Firewall Wizards mailing list archives
"An idea, a project, a collaboration"
From: Philip S Holt / Security Engineering <philipsholt () uswest net>
Date: Sun, 19 Dec 1999 19:55:12 -0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Good morning, good afternoon all. Hope all is well with everyone. "Y2k, here we come ..." Following is an idea I have, and I believe it certainly has merit, and will serve those that follow and those new to the community, very well. Please contact me 'out - of band' with you ideas, comments, contributions, critique, flames, whatever, so as to save bandwidth and unneccessary clutter on the listserve HD Thanks. I am currently (Have been for six months actully) working with ICSA's director of education and outreach, Dr. Mich Kabay with regards to INFOSec options around the globe, in particular, the options for the student and or individual who seeks to enter this field. In doing the work that I am currentily doing (which is very rewarding and a huge undertaking - believe me), I have come to my senses and believe that something similiar, though in a different vane, would serve us all very well, and that is as follows: - - Many of you are experts, and this is evident from that which you so generousily share. - - We have newcomers coming in on a 'regular' and consistant basis, and this is great. Many of them ask for help, and the response is always good, and I am continually impressed by this. "I personally feel very forunate to be a part of this group, thanks to all! (I initally signed on some 17 months ago)" - - We have the likes of comprehensive oranizations such as SANS, Cert, EuroCert and others - - We have many things available to further our efforts and possibly make a difference when it comes to doing that 'which we do'. OK, enough of the background and discourse. We have FAQ's everywhere, but we don't have the following. My above description of the work I am doing as it pertains to INFOSec education (graduate, certificate, yadda, yadda, yadda) has the basic architecture and idea that I propose here. A centralized, comprehensive, organic, always a 'work - in - progress' place where all of us, especially those new to the community can get the 'basic' answers that they need. OK, visualize me, or you actually, as that 'newbie', whatever, needing something like the following - - Where do you go for AV discourse? - - What about PKI? Where do you go? - - Encryption? What is relevant to me, those I serve, and what are the tangible issues? - - Where do you go for instructions and information concerning successful system penetrations and what to do in the proper order? - - Bastion Hosts? Who has a great whitepaper on this? - - What are the current vulnerability issues with the latest release of MS Proxy? - - Biometric reviews? The issues? - - Tools (NT, Netware, Mac, UNIX, VMS) - - Utilities (NT, Netware, Mac, UNIX) - - Cracker URL's - - Periodicals like Phrack, Backlisted, 2600? - - Firewall reviews? - - VPN reviews? - - Forensics? - - What is nmap? Where is their mailing list? - - Honeypots? - - Commonport listings / Trojans? - - CERT - "What do they provide?" - - SANS - "What do they provide?" - - What is bugtraq? Why should sys admins know abou this? - - Where is M$ security download URL? - - What is required to report a bug to M$ - - PGP / What is it? - - Where are the definitive URL's and resources for hardening NT? - - Where are the definitive URL's and resources for hardening Netware and the various UNIX variants? - - Where are there Policy, and how 'to' create INFOSec policy resources? - - What does a probe look like? A door knocking? Attack signatures? What about flags being changed and different bit sets? - - Buffer overuns? - - The new threats? - - The old ones, the time honoured 'classics'? Obviousily, the list can go on, and on. Since I've been a member of this community, I have noticed quite a few times, instances, where, had we a place where basic info' like above (And I am not really talking about FAQ's) was all compiled and put together in a central place, repository, even one of us having the file as it grows and matures, having this available to the community helps us all. A very wise man (PR) told me some time ago, and I have said this a few times in the past, that: "Every machine you tighten down, everything you do to enhance our efforts enhances my own work. Everything you do, everything you share with the community supports my efforts, which in turn helps not only me but everyone else". It is in this spirit, that I send forth these ideas. Thank-you all. Philip. -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.1 for non-commercial use <http://www.pgp.com> Comment: "The more we USE IT - the slower we'll LOOSE IT" iQA/AwUBOF2oFO2N+OlTKp4EEQIQGwCfXHbCZUfglU32rzh65OnK+ydIu0EAoKK+ 1KrdHIfTQNfuGdpsUKjJPAsI =YhDi -----END PGP SIGNATURE-----
Current thread:
- "An idea, a project, a collaboration" Philip S Holt / Security Engineering (Dec 21)