Jump to content
Sign in to follow this  
Greaver

"White Hat Hacking"

Recommended Posts

Hey peoples

 

I am currently doing my N+ and my tutor has talked quite extensively of white hat hacking and how experimenting with and researching it will make us better and more skilled network admins, technicians etc.

 

I have always been interested in hacking (not for illegitimate purposes and I'm serious) but have always been dubious about putting too much effort into finding the information incase it got me into trouble.

 

Armed with what I know now I was wondering, does anyone know of any good resources that can aid me in learning all about the different things involved, if this is inappropriate mods please remove the thread and inform me it is wrong but as far as I am aware this is good and legal learning for a training network tech.

Share this post


Link to post
Share on other sites

Theres nothing inappropriate about your question. Your tutor is exactly right knowing the ways of hacking will make you a WAY better network admin or technician. Ive done Pen testing for firms who hire admins that dont even know how to change ram let alone DDOS and take down a web server. I personally think its a must for any Sys Admin to know how those technologies work and how to defend against them.

 

What aspect of white hat hacking are you interested in?

Share this post


Link to post
Share on other sites

There are a lot of legitimate sites which deal with computer security related issues, pen testing, exploits and how to make a computer do what it is not necessarily supposed to.

 

A good start is http://insecure.org/ . Start there and look around the full disclosure posts. There should be enough there to keep you busy for a while.

 

http://isc.sans.org/ is currently going through a security month, making daily posts of a few basic services and what to watch. They will also generally make posts when there is something big happening on the net and what you might want to look out for. There is also an occasional hacking challenge post in there, something to look out for.

Edited by Chancellor

Share this post


Link to post
Share on other sites

Theres nothing inappropriate about your question. Your tutor is exactly right knowing the ways of hacking will make you a WAY better network admin or technician. Ive done Pen testing for firms who hire admins that dont even know how to change ram let alone DDOS and take down a web server. I personally think its a must for any Sys Admin to know how those technologies work and how to defend against them.

 

What aspect of white hat hacking are you interested in?

As broad as it is, I want to research and know how to circumvent any party gaining access to, or disrupting the systems in which I am entrusted and employed to manage, I know it sounds old school but I want to be the best I possibly can, I love tech and I love learning tech, the better I am the better I look to an employer and the more relaxed I can feel when I come up against this crap in the industry.

Share this post


Link to post
Share on other sites

Hey that's the philosophy I use in regards to security and tech and I think I've done quite good out of it. As Chancellor said check out insecure.org its probably going to be the best place to start. ICS was also on the list to sites I was going to link . I don't know if its against the rules to post some more in depth sites. But reguardless PM me and I can link some more if you like. Maybe help out when you have any questions.

Share this post


Link to post
Share on other sites

As broad as it is, I want to research and know how to circumvent any party gaining access to, or disrupting the systems in which I am entrusted and employed to manage, I know it sounds old school but I want to be the best I possibly can, I love tech and I love learning tech, the better I am the better I look to an employer and the more relaxed I can feel when I come up against this crap in the industry.

 

The days of SA vs Hacker are long gone...

 

Its now Cisco VS Hacker while the system admin has a cup of coffee and stares at the girls in sales...

Share this post


Link to post
Share on other sites

The days of SA vs Hacker are long gone...

 

Its now Cisco VS Hacker while the system admin has a cup of coffee and stares at the girls in sales...

I'd suggest that anyone with that opinion should not be in a network security position. Yes there are many tools out there from Cisco / Checkpoint / etc which will generate colourful graphs about the last 24 hours of network activity, but in the end it is up to someone to configure everything, sort out what should / should not be on the network, and keep everything running.

Edited by Chancellor

Share this post


Link to post
Share on other sites

The days of SA vs Hacker are long gone...

 

Its now Cisco VS Hacker while the system admin has a cup of coffee and stares at the girls in sales...

I'd suggest that anyone with that opinion should not be in a network security position. Yes there are many tools out there from Cisco / Checkpoint / etc which will generate colourful graphs about the last 24 hours of network activity, but in the end it is up to someone to configure everything, sort out what should / should not be on the network, and keep everything running.

 

I should reconsider my job then it seems..

 

Im not sure what kind of business environment you have been exposed to. But where I work, I dont have free reign over a budget to decide what we will be buying next, or have endless hours to analyse packets and scour forums for the latest exploits to second guess the moves of would be intruders. I get given hardware that is to be installed and configured to specification. N+ or CCNA/P courses teach you how to configure and play with out of the box hardware. Not code crunch and battle with hackers. Those jobs go to Computer Science Majors from MIT working for companies like Cisco or Checkpoint who design software, hardware and protocols then onsell it as intrusion prevention packages to big business for millions of dollars. Any system admin will tell you this.

 

Regardless, legit hackers (not script kiddies) that are right on the pulse of the latest exploits and weaknesses will find a way in to some degree eventually. There isn't much an SA can do to avoid this. With that being said, we have yet to have a malicious external attack on our network, even with my negligent administration...

Share this post


Link to post
Share on other sites

I am not saying that Cisco and Checkpoint don't make it easy, because they do. You can configure hardware to a certain spec, and watch it go. I do however believe that a system admins job is also to keep everything running, making sure it does what it is supposed to be.

You are right in saying it's not the SAs job to write code or find exploits. It does however help to have at least some idea about trends, how some of the basic exploits work and why to enable or disable a certain option that just came up due to an update done on the IPS.

 

I am also not in a position to make budget decisions (in fact in my position there is an extremely small budget), and no, I have not been exposed to large networks as of yet. (Currently it is a network of around 140 hosts, one firewall, a few VPNs and not much more).

Share this post


Link to post
Share on other sites

N+ or CCNA/P courses teach you how to configure and play with out of the box hardware. Not code crunch and battle with hackers. Those jobs go to Computer Science Majors from MIT working for companies like Cisco or Checkpoint who design software, hardware and protocols then onsell it as intrusion prevention packages to big business for millions of dollars. Any system admin will tell you this.

I don't agree with that. I am sure a lot of people without degrees but years of industry skill and experience would shit over most uni graduates in security.

It's one thing to read about it in books, it's another to actually get your hands dirty with it.

 

 

 

 

Also, blazeg I pulled your post because it looks like you were pimping a site you shouldn't.

Ok that is two posts, both the same. Repost it and you will be banned cause you seem to be a spam bot to me.

Edited by iamthemaxx

Share this post


Link to post
Share on other sites

I don't agree with that. I am sure a lot of people without degrees but years of industry skill and experience would shit over most uni graduates in security.

It's one thing to read about it in books, it's another to actually get your hands dirty with it.

I can definably agree with that. To me a uni degree means nothing in my world of security infact it makes things easier because i know that most people dont have the 1st clue about I.T security and they arnt thuat anything about it in there course.

 

 

Its something you have to personally invest alot of time into. I myself have and unfortunately got myself in trouble with the law when I was 17 doing some things I shouldn't have been. I myself haven't worked on huge corporate networks really only small business's 20-100 people which is still a substantial network. But I have been hired to pen test for law firms and a insurance company and I can tell you now that the people who designed and moderated there networks didn't have the faintest idea what there doing. Which is why I now moderate them.

 

 

To put it quite Frankly if your going to be ignorant GTFO because the 17 year old that I once was there's 1000's of them and there all looking to steal and sell your information.

 

@Yolbit what kind of network do you moderate and what kind of information does it contain?

Edited by mudg3

Share this post


Link to post
Share on other sites

Im not sure what kind of business environment you have been exposed to. But where I work, I dont have free reign over a budget to decide what we will be buying next, or have endless hours to analyse packets and scour forums for the latest exploits to second guess the moves of would be intruders. I get given hardware that is to be installed and configured to specification. N+ or CCNA/P courses teach you how to configure and play with out of the box hardware. Not code crunch and battle with hackers. Those jobs go to Computer Science Majors from MIT working for companies like Cisco or Checkpoint who design software, hardware and protocols then onsell it as intrusion prevention packages to big business for millions of dollars. Any system admin will tell you this.

Many products claim to do many things. The effectiveness of many of them is dubious and is always reliant on not only correct configuration by the user (admin) but also ongoing maintenance. These are two critical aspects of an admin's job.

