Re: Ethical Hacking Training

From: Kevin Johnson (kjohnson_at_secureideas.net)
Date: 01/20/04

  • Next message: Stormwalker: "Re: Ethical Hacking Training"
    To: pen-test@securityfocus.com
    Date: Mon, 19 Jan 2004 20:01:12 -0500
    
    

    On Mon, 2004-01-19 at 13:05, Don Parker wrote:
    > I fully agree that to defend one *must* know how to attack. I too often hear some
    > of my peers say how ,such and such, attack is very script kiddiesh. My usual retort to
    > that is "do you know how to do it?". Most network security people I know have no concept
    > on how to use an exploit, and invoke it let alone code one. Sending someone on
    > an "Ethical Hacking" course can fill most of these gaps in. As I have already stated
    > though the student must come to one of these courses with a certain amount of knowledge
    > before hand or the money is wasted. Prerequisites for such courses must be clearly laid
    > out in the course marketting imho.
    >
    > Cheers
    >
    > -------------------------------------------
    > Don Parker, GCIA

    Hi-

    I think one of the things to remember is what the term means, not
    necessarily how people use it. When I tell some one that I am
    considered an ethical hacker. I am saying that I test the security
    posture of a company. This may include actually "hacking" into their
    systems or just assessing their policies. But no matter what is
    included, I also include a remediation report. This ensures that not
    only are they told what the problems are, they are also told how to fix
    it. I understand the need for Ethical Hacker training. If I didn't
    know how to get in, how could I honestly tell them how to keep me out?

    Kevin Johnson

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------


  • Next message: Stormwalker: "Re: Ethical Hacking Training"