What's new
By:
Advanced search…
My Freemasonry | Freemason Information and Discussion Forum

Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

Ethical Hacking

jvarnell

jvarnell

Premium Member
With all of the rsearch I have been doing into Masonary I have been thinking is there such a thing as ethical hacking. A Cyber Security expert has to learn how someone would cause an exploit. When I was growing up in computers starting in 1977 you learned by doing. (yes the PDP-11/35 and RSX-11 and BSD)
 
Brent Heilman

Brent Heilman

Premium Member
Yes there is. There are courses that are offered in a conference type setting all the time. There are some IT Security guys out there that do as a consulting business. Good stuff to know if you are into the security side of the IT house.
 
jvarnell

jvarnell

Premium Member
The reason I posed this question is that in the college cources that teach these days is just not right. They just can't teach a way to get the mind set and thought patern down. Now they teach a cyber security professional a process and how to do forensics. Cyber security is a thought patern and a psychology not watching for port scans and a buffer flow. I was thinking about teaching some young gun we have what reality was but I don't know if they will practise to systems I know are safe for this. They will also have to learn the social part of find info because it takes a lack of knowledge of the system that is the target to get the true feel of knowing whats in a hackers head. Some of the most successful penatrations start with diging through trash.

So It is my lack of control I am worried about after helping them with the thought paterns.
 
Blake Bowden

Blake Bowden

Administrator
Staff Member
China has no problem using hackers to penetrate our systems, I say we should encourage it. It's the future of warfare imo. I still can't get over the Stuxnet virus Stuxnet - Wikipedia, the free encyclopedia

Back in the day I would war dial looking for vulnerable systems and later on used torjan viruses, mainly for pranks on friends. Not much of a hacker myself though.
 
jvarnell

jvarnell

Premium Member
Stuxnet was a us /Israeli atack on the irans centrafuges. It is very hard to contain stuff like that it is like a controled burn . When i disambled it you see 3 styles of coding in it.
 
JTM

JTM

"Just in case"
Premium Member
Just as with everything else, be willing to accept the consequences of whatever you decide. If you think it's okay but the law doesn't, then decide for yourself whether it's worth it to stand by your platitudes. :)
 
Brent Heilman

Brent Heilman

Premium Member
I have played around with some hacking stuff. I hacked the network at a hotel I was staying at a few years back to just to see how easy it would be. It took 10 minutes. The tools are out there and they are free to get. The penalties though if caught are not. If you want to get a feel for it and play around legally go here: Hack This Site!
 
jvarnell

jvarnell

Premium Member
I know and my point is if I teach them real world stuff and not just the script kiddy stuff that the colleges are teaching them today should I feel moraly oblageted id they use it wrong.
 
jvarnell

jvarnell

Premium Member
apursell said:
I took these courses/certifications years ago...I'm sure much has changed, however they're good classes/certifications.

Network Penetration Testing and Ethical Hacking

Hacker Techniques, Exploits & Incident Handling
Click to expand...

But the one thing I you can't get from that that my guy need to know is that those are guidline for a hacker to know what you are looking for and they don't have to spend much time on that line of thought. Back in the late 80's Stephen Nortcutt of SANS when he was DoD told me you don't need to think what data they are after as a target. But I think you do.
 
apursell

apursell

Registered User
I guess I agree with that statement from Northcutt. When I apply security aspects to any of the networks I've worked on I am not concerned with what data they're after, I go to protect all data. From my experience in the IS field for 12 years as a Government contractor for DoD and various unnamed organizations, applying the least amount of privilege is key and also your biggest threat is from insiders.
 
jvarnell

jvarnell

Premium Member
apursell said:
I guess I agree with that statement from Northcutt. When I apply security aspects to any of the networks I've worked on I am not concerned with what data they're after, I go to protect all data. From my experience in the IS field for 12 years as a Government contractor for DoD and various unnamed organizations, applying the least amount of privilege is key and also your biggest threat is from insiders.
Click to expand...

But that is what is wrong with the coledge training to know what to watch with extra zeal you need to know what is valuable. 90% proctect 10% detect it is that 10% after the fact that will kill you. With the NIST 800-53 the hackers know what not to do it is writen right there. They just do other stuff.
 
apursell

apursell

Registered User
At my non profit I now work for we deny all on firewall and only open as needed and also I have implemented a full suite of HIDS and NIDS. When I see weird traffic you investigate. Most of it is just seeing what happens, if your feeling frisky you can always put out a honeypot..
 
You must log in or register to reply here.
Top