Security Basics mailing list archives
Re: Security demonstrations
From: fddi_sent () yahoo com
Date: 13 Mar 2008 07:57:21 -0000
I agree with the notion of providing security demonstrations in the work place, but would it be more wise to perform more security awareness trainings versus potentially enlightening your users on how to tap into each others emails via session hi-jacking? If you are the info sec guy responsible, you may be creating more work for yourself. I too have thought about showing my users the power of open source tools to show how vulnerable networks could be, but I decided against it because of potential abuse. Sure users can find this information all day long on the Internet, I just would rather not find myself in a room during an investigation only to hear "He was the guy that showed us how to do it". One suggestion that may be a decent compromise, but not as jaw dropping is demonstrating basic google hacking techniques. Again, not jaw dropping but what you can do is make it into somewhat of a game. Google hacking techniques are basic but can yield good information about a particular site. When you couple the basic techniques along with creativity, you can find a wealth of information about your own site that you did not know was available. Make the training interactive and give prizes to your users that end up finding information on your site that you did not know was publicly available. This creates additional sets of eyes looking at your organizations information assets at a very low cost. It also makes your users aware of simple techniques available to all users and at the same time reinforces the notion that security is everyones responsibility, not just the IT staff. Good Luck! fddi_sent
Current thread:
- Security demonstrations Byron Campbell (Mar 12)
- <Possible follow-ups>
- Re: Security demonstrations David Glosser (Mar 12)
- RE: Security demonstrations Murda Mcloud (Mar 13)
- Re: Security demonstrations fddi_sent (Mar 13)