutive Summary but I think mention of it will go a long way in giving credibility to just why people might hack little old ME???
Posted: Fri Mar 07, 2003 3:01 am Post subject: Re: Making a beginner faq on security for non-security peopl
fastlanwan wrote:
I'm putting together a beginner FAQ on net security. This would be for people with OS and App knowledge but no security knowledge.
The topics I have at his point are:
How do hackers hide?
How do they take control of a computer on the Internet?
What is a Buffer Overflow and how is it used?
What is the Microsoft Windows Shell and how is it used?
What is IP spoofing and how is it used?
Do hackers talk to each other and how?
What is a packet sniffer and how is it used?
What is a port scanner and how is it used?
What is fringerprinting and how is it used?
What is Denial of Service (DOS) or Distrubuted Denial of Service?
I don't have yet but am going to include Socal Engineering and PKI.
Since I only what to cover the common buzz words the audience has heard of before but have no idea what it really is. Are there any topics not covered that you think should be for Non-security computer personnel?
Some not directly covered topics are acutally subtopics. i.e. malformed data packets for a bufferoverflow or unicode is a subset of how hacker takeds control of your server via your web server.
So are there any topics not covered that you think should be for Non-security computer personnel?
Great Idea Fastlanwan, I don't know a great deal, but what I do know I have learned from reading and partaking in forums just like SFDC
How about a section detailing how a hacker can overcome protection?
For example how NAT can be overriden - how a hacker can get onto your DMZ/trusted...how a hacker can get your admin passwords - even if you rename admin accounts etc etc
The company I work at have the viewpoint 'we have a firewall and it has NAT so we are protected'
What would be good is to know why it's not good enough and how it can be compromised....
All times are GMT + 2 Hours Goto page Previous1, 2
Page 2 of 2
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum