We have divided this work into three separate thoughts. The primary is to give you what you need for the real world. The second is to let you smoke the Security+ exam. The third is to be a resource, not only as a stand-alone book but your guide to the best expert authorities of a specific sub-topic.
Since the specifics of security change with the clock, we will point you to the best resources that we have found. Since this opening chapter is a generic chapter, we offer you a generic email list of great value. This is the INS list at attrition.org. It was from this list that we were alerted of an article at the Computer World site, even before the email alert from the ComputerWorld web site came to one of your authors. The following article can be found online29. In an effort to both entice you, and give you a small proof of our veracity, we offer a few lines from Dan Verton, posted July 18, 2002.
A hacker nicknamed RaFa is the ex-leader of the now defunct World of Hell defacement group, which racked up thousands of Web site defacements before disbanding last year. He said that in addition to making simple configuration mistakes, most administrators don't keep up with updates and patches released by their software vendors.
"They don't update services running on the system, and, they set up permissions and software settings the wrong way on the Web server," said RaFa. "Think about all of the zero-day exploits I've used. The vendors knew about 90% of those."
However, the real problem is not laziness, its trust, said Genocide, the leader of the Genocide2600 hacker group. Most administrators and corporate managers simply trust that they are secure, he said.
"That is their first and biggest mistake," said Genocide. "People believe that since their company may not have anything that someone would want they are free from attack. What administrators really need to do is treat every day as if they were at war and as if the enemy were always planning an attack, he added.
"It's the companies, administrators and CEOs that don't see it that way who become the easy targets," said Genocide. "They are the ones who don't keep their firewalls, intrusion-detection systems and software upgraded."
Home - Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.