Here here, Paul.
Worried your test network isn't "real" enough? Make it better! Throw in IDS,
patch management, whatever.
As Paul suggested, get your buddies involved. I've seen workshops where people
are designated "attacker" and "defender", objectives are obvious.
If kids / pro's aren't smart enough to realise the benefits of this kind of
exercise, they really have no business being in our trade.
I'm with Paul. I don't care *who* you are or how ethical you *think* you are,
it's not ethical to break into someone else's computer system without
authorization for whatever reason, and you should be prosecuted for it.
There are ample tools out there to setup a test network ranging from FOSS
tools like QEMU and commercial stuff like VMWare etc.
There's no excuse.
Max
Oh, well that gives me great comfort. Never mind that I can be prosecuted
for the breakin because I've violated a law such as GLB, HIPAA, etc. by
"allowing" a breakin. I'm glad your friends are so "ethical". If you only
think about what's in it for you, you'll always be slanted toward violating
the law. Try thinking about the poor victim whose systems you're breaking
in to. Put yourself in their shoes and ask yourself, how would I feel if I
discovered that someone had entered my systems without my knowledge? Or
bettter yet, how about if I reach in your pocket and take the keys to your
car, take it out for a spin, then return it? Are you OK with that? No
hard feelings?
Paul Schmehl (pauls@utdallas.edu)
Adjunct Information Security Officer
University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/ir/security/
pgpdyOsRG0xal.pgp
Description: PGP signature
