Re: Generating awareness amongst IT staff

[pand0ra <pand0ra.usa () gmail com>]

Break out Nessus and show them what a vulnerability scan looks like on
a test server. Then use Metasploit to show them how easy it is to
compromise the box. Try wireshark/favorite packet capture tool and
show them how much fun it is to capture unencrypted traffic
(preferably their password, which is probably one from a dictionary).
Then grab a clue banana then beat them over the head with it.

On 11/25/06, Faheem SIDDIQUI <fahimdxb () gmail com> wrote:
> I am in the middle od preparing slides for security awareness
> presentation amongst IT staff (network admins/system/DBAs) etc.
>
> Security awareness is quite low amongst these guys and they seem to
> believe that the way have done it all these years, can continue all the
> remaining years too.
>
> Plan is, to create password hack using Ophcrack and run it during
> presentation. What else can I do to create real time engaging
> presentation so that these guys might sit up and take notice. How about
> doing a pen test on databases?
>
> Anyone has any ideas to make this presentation to largely IT technical
> staff...as engaging as possible?
>
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
> http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
> ------------------------------------------------------------------------

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------