 

If you think it's safe to assume that router/switch/firewall/IDS/IPS/FAPS products from multinational network corporations can be relied upon for anything without ongoing scrutiny of the product for bugs/holes/flaws/missing features/poorly implemented features then you're kidding yourself.

 

At the end of the day you can have all the hardware or software-based protection in the world but someone will still eventually compromise the network and a [skilled] human will need to be there to deal with it.

Share this post


Link to post
Share on other sites

Im not sure what kind of business environment you have been exposed to. But where I work, I dont have free reign over a budget to decide what we will be buying next, or have endless hours to analyse packets and scour forums for the latest exploits to second guess the moves of would be intruders. I get given hardware that is to be installed and configured to specification. N+ or CCNA/P courses teach you how to configure and play with out of the box hardware. Not code crunch and battle with hackers. Those jobs go to Computer Science Majors from MIT working for companies like Cisco or Checkpoint who design software, hardware and protocols then onsell it as intrusion prevention packages to big business for millions of dollars. Any system admin will tell you this.

Many products claim to do many things. The effectiveness of many of them is dubious and is always reliant on not only correct configuration by the user (admin) but also ongoing maintenance. These are two critical aspects of an admin's job.

 

If you think it's safe to assume that router/switch/firewall/IDS/IPS/FAPS products from multinational network corporations can be relied upon for anything without ongoing scrutiny of the product for bugs/holes/flaws/missing features/poorly implemented features then you're kidding yourself.

 

At the end of the day you can have all the hardware or software-based protection in the world but someone will still eventually compromise the network and a [skilled] human will need to be there to deal with it.

 

read the second paragraph of my comment, the one you didnt include

Share this post


Link to post
Share on other sites

@Yolbit what kind of network do you moderate and what kind of information does it contain?

I work for a major television network, around 4 thousand users nation wide, although I deal directly with my state only. Most importantly, at the broadcast centre where I work we have an array of broadcast encoders, transcoders and various systems that put TV to air. These are tightly locked down although they are potentially "hackable" I suppose. If they were comprimised it could put the TV to black and bring the network to its knees. Although we're talking a network with hundreds of VLANs, serveral WANs, VPNs and several firewalls within our building. Even as a SA I find it hard to get where I need to go sometimes.

 

My original point was, I think a lot of people imagine system administration as some kind of epic struggle between SA and hacker. It's really not. We get hundreds of attacks a week, nothing gets through. Logs and logs of failed authentications to RSA, FTP, SSH servers (the only things accessable externally). Often we track down their IPs and send them to the legal team. But what more can be done? In a REAL business enviroment a SA looks after A LOT more than just intrusion prevention. Therefor we don't spend days dreaming up new methods to keep the place secure. You have your fundamental ports and protocols that are open (kinda), everything else is locked the feck down. This is all done by hardware that was purchased by the bosses and installed by myself or my colleagues, they get the rudamentary workover whenever a new service or protocol needs to be put into action - it gets tested then put into production.

 

My point is, if I spent all day looking for bugs and flaws in the hardware and software I'd get fired. I have a lot more things that need looking after. We run a tight ship, like most corporate businesses do these days. And usually yes, a lot of SAs dont know much about hacking. I know a little, but I'm certainly no hacker. But the hardware and software solutions that are purchased by enterprise businesses do the job fine.

 

We had a pen tester come in last year and look at our network. He plugged in to a wall point and off he went. He managed to get in to a couple of SQL databases, an application server (not as an admin) and a few file server directories that weren't locked down. He's probably off on a forum not unlike this one talking about how l33t he is and how the all the SAs he comes across are clueless. But he, like most people dont understand that an SA's job entails more than preventing the system from being hacked (in fact its only a tiny part of it). The sheer scale of a business network means there is ALWAYS going to be holes no matter how diligent the SA is at plugging them.

 

Everyone has an opinion, very few people actually work in the industry. I stand by my first comment as I look at the girls in sales.

