Sept.11/cybersecurity

Started by Zerored, April 12, 2002, 04:46:25 PM

Previous topic - Next topic
Sup all. I wanted yallz opinion on whay you think about the new impementation of "beefing up" cycer security for the reason of the sept 11 incident. I wonder, what did Sept 11 have to do with cybersecurity? And why is their an increase and even degree programs (ITT tech and a Navy military oriented program degree) dedicated to cybersecurity. Any thoughts?

heh.

that attack has nothing to do with computer security. Computer security and
terrorism don't go together, never have and never will.

Just one of the idiocies of the US gov't.

as far as teaching security.. PFFFT !!! What a JOKE !
You can give advice, you can point people in the right direction, but...
teaching ? HAH ! It's a skill you develop... You can show someone how to patch
a program, but every program is different, and even if you show someone how
to patch something, do they understand it ? Do they know what they did ? Yep, they patched
something. That's about it.

You can't show someone how to make a secure passwd. You can give them tips, but you
can NOT tell them what it should be. That would defeat the purpose of passwds.

Do I need to say more ? I think you get the idea, but if you don't, I can give more examples...
I'm sure Neek, Maddy, and others agree with me...

Oh, and for those who don't realize it: reading a book is not the equivalent of someone
teaching you the subject; it is the equivalent of you teaching yourself. PERIOD. EOF.



"My Terminal is my Soul"

Thats what i thought. Apples and oranges. And yes, ITT Technical institute is trying to emlpoy a Security Bachelors degree(to add on to the networking, an AS). I very curious how that will pan out. I have my doubts. there arent many real teachers at itt. Just because one has a "Bats" in comp sci, doesnt mean you can actually teach. heck, i taught myself how to study by myself. Some of the instructors go by the book cause they dont know what the heck theyre doin so the need someone to fill in the position. Sad really. And, i do agree with you metty. Some things you just cant teach. And i doubt theyll have some cisco pix stuff mixed in with some checkpont fw-1 stuff, laced with a little sonicwall...i think theyll use stuff like ipchains, bunches of windoze stuff. and teach students how to use john the ripper...

I agree with Metgod and add a small portion to it. Security is just a word until you practice within your lifestyle. The same applies to Information Technology. An example:

If you leave your car doors open with the key in the ignition in the middle of Los Angeles, there's a good chance that your car won't be there when you get back. BUT, if everytime you step away from your car, you take the key, lock the doors and close them, arm the alarm, lock the hubs, etc.; there's less of a chance that will happen (Notice: I did NOT say it wouldn't). Now, we add in other factors: The person parked next to you everyday doesn't lock their car, leaves the keys in it, etc. Somebody just looking to steal any car is going for the easy one. Somebody looking for YOUR car...is trying for yours. Whether they get it or not depends on their skill as a car thief.

Turn that car into a computer, network, house, or whatever you want. The same applies.

To add to that:

Security is relative to what is at stake. What do I mean? If you let your kid roam the local mall all alone while you shop, don't be suprised when the police find the body (if they do). If you leave your jelly donuts in the break room at work during the morning, don't be suprised when they are gone. How far do you go to protect these valuables? Well, the first case: ALL THE WAY. You don't let your child leave your site for 1 (ONE) second. You pay attention...you do whatever the hell it takes to make sure that your child isn't leaving you unless somebody cuts your hand off of your cold, dead body first. As far as the jelly donuts, just take them into your office. People will get the hint.

How does this relate to computers/networking security? If you have data worth a billion dollars to a company, don't spend 5 bucks on microsoft proxy 2.0 and 10 bucks on a 3com hub to secure it. Have REAL people watching that data 24/7 who know what the hell they are supposed to be looking for, and don't let them get up for extended coffee breaks. If you have a personal webserver that you just setup for funsies, don't spend hundreds of thousands of dollars to secure it. Just lock down the box so it doesn't run any services you don't need, apply your stupid patches, use ipfw or ipchains, etc. If it gets compramised after that: find out how, rebuild the box, and fix it so it doesn't happen again. No loss there.

Get the idea? What does this have to do with September 11th? Not a clue. But I am taking the Security CCIE from Cisco and the CCSE from Checkpoint to better know the environment I control. The little papers I will get from them will just fill up wall space.


Wilnix
alt email address: wilnix@hackphreak.org

Looking back, Will's post has a lot of really good points. The examples are very precise and concise, valid, and really display how security should be looked at. But, unfortunately not many (read: enough) people do that.

Will, you really should write some stuff for X-Zine sometime. You have a lot of good ideas, theories, examples, etc. Would be excellent to write essays, articles, or papers of some sort. I know you're awfully busy though. Just a thought.

Anyhow, point is Sept. 11 2001 attack has nothing to do with cybersecurity, especially directly.


Met
"My Terminal is my Soul"

SMF spam blocked by CleanTalk