Making a beginner faq on security for non-security people.
Goto page 1, 2  Next  :||:
Networking/Security Forums -> General Security Discussion

Author: flwLocation: U.S.A. PostPosted: Thu Mar 06, 2003 6:03 am    Post subject: Making a beginner faq on security for non-security people.
    ----
I'm putting together a beginner FAQ on net security. This would be for people with OS and App knowledge but no security knowledge.

The topics I have at his point are:

How do hackers hide?
How do they take control of a computer on the Internet?
What is a Buffer Overflow and how is it used?
What is the Microsoft Windows Shell and how is it used?
What is IP spoofing and how is it used?
Do hackers talk to each other and how?
What is a packet sniffer and how is it used?
What is a port scanner and how is it used?
What is fringerprinting and how is it used?
What is Denial of Service (DOS) or Distrubuted Denial of Service?

I don't have yet but am going to include Socal Engineering and PKI.

Since I only what to cover the common buzz words the audience has heard of before but have no idea what it really is. Are there any topics not covered that you think should be for Non-security computer personnel?

Some not directly covered topics are acutally subtopics. i.e. malformed data packets for a bufferoverflow or unicode is a subset of how hacker takeds control of your server via your web server.

So are there any topics not covered that you think should be for Non-security computer personnel?

Author: ThePsykoLocation: California PostPosted: Thu Mar 06, 2003 7:10 am    Post subject:
    ----
Looks good to me.. how about something about backdoors/sidedoors to the network (i.e. rogue servers, user installed applications, etc) ?

Author: browolf PostPosted: Thu Mar 06, 2003 11:18 am    Post subject:
    ----
..
You should have a short overview of tcpip stuff like packets and ports.

Author: ShaolinTigerLocation: Kuala Lumpur, Malaysia PostPosted: Thu Mar 06, 2003 11:30 am    Post subject:
    ----
Perhaps a bit about prevention aswell..

1) What is XXX?
1a) How to stop XXX.

Etc.

I would include something on Social Engineering, PKI, VPN and SSH and perhaps the basic differences between application layer firewalls, appliances and normal home broadband routers (lot's of common misconceptions there).

And a section on *nix Vs Windows.

Author: NetworkguyLocation: UK PostPosted: Thu Mar 06, 2003 11:59 am    Post subject:
    ----
Have you read this

http://security-forums.com/forum/viewtopic.php?t=3703

Whilst not going into as much detail as you are wanting to, it might be a good starting point.

Author: CHeeKY PostPosted: Thu Mar 06, 2003 1:20 pm    Post subject:
    ----
I hack servers all day, you need a hand shout me run bots for everything via scripting so more than glad to help!

Author: effortlessLocation: grounded PostPosted: Thu Mar 06, 2003 3:34 pm    Post subject:
    ----
Trying to explain motives for hacking helps clients take it seriously. They have no concept of risk. "Why would anyone hack me?"

Author: NetworkguyLocation: UK PostPosted: Thu Mar 06, 2003 3:59 pm    Post subject:
    ----
effortless wrote:
"Why would anyone hack me?"


BECAUSE THEY CAN Twisted Evil

Author: myhatisred PostPosted: Thu Mar 06, 2003 4:10 pm    Post subject:
    ----
my friends used to say that all the time: "Who would ever try to hack me? Blah blah blah" until one day I decided to shut them up.

Author: ThePsykoLocation: California PostPosted: Thu Mar 06, 2003 4:39 pm    Post subject:
    ----
Networkguy wrote:
effortless wrote:
"Why would anyone hack me?"


BECAUSE THEY CAN Twisted Evil


That seems to be one of the hardest concepts for small companies to grasp - they figure nobody cares what's on their server because they don't have anything interesting or nobody knows they're there

Author: ShaolinTigerLocation: Kuala Lumpur, Malaysia PostPosted: Thu Mar 06, 2003 4:48 pm    Post subject:
    ----
I agree with that sentiment, this company was like that too until I installed an NIDS/Firewall and showed them the sometimes 80+ attempts per day to get in.

Admittedly most of them were Opaserv/Other worms trying to spread through port 137 but still it opened their eyes.

Author: snootalopeLocation: IA _ USA PostPosted: Thu Mar 06, 2003 5:25 pm    Post subject:
    ----
What about some tools? like brutus or Nuke.. and built in.. like tracert, ping, whois.. not a "How to use ping" but a more advance.. like ping -l 30000 80.71.x.x -t and what not.. maybe even some nbtstat remote stuff.. idk.. I always like learning something new on what the basic tools can do! Razz

Author: ShaolinTigerLocation: Kuala Lumpur, Malaysia PostPosted: Thu Mar 06, 2003 5:27 pm    Post subject:
    ----
Er it's a basic intro to security for newbies, not a l33t h4x0ring guide to 0wn j00r g|bs0nz.

Author: snootalopeLocation: IA _ USA PostPosted: Thu Mar 06, 2003 5:31 pm    Post subject:
    ----
ShaolinTiger wrote:
Er it's a basic intro to security for newbies, not a l33t h4x0ring guide to 0wn j00r g|bs0nz.


ok.. can I ask you something while your in the mood for answering questions? what the hell does this say? "l33t h4x0ring guide to 0wn j00r g|bs0nz" I always see people talking like that and I can't understand it.. Crying or Very sad maybe I need a FAQ on that..

Author: ShaolinTigerLocation: Kuala Lumpur, Malaysia PostPosted: Thu Mar 06, 2003 5:39 pm    Post subject:
    ----
LOL, I said:

It's not an elite hacking guide to take control of your Gibson.

STFW for leet speak or l33t speak.

If you had trouble with what I just said (fairly simple l33t speak) this thread will give you a headache Wink

http://www.security-forums.com/forum/viewtopic.php?t=1976

Author: snootalopeLocation: IA _ USA PostPosted: Thu Mar 06, 2003 5:45 pm    Post subject:
    ----
ShaolinTiger wrote:
LOL, I said:

http://www.security-forums.com/forum/viewtopic.php?t=1976


omg WTF is that!?! oh yeah well.. (@ck 0|-\- \/ p%|<E 0\- &!||t Razz



Networking/Security Forums -> General Security Discussion


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Goto page 1, 2  Next  :||:
Page 1 of 2

Powered by phpBB 2.0.x © 2001 phpBB Group