• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Making a beginner faq on security for non-security people.

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Goto page Previous  1, 2
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> General Security Discussion

View previous topic :: View next topic  
Author Message
Mongrel
SF Mod
SF Mod


Joined: 30 May 2002
Posts: 8


Offline

PostPosted: Thu Mar 06, 2003 7:06 pm    Post subject: Reply with quote

Quote:
That seems to be one of the hardest concepts for small companies to grasp - they figure nobody cares what's on their server because they don't have anything interesting or nobody knows they're there.


Many companies have no idea of the value in their networks. They think just because they hold no military secrets, no medical files and no credit card info, that no-one would want what they have.

So they are not able to put a dollar value on their data and protecting it. Almost any company would gladly spend the time and money to add protection if they understood what they really have an the fact that it is valuable.

Some information here about just what malicious hackers look for, the real-life value, and how it gets used.

Harvesting e-mail addresses. Harvesting passwords, online transactions etc etc.

Also mention of because they can - that many hacks are done as part of a learning process. You read it all the time in chat rooms and discussion boards - "I just rooted my first server" or such.

This shows even more hidden value to a poorly protected network - great testing grounds for a student of the dark arts.

Then of course there's the cost of undoing a hack or rooted server. Astronomical to the small company's pocketbook.

I know this info would be more for the Execiutive Summary but I think mention of it will go a long way in giving credibility to just why people might hack little old ME???
Back to top
View user's profile Send private message
flw
Forum Fanatic
Forum Fanatic


Joined: 27 May 2002
Posts: 16777215
Location: U.S.A.

Offline

PostPosted: Fri Mar 07, 2003 12:16 am    Post subject: Reply with quote

Thanks for all your input. You've had a some great ideas which I'll include in the faq.

Thanks again,
Back to top
View user's profile Send private message Visit poster's website
nexus
Just Arrived
Just Arrived


Joined: 22 Feb 2003
Posts: 0
Location: /proc

Offline

PostPosted: Fri Mar 07, 2003 1:04 am    Post subject: Reply with quote

Maybe talk about the level of security on various OSes. Some people tend to think that if they are on a linux box they are invincible... Wink.
Back to top
View user's profile Send private message
Tom Bair
SF Boss
SF Boss


Joined: 10 Aug 2002
Posts: 16776955
Location: Portland, Oregon USA

Offline

PostPosted: Fri Mar 07, 2003 1:17 am    Post subject: Re: Making a beginner faq on security for non-security peopl Reply with quote

fastlanwan wrote:
Do hackers talk to each other and how?


I would change the phrasing on this one. You are contridicting yourself in your header with the "and how". You can use either:

Do hackers talk with each other?

or

How do hackers talk with each other?

I also see you haven't put up a header for explaining firewalls in general.

Tom
Back to top
View user's profile Send private message Visit poster's website
TinTin
Forum Fanatic
Forum Fanatic


Joined: 25 Apr 2002
Posts: 16777199


Offline

PostPosted: Fri Mar 07, 2003 3:01 am    Post subject: Re: Making a beginner faq on security for non-security peopl Reply with quote

fastlanwan wrote:
I'm putting together a beginner FAQ on net security. This would be for people with OS and App knowledge but no security knowledge.

The topics I have at his point are:

How do hackers hide?
How do they take control of a computer on the Internet?
What is a Buffer Overflow and how is it used?
What is the Microsoft Windows Shell and how is it used?
What is IP spoofing and how is it used?
Do hackers talk to each other and how?
What is a packet sniffer and how is it used?
What is a port scanner and how is it used?
What is fringerprinting and how is it used?
What is Denial of Service (DOS) or Distrubuted Denial of Service?

I don't have yet but am going to include Socal Engineering and PKI.

Since I only what to cover the common buzz words the audience has heard of before but have no idea what it really is. Are there any topics not covered that you think should be for Non-security computer personnel?

Some not directly covered topics are acutally subtopics. i.e. malformed data packets for a bufferoverflow or unicode is a subset of how hacker takeds control of your server via your web server.

So are there any topics not covered that you think should be for Non-security computer personnel?



Great Idea Fastlanwan, I don't know a great deal, but what I do know I have learned from reading and partaking in forums just like SFDC
Back to top
View user's profile Send private message Send e-mail MSN Messenger
funkyd
Just Arrived
Just Arrived


Joined: 05 Mar 2003
Posts: 0


Offline

PostPosted: Tue Mar 11, 2003 7:16 pm    Post subject: Reply with quote

How about a section detailing how a hacker can overcome protection?

For example how NAT can be overriden - how a hacker can get onto your DMZ/trusted...how a hacker can get your admin passwords - even if you rename admin accounts etc etc

The company I work at have the viewpoint 'we have a firewall and it has NAT so we are protected'

What would be good is to know why it's not good enough and how it can be compromised....

Cheers
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> General Security Discussion All times are GMT + 2 Hours
Goto page Previous  1, 2
Page 2 of 2


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register