Share this post


Link to post
Share on other sites

We had a pen tester come in last year and look at our network. He plugged in to a wall point and off he went. He managed to get in to a couple of SQL databases, an application server (not as an admin) and a few file server directories that weren't locked down. He's probably off on a forum not unlike this one talking about how l33t he is and how the all the SAs he comes across are clueless. But he, like most people dont understand that an SA's job entails more than preventing the system from being hacked (in fact its only a tiny part of it). The sheer scale of a business network means there is ALWAYS going to be holes no matter how diligent the SA is at plugging them.

I'd be surprised if there were many proper security experts that weren't also sysadmins to begin with. Not just people that call themselves experts, the proper ones.

 

Frankly, some of your comments make you sound like a stuck up douche - "He's probably off on a forum not unlike this one talking about how l33t he is and how the all the SAs he comes across are clueless".

You just sounds pissed off cause he caught you out.

Share this post


Link to post
Share on other sites

We had a pen tester come in last year and look at our network. He plugged in to a wall point and off he went. He managed to get in to a couple of SQL databases, an application server (not as an admin) and a few file server directories that weren't locked down. He's probably off on a forum not unlike this one talking about how l33t he is and how the all the SAs he comes across are clueless. But he, like most people dont understand that an SA's job entails more than preventing the system from being hacked (in fact its only a tiny part of it). The sheer scale of a business network means there is ALWAYS going to be holes no matter how diligent the SA is at plugging them.

I'd be surprised if there were many proper security experts that weren't also sysadmins to begin with. Not just people that call themselves experts, the proper ones.

 

Frankly, some of your comments make you sound like a stuck up douche - "He's probably off on a forum not unlike this one talking about how l33t he is and how the all the SAs he comes across are clueless".

You just sounds pissed off cause he caught you out.

 

Thanks for the constructive comments. No I'm not pissed at all, the fact that we hired a professional "white hat hacker" and all he managed to do was get into some SQL databases from within the network to begin with, thats not from the internet in, plugging in to a LAN port and going from there, is not that bad of a result.

 

And by the way... the people that sound like stuck up douches are the ones inferring that I know nothing about my job, while they sit at home all day masterbating to upskirts, and argue a point, to which they have no experience, or know little about.

Share this post


Link to post
Share on other sites

@ Yolbit my " GTFO" wasn't directed at you in anyway if you think it was. It was directed at the many SA that dont do there job and there are plenty of people out there that can do a better one then them. At no point have I big noted myself saying that im leet. Im simply stating what "I've" done and experienced that can be seen in the post above. With a network that large I'm not surprised that its locked down like you say and im completely agree on your point about you've got better things to do because I know you do. I do it for 10 hours a day aswell!

 

 

 

My point was though is that SA's still need to come to there job with security in mind and try to have a decent knowledge base about it. I know an SA from tafe who now works for a Huge bank headquarters in Brisbane he dosent even know how to remove a virus manually or track malicious software down on there network and yet they pay him his 75k a year for trouble shooting word, outlook and share point.

 

 

Hes got it pretty sweet

Share this post


Link to post
Share on other sites

@ Yolbit my " GTFO" wasn't directed at you in anyway if you think it was. It was directed at the many SA that dont do there job and there are plenty of people out there that can do a better one then them. At no point have I big noted myself saying that im leet. Im simply stating what "I've" done and experienced that can be seen in the post above. With a network that large I'm not surprised that its locked down like you say and im completely agree on your point about you've got better things to do because I know you do. I do it for 10 hours a day aswell!

 

 

 

My point was though is that SA's still need to come to there job with security in mind and try to have a decent knowledge base about it. I know an SA from tafe who now works for a Huge bank headquarters in Brisbane he dosent even know how to remove a virus manually or track malicious software down on there network and yet they pay him his 75k a year for trouble shooting word, outlook and share point.

 

 

Hes got it pretty sweet

you're right, i dont mean to be argumentative, but i think i was. perhaps i take for granted that I work in a building with competent technicians, and that some out there arent so good at their jobs.

 

my initial comment was only a joke really (there are some fucking hot sales girls at my work though). I just get sick of hearing about hacking, thats all anyone asks me about when I say im a system admin... much love mudg3

Share this post


Link to post
Share on other sites

Yolbit, I never meant to offend by my original comments and I apologise if it came across that way.

