As I understand the process, the best thing to do at this point is to try to work up a relatively wide-ranging set of topics that *might* be worth inclusion. The next step will be to give surveys to people asking how important the particular issue is to *their* job. Thus, if nobody uses postfix, it'll get rated lower, and probably won't make the cut. For example, it seems highly doubtful that we actually need 30 tasks for Nessus, but which 30 do you need? I'm not sure I could say, but a bunch of Linux users with a survey tool might.
There was a previous discussion about where to draw the line between all-technical hands-on stuff, and general security concepts (ala the CISSP). I'd be more inclined to at least try to throw in some stuff about security concepts, secure coding, etc. and let the people vote. Of course, I'm just as new to this as anyone else, so my perspecitve is not necessarily the best, and I think it should be an open discussion on how to proceed. By all means, please suggest a better approach or direction if you have one. In the mean time, I'm trying to think about what that "wide range" of topics might include, with an eye for structuring the objectives into some logical format (policy, local security, network security, add-on products, etc). I'll throw some of that out soon, also, but wanted to do things one step at a time. Thanks all! Mark Lachniet [EMAIL PROTECTED] > On Thu, Apr 01, 2004 at 11:45:16AM +0900, Olaf Meeuwissen wrote: > SQL injection is more of a coding security issue. Securing the common > database servers by setting passwords and access should be done at the > PostgreSQL and MySQL levels. > > Coding for security is a good idea, but I don't think that will be the > focus of this initial list of projects. I could be wrong however. This > thread was Mark's idea, so not sure where he is taking it really ;) > _______________________________________________ _______________________________________________ lpi-examdev mailing list [EMAIL PROTECTED] http://list.lpi.org/mailman/listinfo/lpi-examdev
