Ben Nagy wrote: >I wouldn't bother trying to "practice hacking" yet. It doesn't teach you as >much about how to secure your own systems as you might think. If you know >how the attacks work in principle then knowing where to download a r00tkit >isn't useful knowledge. A decent approach to learning general principles is to read a few of the books like Cheswick and Bellovin's, that deal with the fundamentals, then begin sorting new things into existing paradigms as they come along. It's useful because then you can ignore the details of various attacks and focus on whether or not they are significant. (ie.: "yawn, another buffer overrun" versus "whoah, timing attacks on public key systems!") A lot of what passes for "knowledgeable" these days is really just encyclopedic knowledge of lots of fiddly details. It's certainly useful to know that stuff but in my opinion it's not as important as the basics. I guess by analogy, it's like learning military history by starting with The Art of War (Sun Tzu) or by reading about the U.S. Civil War. You can derive the fundamental principles by distilling them from a large set of samples, or you can take the fundamentals and extrapolate therefrom. When people ask me about learning security from knowledge of hax0rs toolz, I recommend they take something like a rootkit and dissect it - figure out what it _does_ and then _why_ it does it. Build your own classification scheme in your head and sort things into it - denial of service tools, network-connected penetrations, then build sub-genres and get more precise. By understanding the differences between the instances of whole classes of attacks you can begin to realize how obvious all this stuff is. You can tell the fairly senior security folks because they don't get excited by a lot of the things that are basically "more of the same." mjr. --- Marcus J. Ranum, Chief Technology Officer, Network Flight Recorder, Inc. Work: http://www.nfr.net Play: http://www.ranum.com - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