 

I do however believe there is more to doing a Sysadmin role (focusing in networks and security) than setting up a few pieces of hardware and letting them run without knowing why it is setup like it is. If doing some reading and getting your hands dirty in the beginning helps to understand the why, then I'm all for it.

Edited by Chancellor

Share this post


Link to post
Share on other sites

you're right, i dont mean to be argumentative, but i think i was. perhaps i take for granted that I work in a building with competent technicians, and that some out there arent so good at their jobs.

 

my initial comment was only a joke really (there are some fucking hot sales girls at my work though). I just get sick of hearing about hacking, thats all anyone asks me about when I say im a system admin... much love mudg3

 

I get sick of hearing from people who know nothing about it or worse the office hero who thinks he knows more then me and tells me how to do my job you should have heard the shit coming out of his mouth when conflicker was out. I eventully got so sick of him I just told him "there is a reason why Im the one working in I.T and your the one employed as a cold calling sales guy". You are a lucky bugger with competent technicians because they are hard to find. I find it hard with the people im surrounded with now. As they all just talk shit all day and are just really fan-boys so once i finish my study which I'm doing part time I'll be looking for some decent work in Brisbane where I might find some place I might fit in. :)

Share this post


Link to post
Share on other sites

N+ or CCNA/P courses teach you how to configure and play with out of the box hardware. Not code crunch and battle with hackers. Those jobs go to Computer Science Majors from MIT working for companies like Cisco or Checkpoint who design software, hardware and protocols then onsell it as intrusion prevention packages to big business for millions of dollars. Any system admin will tell you this.

I don't agree with that. I am sure a lot of people without degrees but years of industry skill and experience would shit over most uni graduates in security.

It's one thing to read about it in books, it's another to actually get your hands dirty with it.

 

 

Doing IT at uni is not just reading books. The issue isn't the academic nature of university study for IT, as IT degrees are very practical. The issue is that a person with an IT degree doesn't necessarily have a technical IT degree. A lot of people go through and do majors like Information Systems, which are great if you want to do things on that level, but don't give you an intimate knowledge of the lower level of computer systems. In the end though, they still have a Bachelor of Information Technology.

 

Then there's a lot of formal practice which you learn at Uni which isn't taught through experience. Experience is a good alternative too it, unless you assume your experience is automatically better than my formal methodology.

 

So in the same way that people in the industry don't tend to like graduates with all the schmancy education, we can get frustrated with "experienced" professionals who are convinced they are right and refused to listen to us.

 

I'll agree that not all university IT graduates are capable at security systems, but neither are a lot of experienced industry professionals, even if they think they are.

Share this post


Link to post
Share on other sites

Doing IT at uni is not just reading books. The issue isn't the academic nature of university study for IT, as IT degrees are very practical. The issue is that a person with an IT degree doesn't necessarily have a technical IT degree. A lot of people go through and do majors like Information Systems, which are great if you want to do things on that level, but don't give you an intimate knowledge of the lower level of computer systems. In the end though, they still have a Bachelor of Information Technology.

 

Then there's a lot of formal practice which you learn at Uni which isn't taught through experience. Experience is a good alternative too it, unless you assume your experience is automatically better than my formal methodology.

 

So in the same way that people in the industry don't tend to like graduates with all the schmancy education, we can get frustrated with "experienced" professionals who are convinced they are right and refused to listen to us.

 

I'll agree that not all university IT graduates are capable at security systems, but neither are a lot of experienced industry professionals, even if they think they are.

 

Very good point Nagchampa.

Share this post


Link to post
Share on other sites

I'll agree that not all university IT graduates are capable at security systems, but neither are a lot of experienced industry professionals, even if they think they are.

I'll agree too, which was the point of my comment.

Blanket comments are not doing anyone favours.

Share this post


Link to post
Share on other sites

read the second paragraph of my comment, the one you didnt include

I quoted the second paragraph of your post.

 

I didn't quote the others as I had nothing to add to them.

 

My general point is that it's not the job of the vendor/manufacturer alone to secure (and to expect much reasonable assistance from them is unrealistic).

 

Its now Cisco VS Hacker while the system admin has a cup of coffee

If that were all it came down to we'd be well screwed by now :-)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×