Re: Intro To Hacking
From: Miles Stevenson (miles_at_mstevenson.org)
Date: 10/18/04
- Previous message: Kirk Schafer: "Re: Hard Drive data security (slightly OT)"
- In reply to: Jonathan Loh: "Re: Intro To Hacking"
- Next in thread: VHP3: "Re: Intro To Hacking"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: security-basics@securityfocus.com Date: Mon, 18 Oct 2004 16:04:02 -0400
On Monday 18 October 2004 03:45 pm, Jonathan Loh wrote:
> With that said. How did you build your first honeypot then? Were you not
> a beginner? There are different types of beginners here. One that has
> training and one that does not. Think about it how does anyone build
> anything? If everyone took your approach we'd be back in the stone ages!
> Everyone has to start somewhere.
Please take my response to this in the good spirit in which it is intended: to
correct the errors you made in your criticisms. This is not a flame, which
would be inappropriate (and I think the moderator would agree).
This is irrational. I think you are coming to this conclusion because you are
defining "advanced" security professionals (as I called them in my post), as
those who already know a great deal about honeypots and have experience using
them.
I use the term advanced in the context applied to the general area of security
which is exactly the way I said it: "advanced security researchers" (applied
to the general area of security). In other words, people new to information
security should NOT be operating honeypots. First, they should be working on
other necessary skills such as firewalls, intrusion detection, system
hardening, etc, etc.
Those who have those necessary skills and experience in practicing them, are
much better prepared to deal with the delicate process of observing attackers
while preventing them from attacking others.
So back to your question:
"How did you build your first honeypot then?"
I first did a lot of research on the subject and attended a SANS lecture by
Lance Spitzner of the Honeynet project. I then applied my previous 4 years of
professional security experience and combined that with the research that I
did on honeypots BEFORE attempting to operate one.
As far as my response to your other comment:
"If everyone took your approach, we'd be back in the stone ages!"
This also demonstrates a lack of rational thought. Man first had to learn to
create fire before he could build electric generators. This is the same
concept in all fields of knowledge: you must learn the fundamental concepts
before you learn the advanced ones which rely on those fundamentals.
Any further questions I can help you with?
-- Miles Stevenson miles@mstevenson.org PGP FP: 035F 7D40 44A9 28FA 7453 BDF4 329F 889D 767D 2F63
- application/pgp-signature attachment: stored
- Previous message: Kirk Schafer: "Re: Hard Drive data security (slightly OT)"
- In reply to: Jonathan Loh: "Re: Intro To Hacking"
- Next in thread: VHP3: "Re: Intro To Hacking"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
