Making a beginner faq on security for non-security people.
Goto page Previous  1, 2  :||:
Networking/Security Forums -> General Security Discussion

Author: Mongrel PostPosted: Thu Mar 06, 2003 7:06 pm    Post subject:
    ----
Quote:
That seems to be one of the hardest concepts for small companies to grasp - they figure nobody cares what's on their server because they don't have anything interesting or nobody knows they're there.


Many companies have no idea of the value in their networks. They think just because they hold no military secrets, no medical files and no credit card info, that no-one would want what they have.

So they are not able to put a dollar value on their data and protecting it. Almost any company would gladly spend the time and money to add protection if they understood what they really have an the fact that it is valuable.

Some information here about just what malicious hackers look for, the real-life value, and how it gets used.

Harvesting e-mail addresses. Harvesting passwords, online transactions etc etc.

Also mention of because they can - that many hacks are done as part of a learning process. You read it all the time in chat rooms and discussion boards - "I just rooted my first server" or such.

This shows even more hidden value to a poorly protected network - great testing grounds for a student of the dark arts.

Then of course there's the cost of undoing a hack or rooted server. Astronomical to the small company's pocketbook.

I know this info would be more for the Execiutive Summary but I think mention of it will go a long way in giving credibility to just why people might hack little old ME???

Author: flwLocation: U.S.A. PostPosted: Fri Mar 07, 2003 12:16 am    Post subject:
    ----
Thanks for all your input. You've had a some great ideas which I'll include in the faq.

Thanks again,

Author: nexusLocation: /proc PostPosted: Fri Mar 07, 2003 1:04 am    Post subject:
    ----
Maybe talk about the level of security on various OSes. Some people tend to think that if they are on a linux box they are invincible... Wink.

Author: Tom BairLocation: Portland, Oregon USA PostPosted: Fri Mar 07, 2003 1:17 am    Post subject: Re: Making a beginner faq on security for non-security peopl
    ----
fastlanwan wrote:
Do hackers talk to each other and how?


I would change the phrasing on this one. You are contridicting yourself in your header with the "and how". You can use either:

Do hackers talk with each other?

or

How do hackers talk with each other?

I also see you haven't put up a header for explaining firewalls in general.

Tom

Author: TinTin PostPosted: Fri Mar 07, 2003 3:01 am    Post subject: Re: Making a beginner faq on security for non-security peopl
    ----
fastlanwan wrote:
I'm putting together a beginner FAQ on net security. This would be for people with OS and App knowledge but no security knowledge.

The topics I have at his point are:

How do hackers hide?
How do they take control of a computer on the Internet?
What is a Buffer Overflow and how is it used?
What is the Microsoft Windows Shell and how is it used?
What is IP spoofing and how is it used?
Do hackers talk to each other and how?
What is a packet sniffer and how is it used?
What is a port scanner and how is it used?
What is fringerprinting and how is it used?
What is Denial of Service (DOS) or Distrubuted Denial of Service?

I don't have yet but am going to include Socal Engineering and PKI.

Since I only what to cover the common buzz words the audience has heard of before but have no idea what it really is. Are there any topics not covered that you think should be for Non-security computer personnel?

Some not directly covered topics are acutally subtopics. i.e. malformed data packets for a bufferoverflow or unicode is a subset of how hacker takeds control of your server via your web server.

So are there any topics not covered that you think should be for Non-security computer personnel?



Great Idea Fastlanwan, I don't know a great deal, but what I do know I have learned from reading and partaking in forums just like SFDC

Author: funkyd PostPosted: Tue Mar 11, 2003 7:16 pm    Post subject:
    ----
How about a section detailing how a hacker can overcome protection?

For example how NAT can be overriden - how a hacker can get onto your DMZ/trusted...how a hacker can get your admin passwords - even if you rename admin accounts etc etc

The company I work at have the viewpoint 'we have a firewall and it has NAT so we are protected'

What would be good is to know why it's not good enough and how it can be compromised....

Cheers



Networking/Security Forums -> General Security Discussion


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Goto page Previous  1, 2  :||:
Page 2 of 2

Powered by phpBB 2.0.x © 2001 phpBB Group