RE: Secure host newbie - fun - humm

["Charles Highsmith" <Charles.Highsmith () foundstone com>]

Alvin, simon, Theadore! Doot doot da doot doot doot...  95% of security
is people management?  That's funny. No wonder half this world is
vulnerable to stupid and trivial security issues.

-----Original Message-----
From: Alvin Oga [mailto:alvin.sec () Virtual Linux-Consulting com] 
Sent: Thursday, April 01, 2004 7:05 PM
To: Simon Lemieux
Cc: security-basics () securityfocus com
Subject: Re: Secure host newbie - fun - humm


hi ya simon

i dont mean to scare ya but...

> > i'd venture to say ... 95% of security is just people management ...
> > and 5% is implementing a techie solution

...
> > - 90% of all security issues is internal ... not from outside the
internet

...

> Thank you for your guidelines, though I fear they will not affect me 
> since I'm alone with my best friend in this business...  and he knows 
> nothing about linux and network.  All I have to fear comes from the 
> internet.

you forgot to include *yourself* in the "internal [cr/h]ackers"
        - rm -rf /  will always be an important [security/backup] lesson
:-)

        - all the "security stuff" affects you... even if its only you
        and your own machine and nobody else in the house/bldg

see the links to SAN's top 7, top 20 security boo-boos
        http://www.sans.org/resources/errors.php
        http://www.sans.org/top20
        
        - more -
        http://www.Linux-sec.net

have fun
alvin

------------------------------------------------------------------------
---
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
off 
any course! All of our class sizes are guaranteed to be 10 students or
less 
to facilitate one-on-one interaction with one of our expert instructors.

Attend a course taught by an expert instructor with years of
in-the-field 
pen testing experience in our state of the art hacking lab. Master the
skills 
of an Ethical Hacker to better assess the security of your organization.

Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------
----


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------