Get this Security+ CertiGuide for your own computer.
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Also available: 300-question Security+ practice test!
Get It Here!

Custom Search







Table Of Contents  CertiGuide to Security+
 9  Chapter 0:  Read.Me

Previous Topic/Section
0.5  Security Through Obscurity
Previous Page
Pages in Current Topic/Section
1
Next Page
0.7  SpyWare
Next Topic/Section

0.6  Resources

We have divided this work into three separate thoughts. The primary is to give you what you need for the real world. The second is to let you smoke the Security+ exam. The third is to be a resource, not only as a stand-alone book but your guide to the best expert authorities of a specific sub-topic.

Since the specifics of security change with the clock, we will point you to the best resources that we have found. Since this opening chapter is a generic chapter, we offer you a generic email list of great value. This is the INS list at attrition.org. It was from this list that we were alerted of an article at the Computer World site, even before the email alert from the ComputerWorld web site came to one of your authors. The following article can be found online29. In an effort to both entice you, and give you a small proof of our veracity, we offer a few lines from Dan Verton, posted July 18, 2002.

“A hacker nicknamed RaFa is the ex-leader of the now defunct World of Hell defacement group, which racked up thousands of Web site defacements before disbanding last year. He said that in addition to making simple configuration mistakes, most administrators don't keep up with updates and patches released by their software vendors.”

"They don't update services running on the system, and, they set up permissions and software settings the wrong way on the Web server," said RaFa. "Think about all of the zero-day exploits I've used. The vendors knew about 90% of those."

“However, the real problem is not laziness, its trust,” said Genocide, the leader of the Genocide2600 hacker group. “Most administrators and corporate managers simply trust that they are secure,” he said.

"That is their first and biggest mistake," said Genocide. "People believe that since their company may not have anything that someone would want they are free from attack. What administrators really need to do is treat every day as if they were at war and as if the enemy were always planning an attack,” he added.

"It's the companies, administrators and CEOs that don't see it that way who become the easy targets," said Genocide. "They are the ones who don't keep their firewalls, intrusion-detection systems and software upgraded."


 __________________

29. http://www.rootkit.com

Previous Topic/Section
0.5  Security Through Obscurity
Previous Page
Pages in Current Topic/Section
1
Next Page
0.7  SpyWare
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $



Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.