Penetration Testing mailing list archives
RE: Ethical Hacking Training
From: "DeGennaro, Gregory" <Gregory_DeGennaro () csaa com>
Date: Tue, 20 Jan 2004 08:47:26 -0800
"Know your enemy" is nice, "know your job" is, in my opinion, better." There are a lot of professionals that know their job well and know nothing of Infosec. Infosec is in a world of its own and to be good at it, you have to be multi-faceted. A lot of professionals out in the industry only specialized. Information Security professionals usually explore outside their initial backgrounds because they are either bored or they want more knowledge. Wars were only won by the victors who knew their enemy well and knew their job. To be effective, you have to know both. Regards, Greg DeGennaro Jr., CCNP -----Original Message----- From: Meritt James [mailto:meritt_james () bah com] Sent: Monday, January 19, 2004 10:06 AM To: DeGennaro, Gregory Cc: Teicher Mark (Mark); Rob Shein; Andy Cuff [Talisker]; pen-test () securityfocus com Subject: Re: Ethical Hacking Training Here we go again. I believe that those skills necessary to build a building are different than those to demolish a building. There are construction engineers and there are demolition experts. Different things. And the skills to fix a car engine are not those necessary to vandalize one. "Know your enemy" is nice, "know your job" is, in my opinion, better. "DeGennaro, Gregory" wrote:
Very good statement and you do need to know your enemy. Just because you're a police officer, soldier, or in our case, information security engineers, does not mean you or I really know our enemy and their full or potential capabilities. Ethical hacking gives us an overview or lets us peer into the cracker's world. Of course, the classes do not have the latest cracks unless they have a honey pot running and receiving such traffic. Nor, does it make us crackers. It is only a look see and not cracker training. Ethical Hacking is really a coin term for the public and those who do not know the difference between hacker, wacker, and cracker. The public only knows or thinks they know what a hacker is. In reality, they have no clue that a hacker is good and the other two are not. Also, how do you propose a professional runs pen and vuln tests against their network to secure holes in their fortifications? There are good products on in the market; however not everyone can afford them, use them properly, or the software or device is not totally up to date or catches everything. Regards, Greg DeGennaro Jr., CCNP Security Analyst -----Original Message----- From: Teicher, Mark (Mark) [mailto:teicher () avaya com] Sent: Friday, January 16, 2004 7:10 PM To: Rob Shein; Andy Cuff [Talisker]; pen-test () securityfocus com Subject: RE: Ethical Hacking Training Talisker, I still have an issue with the term "Ethical hacking" It was a term born out of the Big Six when they were trying build their security practices and leverage their existing client base. I still feel the term is somewhat of slant on those who practice "holistic security" and actually attempt to help customers improve their network security posture instead of pointing out the "glaring" hole that those who practice "Ethical Hacking" like to do. I have worked in the past with those who preach and teach "Ethical Hacking" Many of those people have published books exploiting that exact theme. Why not spend the time in researching how to correct security exploits in enforcing secure coding standards and forcing vendors to clean up their act and making their products work more efficiently and securely. /mark
---------------------------------------------------------------------------
---------------------------------------------------------------------------- -- James W. Meritt CISSP, CISA Booz | Allen | Hamilton phone: (410) 684-6566 --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: Ethical Hacking Training, (continued)
- Re: Ethical Hacking Training Mike Hoskins (Jan 20)
- RE: Ethical Hacking Training Teicher, Mark (Mark) (Jan 19)
- RE: Ethical Hacking Training DeGennaro, Gregory (Jan 19)
- Re: Ethical Hacking Training Meritt James (Jan 19)
- Re: Ethical Hacking Training Stormwalker (Jan 20)
- RE: Ethical Hacking Training Kurt (Jan 20)
- Re: Ethical Hacking Training Meritt James (Jan 19)
- Re: Ethical Hacking Training Don Parker (Jan 19)
- Re: Ethical Hacking Training Kevin Johnson (Jan 20)
- RE: Ethical Hacking Training Don Parker (Jan 19)
- RE: Ethical Hacking Training S. Thomas (Jan 20)
- RE: Ethical Hacking Training DeGennaro, Gregory (Jan 20)
- Re: Ethical Hacking Training Hamish webhosting.net.nz (Jan 20)
- Ethical Hacking Training Daryl Davis (Jan 20)
- Re: Ethical Hacking Training Jeff Shawgo (Jan 20)
- Re: Ethical Hacking Training Chris Kirschke (Jan 20)
- RE: Ethical Hacking Training Kohlenberg, Toby (Jan 20)
- RE: Ethical Hacking Training Don Parker (Jan 20)