Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CISSP Test

From: robert () dyadsecurity com
Date: Tue, 22 Mar 2005 21:05:44 -0800
Vladamir(wireless.insecurity () gmail com)@Tue, Mar 22, 2005 at 11:34:35PM -0500:

In my opinion, they should do away with "boot camps", they churn out 
paper CCNAs, paper CISSPs, and they're doing nobody any real good.

Why did SANS do away with the practical portion of their (I forgot the 
name) exam? I read briefly about it, and it looks (well, looked) like a 
lot of fun, how hard would it be?

Set up honey pot w/ snort, ethereal, secured logging server
Advertise "insecure machine"
Sit back, collect packets, write report.

Doesn't sound too hard to me!


Doesn't sound too useful either!

But seriously, most of the "security" industry is sadly broken. It's filled 
with good intentioned people who grossly misunderstand the problem and people
just looking to make a buck where ever they can.

SANS programs have little to do with security.  I'm glad they changed their
policy.  They seem more honest now.

If you want to learn about security, start here:
http://www.acm.org/classics/sep95/
http://www.nsa.gov/selinux/papers/inevitability/
http://www.radium.ncsc.mil/tpep/library/rainbow/

Robert

-- 
Robert E. Lee
CEO, Dyad Security, Inc.
W - http://www.dyadsecurity.com
E - robert () dyadsecurity com
M - (949) 394-2033
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: