Re: Ethical Hacking Training

From: Meritt James (meritt_james@bah.com)
Date: Mon Jan 19 2004 - 13:06:22 EST


Here we go again. I believe that those skills necessary to build a
building are different than those to demolish a building. There are
construction engineers and there are demolition experts. Different
things. And the skills to fix a car engine are not those necessary to
vandalize one. "Know your enemy" is nice, "know your job" is, in my
opinion, better.

"DeGennaro, Gregory" wrote:
>
> Very good statement and you do need to know your enemy.
>
> Just because you're a police officer, soldier, or in our case, information
> security engineers, does not mean you or I really know our enemy and their
> full or potential capabilities.
>
> Ethical hacking gives us an overview or lets us peer into the cracker's
> world. Of course, the classes do not have the latest cracks unless they
> have a honey pot running and receiving such traffic. Nor, does it make us
> crackers. It is only a look see and not cracker training.
>
> Ethical Hacking is really a coin term for the public and those who do not
> know the difference between hacker, wacker, and cracker. The public only
> knows or thinks they know what a hacker is. In reality, they have no clue
> that a hacker is good and the other two are not.
>
> Also, how do you propose a professional runs pen and vuln tests against
> their network to secure holes in their fortifications? There are good
> products on in the market; however not everyone can afford them, use them
> properly, or the software or device is not totally up to date or catches
> everything.
>
> Regards,
>
> Greg DeGennaro Jr., CCNP
> Security Analyst
>
> -----Original Message-----
> From: Teicher, Mark (Mark) [mailto:teicher@avaya.com]
> Sent: Friday, January 16, 2004 7:10 PM
> To: Rob Shein; Andy Cuff [Talisker]; pen-test@securityfocus.com
> Subject: RE: Ethical Hacking Training
>
> Talisker,
>
> I still have an issue with the term "Ethical hacking" It was a term
> born out of the Big Six when they were trying build their security
> practices and leverage their existing client base. I still feel the
> term is somewhat of slant on those who practice "holistic security" and
> actually attempt to help customers improve their network security
> posture instead of pointing out the "glaring" hole that those who
> practice "Ethical Hacking" like to do.
>
> I have worked in the past with those who preach and teach "Ethical
> Hacking" Many of those people have published books exploiting that exact
> theme.
>
> Why not spend the time in researching how to correct security exploits
> in enforcing secure coding standards and forcing vendors to clean up
> their act and making their products work more efficiently and securely.
>
> /mark
>
> ---------------------------------------------------------------------------
> ----------------------------------------------------------------------------

-- 
James W. Meritt CISSP, CISA
Booz | Allen | Hamilton
phone: (410) 684-6566
---------------------------------------------------------------------------
----------------------------------------------------------------------------


This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:46 EDT