Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: OS to know.

from [Kelly Martin] Network Security [Permanent Link]
Subject: Re: OS to know.
Date: Tue, 18 Oct 2005 20:01:06 -0400
Jonathan Pauli wrote:
This is some serious Troll Bait put out by curtis I think.

At first glance it might seem to be, but it's really not. All he's saying is that the military systems are using standard software and environments that everyone else is using too, and it's not something ancient and obviously vulnerable like Windows 3.1.1.

I'm hoping most of the infrastructure Curtis mentioned isn't on the public Internet.

Hi post is widely available now, just as yours is... this mailing list is mirrored by at least six different websites around the world, in addition to the SecurityFocus site. However, this really isn't an issue because he didn't give anything away - with the minor exception of knowing what kind of firewall they use. When new vulnerabilities come up for that particular model of firewall, knowing where it's installed makes it much easier for a hacker to exploit.

Obscurity isn't good security in itself, but it can still be an extra layer when combined with good security practices. The annoying brute-ssh worm that keeps looking for targets on port 22 is a good example of this... change the port your ssh daemon runs on, and you don't have to comb through your logs looking at all those mindless, failed login attempts. However this still doesn't let you get away with weak passwords which are easily discovered when you're being attacked. Just a quick analogy.

Regards,

Kelly Martin

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Outlook Personal Folders Password, Cam Fischer
Next by Date:  RE: Hard drives v. CF/Smart media/etc., Herman Frederick Ebeling, Jr.
Previous by Thread:  Re: OS to know., Jonathan Pauli
Next by Thread:  Re: OS to know., Kevin white
Indexes:  [Date] [Thread] [Top] [All Lists]