From: Chuck Church (ccie8776@rochester.rr.com)
Date: Mon Dec 09 2002 - 17:47:49 GMT-3
Kevin,
What exactly do you do where you work? The reason I ask is you mentioned
learning C and C++, and how the buffer overflows can result in a security
breach. I'm sure most of us are in a situation where we work for a company
that is tied to one particular OS/NOS, whether it's Unix, NetWare, NT, etc.
Sure, we're diligent in security patches for that particular vendor's OS, but
is learning how to write secure code really necessary? I remember writing C
in college on a VAX, and trying to write to a memory location I didn't own
would result in a core dump, but for the most part I think we rely on the
vendor to fix the holes. I almost get the impression that you defense guys
write your own code for a lot of things. In that case, learning secure coding
techniques is paramount. You mentioned learning intrusion signatures. I've
found the documentation for Cisco IDS to be pretty weak, especially for the
hardware sensor. Do you have any suggestions on decent whitepapers covering
intrusion detection?
Thanks,
Chuck Church
CCIE #8776, MCNE, MCSE
----- Original Message -----
From: Kevin C McCarty
To: Paul Jin
Cc: Brian T. Albert ; Chuck Church ; nobody@groupstudy.com ; Security
Sent: Monday, December 09, 2002 10:42 AM
Subject: Re: Hello
Gentlemen,
I would like to reply to the general thread of Chucks points on security and
what to "learn" . I do this everyday, all day, at many sites around the
globe. I can't stress enough learning the underlying points of how holes begin
and why. This starts from a system level run by humans, in a language that is
compiled and forms an OS. This is where the learning starts, use the
programs Nessus, Nmap, and Snort, learn why the C or C++ code is allowing
buffer overflows. Don;t take the separtist approach of wrapping up poorly
formed objects and spewing them down a tunnel that is called secure. I tell
you this: Finding an encrypted hacker is VERY hard. All of you are
extremely intelligent and are to be commended on where you are in learning the
Cisco CCIE path. But there is much more, and quite frankly, Cisco is kind of
late on the scene, so in my humble opinion learn s! ome assembler (Intel),
some c, some c++, intrusion signatures, forensics, join the SANS list and
check out their Cert offerings.
All have a fine day.
Thanks--
Kevin McCarty
Computer Sciences Corporation
Defense Sector
"Obstacles are those annoying little bumps that occur when you take your
eyes off your goals"
Henry Ford
Paul Jin <pauljin
@yahoo.com>
Sent by: nobody
12/08/2002 01:11 PM
Please respond to Paul Jin
To: Chuck Church <ccie8776@rochester.rr.com>, "Brian T.
Albert" <brian.albert@worldnet.att.net>, Security <security@groupstudy.com>
cc:
Subject: Re: Hello
Yup, I think these little 501s are pretty much all you need. The only other
thing
it cannot do, in addition to adding interfaces for DMZ is failover.
And for these 2 things, you can just borrow the remote labs and practice
only
when you need to.
- Paul
Chuck Church <ccie8776@rochester.rr.com> wrote:Right now I'm reading through
the MCNS book, which seems pretty good. Once
I get my hands on a W2K server disk, I'm going to start playing with ACS,
Radius, Tacacs, etc. Also thinking about buying a PIX 501, as it seems to
do everything the bigger ones do, with the exception of DMZ interfaces.
NLI/CCBootcamp has a sample security lab on their site, looks decent.
Chuck Church
CCIE #8776, MCNE, MCSE
----- Original Message -----
From: "Brian T. Albert"
To: "Chuck Church" ; "Security"
Sent: Sunday, December 08, 2002 11:34 AM
Subject: RE: Hello
> Hi Chuck,
>
> I am also a R/S guy and will pursue a Security CCIE. Right now I am going
> about it informally by reading the Cisco Security books and whatever I
can
> find on Cisco's web site. I am using my R/S lab at home and building my
own
> labs, IPSec tunnels, Pix, ACS, etc. Eventually I will look at purchasing
> some lab scenarios, maybe from Hello Computers. What do you think your
> approach will be? If there are any guys in Chicago who would like to
study
> together for CCIE Security, contact me offline.
>
> Thanks
>
> Brian T. Albert
> CCIE #9682
> brian.albert@worldnet.att.net
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> Chuck Church
> Sent: Saturday, December 07, 2002 10:17 PM
> To: Security
> Subject: Hello
>
>
> All,
>
> I just thought I'd introduce myself. I'm thinking pretty hard about
> going for the CCIE Security. My current CCIE is R&S. Haven't seen any
> messages since I joined yesterday, just wondering if there's many people
on
> this list.
>
> Thanks,
>
> Chuck Church
> CCIE #8776, MCNE, MCSE
.
---------------------------------
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now
.
This archive was generated by hypermail 2.1.4 : Fri Jan 17 2003 - 17:21:42 GMT-3