"An idea, a project, a collaboration"

[Philip S Holt / Security Engineering <philipsholt () uswest net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Good morning, good afternoon all.
   Hope all is well with everyone.
   "Y2k, here we come    ..."
   Following is an idea I have, and I believe it certainly
has merit, and will serve
those that follow and those new to the community, very well.

   Please contact me 'out - of band' with you ideas,
comments, contributions, critique,
flames, whatever, so as to save bandwidth and unneccessary
clutter on the listserve HD Thanks. I
am currently (Have been for six months actully) working with
ICSA's director of education
and outreach, Dr. Mich Kabay with regards to INFOSec options
around the globe, in particular,
the options for the student and or individual who seeks to
enter this field. In doing the
work that I am currentily doing (which is very rewarding and
a huge undertaking - believe me), I have come to my senses
and believe that something similiar, though in a different
vane, would serve us all very well, and that is as follows:
- -    Many of you are experts, and this is evident from
that which you so generousily
share.
- -    We have newcomers coming in on a 'regular' and
consistant basis, and this is great.
Many of them ask for help, and the response is always good,
and I am continually impressed by
this. "I personally feel very forunate to be a part of this
group, thanks to all! (I initally
signed on some 17 months ago)"
- -    We have the likes of comprehensive oranizations such
as SANS, Cert, EuroCert and
others
- -    We have many things available to further our efforts
and possibly make a difference
when it comes  to doing that 'which we do'.
   OK, enough of the background and discourse.
   We have FAQ's everywhere, but we don't have the
following. My above description of the
work I am doing as it pertains to INFOSec education
(graduate, certificate, yadda, yadda, yadda)
has the basic architecture and idea that I propose here. A
centralized, comprehensive, organic,
always a 'work - in - progress' place where all of us,
especially those new to the community can
get the 'basic' answers that they need. OK, visualize me, or
you actually, as that 'newbie', whatever,
needing something like the following
- -    Where do you go for AV discourse?
- -    What about PKI? Where do you go?
- -    Encryption? What is relevant to me, those I serve,
and what are the tangible issues?
- -    Where do you go for instructions and information
concerning successful system
penetrations and what to do in the proper order?
- -    Bastion Hosts? Who has a great whitepaper on this?
- -    What are the current vulnerability issues with the
latest release of MS Proxy?
- -    Biometric reviews? The issues?
- -    Tools (NT, Netware, Mac, UNIX, VMS)
- -    Utilities (NT, Netware, Mac, UNIX)
- -    Cracker URL's
- -    Periodicals like Phrack,  Backlisted, 2600?
- -    Firewall reviews?
- -    VPN reviews?
- -    Forensics?
- -    What is nmap? Where is their mailing list?
- -    Honeypots?
- -    Commonport listings / Trojans?
- -    CERT - "What do they provide?"
- -    SANS - "What do they provide?"
- -    What is bugtraq? Why should sys admins know abou
this?
- -    Where is M$ security download URL?
- -    What is required to report a bug to M$
- -    PGP / What is it?
- -    Where are the definitive URL's and resources for
hardening NT?
- -    Where are the definitive URL's and resources for
hardening Netware and the various
UNIX
variants?
- -    Where are there Policy, and how 'to' create INFOSec
policy resources?
- -    What does a probe look like? A door knocking? Attack
signatures? What about flags
being changed and different bit sets?
- -    Buffer overuns?
- -    The new threats?
- -    The old ones, the time honoured 'classics'?
   Obviousily, the list can go on, and on.
   Since I've been a member of this community, I have
noticed quite a few times,
instances, where, had we a place where basic info' like
above (And I am not really talking about FAQ's) was all
compiled and put together in a central place, repository,
even one of us having the file as it grows and matures,
having this available to the community helps us all.
   A very wise man (PR) told me some time ago, and I have
said this a few times in the
past, that: "Every machine you tighten down, everything you
do to enhance our efforts enhances my own work. Everything
you do, everything you share with the community supports my
efforts, which in turn helps not only me but everyone else".
It is in this spirit, that I send forth these ideas.
   Thank-you all.
Philip.


-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.1 for non-commercial use
<http://www.pgp.com>
Comment: "The more we USE IT - the slower we'll LOOSE IT"

iQA/AwUBOF2oFO2N+OlTKp4EEQIQGwCfXHbCZUfglU32rzh65OnK+ydIu0EAoKK+

1KrdHIfTQNfuGdpsUKjJPAsI
=YhDi
-----END PGP SIGNATURE-----