From: Kevin Johnson (kjohnson@secureideas.net)
Date: Mon Jan 19 2004 - 20:01:12 EST
On Mon, 2004-01-19 at 13:05, Don Parker wrote:
> I fully agree that to defend one *must* know how to attack. I too often hear some
> of my peers say how ,such and such, attack is very script kiddiesh. My usual retort to
> that is "do you know how to do it?". Most network security people I know have no concept
> on how to use an exploit, and invoke it let alone code one. Sending someone on
> an "Ethical Hacking" course can fill most of these gaps in. As I have already stated
> though the student must come to one of these courses with a certain amount of knowledge
> before hand or the money is wasted. Prerequisites for such courses must be clearly laid
> out in the course marketting imho.
>
> Cheers
>
> -------------------------------------------
> Don Parker, GCIA
Hi-
I think one of the things to remember is what the term means, not
necessarily how people use it. When I tell some one that I am
considered an ethical hacker. I am saying that I test the security
posture of a company. This may include actually "hacking" into their
systems or just assessing their policies. But no matter what is
included, I also include a remediation report. This ensures that not
only are they told what the problems are, they are also told how to fix
it. I understand the need for Ethical Hacker training. If I didn't
know how to get in, how could I honestly tell them how to keep me out?
Kevin Johnson
---------------------------------------------------------------------------
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:46 EDT