Hacking Exposed Chat Session Transcript

from Tony Bradley, CISSP, MCSE2k, MCSA, A+

Page 2

<HE-Kurtz> Maybe... the big issue is fale postives.

<HE-Kurtz> If you react to false postives and block something, you creat denial of service issues

<HE-Kurtz> The technology will have to get better in the comming years to try to address this major issue

<HE-Kurtz> that is false positives... sorry fast on the keyboard today.

<netsecurityadm> the technologies seem to merge and overlap some between the IDS, IPS, firewall- maybe one super combo application will come out to handle it all?

<HE-Kurtz> A super device is the dream of many vendors. I just don't see anyone there yet.

<Simo> Kurtz, how long do you think when IPv8 will replace IPv6?

<HE-Kurtz> No clue... I don't know much about V8, I think we need to work on V6 first. That will take a long time as well

<Simo> all the subnetting is taking up all the v6 addressing though

<Simo> some colleges are using ipv8 i hear

<netsecurityadm> are you sure you're not confusing V4 and V6?

<Simo> hmmm

<Simo> well im a newbie

<Simo> so i wouldnt know

<netsecurityadm> V4 is the current ""standard"" and V6 is the new standard being rolled out

<HE-Kurtz> I never heard of V8, but that doesn't mean it isn't a draft

<Simo> ;-)

<Simo> ohhhh

<Simo> thanks i messed up

<netsecurityadm> V6 will help to expand the address pool

<Simo> mixed up my numbers heh

<netsecurityadm> no problem

<Simo> v6 is hex? correct?

<netsecurityadm> I am not that much of a V6 expert- I just know the high level concept behind the new version

<HE-Kurtz> V6 allows for many more addresses and has much better security

<Charlie> how does it provide better security, v6 is just a climb in the number of ips available?

<HE-Kurtz> Authentication and encryption

<netsecurityadm> and you are correct that V6 is being used in some places currently. it is available, but it will take a long time until all V4 devices are replaced

<Charlie> I'm sorry can you explain the connectivity between v6 ip addressing and authentication and encryption

<HE-Kurtz> I am not an expert on v6...

<HE-Kurtz> google ip v6 ; )

<HE-Kurtz> www.ipv6.org

<Charlie> ok cheers

<netsecurityadm> Aside from your own books, what one book would you say is a "must read" for those in information security?

* Simo MOTIONS/notsure.gif

<HE-Kurtz> special ops - from Erik Birkholz [edit] Special Ops: Internal Network Security Guide [/edit]

<netsecurityadm> any particular reason? is it just well-written or does it offer some unique perspective or information that isn't found in other books?

<HE-Kurtz> Great authors and covers a lot of topics

<Charlie> Have you come across the software UPLINK and what are your views on this type of software

<HE-Kurtz> I don't have any experience with it

<netsecurityadm> Charlie- what is Uplink? What is its function?

<Charlie> Allegedly it is a game, but one that teaches users how to bypass logging/proxies and the like

<Charlie> you are given tasks like changing social security numbers, hacking into banks

<Charlie> it teaches you about hacking tools for covering your tracks

<Charlie> etc etc

<netsecurityadm> hhmmm. there are a number of ""wargames"" sites out there that let you test out your hacking skills on a real server

<netsecurityadm> I have not heard of that one though

<netsecurityadm> Mr. Kurtz- do you get many people complaining that books like Hacking Exposed teach people how to be hackers more than they help us defend against them?

<HE-Kurtz> No. In fact, people are very happy that we put info out to help them protect their own systems

<netsecurityadm> I agree completely. Have you followed any of the recent debate about the new malware class at the University of Calgary?

<Charlie> I agree. It is better to understand the attack when trying to stop it rather than just instigating a patch.

<HE-Kurtz> I only saw some brief info on it. What do you think?

<netsecurityadm> I agree with the University. I think that, similar to the concept of your books, we need to teach exactly how the malicious code writers do what they do so we can better understand how to defend against it

<Guest503> i read about dostracker in your book, but it is no longer on the web anywhere. was that tool removed by MCI? if so, are there any good tools for tracking spoofed attacks?

<HE-Kurtz> Outside of that one, I don't know of any others

<netsecurityadm> The AV community is always in a reactive posture- they can't develop the vaccine until the virus is out so the malicious code writers get the first move.

<netsecurityadm> What do you feel is the area in most need of improvement for corporate information security?

<HE-Kurtz> Education

<HE-Kurtz> If you can just educate people, it would help 10 fold in keeping down break-ins