Re: Network Hacking

From: Karl Levinson [x y] mvp (levinson_k@excite.com)
Date: 02/21/03 

From: "Karl Levinson [x y] mvp" <levinson_k@excite.com>
Date: Thu, 20 Feb 2003 21:22:49 -0500

Exactly. This is NOT a knee jerk reaction. This is America, where you
respect the rights of others, or else you risk getting your rights taken
away. You don't have to hack into live computers to learn how to secure
computers properly... nor is there any guarantee that learning to hack into
a system teaches you how to secure that system. There are plenty of people
that know how to hack that would be very bad security administrators or that
aren't able to secure their own systems. There's no way a school teaching
"automotive security" would advise people to break into actual cars on the
street due to a large variety of bad things that could happen. There are
much better ways to teach hacking than this.

If a university computer is discovered to be hacked, 1) someone at the
university is going to have to do incident response, which wastes that
person's valuable time, and 2) the student could be at risk because the
university is free to expell the student just on the suspicion that
something bad was done, even if nothing bad was done. Unlike the US legal
system, universities don't have to have a fair trial or meet a burden of
proof etc. before they screw someone's life up. Last, these are young
college students, so you know not all of them are going to leave a hacked
computer without first doing something destructive or malicious. I would
definitely bring this to someone's attention at the school.

Anyhow, to answer the original question, there are a lot of things to do,
you've got your work cut out for you... but start with what you can do and
go from there:

http://securityadmin.info/faq.htm#harden
http://securityadmin.info/faq.htm#hacked

"sgopus" <fredd@hotmail.com> wrote in message
news:02ef01c2d933$4f017410$a201280a@phx.gbl...
> Hear hear! I agree wholeheartedly. this is america and
> we should teach how to makes things secure, not just react
> to the idea. for those who say shame, get a grip and lets
> teach for teaching sake. for that admin, he should
> certainly take the class, I wouldn't suggest advising the
> class to attack a live database however, I would have
> thought a class project set up to test exactly like a real
> system however. and advise when holes are found.