Security Software

Discussion in 'Cisco' started by Joe Sumbody, Apr 20, 2004.

  1. Joe Sumbody

    Joe Sumbody Guest

    hello, i have just started reading this news group and i find a lot of
    useful information. i cant help but notice the number of questions regarding
    firewalls and network security and i notice a lot of helpful replies to
    these questions. all of these posts make me ask the question, how do you
    know if the person posting the security question has a genuinely innocent
    purpose for the question or a malicious reason? i see a lot of posts asking
    what i consider basic questions about network security, so it heightens my
    sense that there may be more than the apparently innocent purpose to the
    question.

    it could be that i am a paranoid network engineer with a cynical view or i
    am just a very careful and concerned person. i'm sure most of you could
    argue believing both ways. i just can't see us professionals trying to build
    secure and reliable networks giving away the keys to the kingdom.

    thanks for reading this far down,
    Joe
    Joe Sumbody, Apr 20, 2004
    #1
    1. Advertising

  2. In article <>,
    Joe Sumbody <> wrote:
    :hello, i have just started reading this news group and i find a lot of
    :useful information. i cant help but notice the number of questions regarding
    :firewalls and network security and i notice a lot of helpful replies to
    :these questions. all of these posts make me ask the question, how do you
    :know if the person posting the security question has a genuinely innocent
    :purpose for the question or a malicious reason? i see a lot of posts asking
    :what i consider basic questions about network security, so it heightens my
    :sense that there may be more than the apparently innocent purpose to the
    :question.

    We never know what use someone is going to put information to. However,
    in matters such as "how do I reset the password", the information
    is easily found via Google anyhow, and physical access is always required,
    so we fall back on the truism that if a person has physical access
    there's not much we could do to stop them anyhow.

    When someone asks a suspicious question such as about how to -remotely-
    reset passwords, or how to exploit a hole, or how to DoS someone, then
    there are not many people on the newsgroup who would answer with
    useful information. I know that in -some- newsgroups (or other electronic
    fora), "Information wants to be free" and one is expected to spill one's
    guts about exactly how to break in leaving as few traces as possible.
    Fortunately, that isn't the culture of this newsgroup: when we have
    doubts about intentions, we usually ask for more details, which at
    the very least forces the person to come up with a better "story".


    It is possible that there has been people who have been "social
    engineering" information out of us. If they're good enough at it, we
    might never know. I have enough on my mind already without thinking
    overmuch about trying to make people prove that they are who they say
    they are and that they want the information for innocent purposes. It's
    the cost of trust, just as in any "real-world" interaction. ("Why did
    my regular waitress ask me how my job was going? Is she a plant from a
    rival company trying to scam information out of me?!?" Is she just
    trying to get a bigger tip? Is it just some meaningless flirting? Is
    she hinting she wants an affair?")
    --
    "No one has the right to destroy another person's belief by
    demanding empirical evidence." -- Ann Landers
    Walter Roberson, Apr 20, 2004
    #2
    1. Advertising

  3. Joe Sumbody

    Hansang Bae Guest

    In article <>,
    says...
    > hello, i have just started reading this news group and i find a lot of
    > useful information. i cant help but notice the number of questions regarding
    > firewalls and network security and i notice a lot of helpful replies to
    > these questions. all of these posts make me ask the question, how do you
    > know if the person posting the security question has a genuinely innocent
    > purpose for the question or a malicious reason? i see a lot of posts asking
    > what i consider basic questions about network security, so it heightens my
    > sense that there may be more than the apparently innocent purpose to the
    > question.
    >
    > it could be that i am a paranoid network engineer with a cynical view or i
    > am just a very careful and concerned person. i'm sure most of you could
    > argue believing both ways. i just can't see us professionals trying to build
    > secure and reliable networks giving away the keys to the kingdom.
    >
    > thanks for reading this far down,


    Because Usenet is the ultimate peer-review. After a while, you even
    recognize people's writing styles. For example, I can pick out Walter's
    posts from Barry's post from Vincent's post (and other expert's like Dan
    Lanciani etc.) w/o reading the headers. Once you read the group for a
    while, you'll get to know who's post is a *must read*.


    --

    hsb

    "Somehow I imagined this experience would be more rewarding" Calvin
    *************** USE ROT13 TO SEE MY EMAIL ADDRESS ****************
    ********************************************************************
    Due to the volume of email that I receive, I may not not be able to
    reply to emails sent to my account. Please post a followup instead.
    ********************************************************************
    Hansang Bae, Apr 20, 2004
    #3
  4. In article <>,
    Hansang Bae <> wrote:
    :In article <>,
    :says...
    :> these questions. all of these posts make me ask the question, how do you
    :> know if the person posting the security question has a genuinely innocent
    :> purpose for the question or a malicious reason?

    :Because Usenet is the ultimate peer-review. After a while, you even
    :recognize people's writing styles.

    Hansang, your reply looked more like you were answering the question
    "How do you know you can trust the replies not to be malicious?",
    whereas I believe the question was "How do you know the question is not
    secretly malicious? And thus how do you know whether to trust that
    the person will not misuse the answer?"
    --
    Are we *there* yet??
    Walter Roberson, Apr 20, 2004
    #4
  5. Joe Sumbody

    Hansang Bae Guest

    In article <c62igm$mpg$>, -
    cnrc.gc.ca says...
    > Hansang, your reply looked more like you were answering the question
    > "How do you know you can trust the replies not to be malicious?",
    > whereas I believe the question was "How do you know the question is not
    > secretly malicious? And thus how do you know whether to trust that
    > the person will not misuse the answer?"


    I didn't even read it carefully. But to answer this question, anyone
    that has to resort to posting on c.d.s.c to get a "backdoor secret" to
    any networks doesn't scare me! It just means the guy can't even read
    the right newsgroups and can't use a search engine! :)


    --

    hsb

    "Somehow I imagined this experience would be more rewarding" Calvin
    *************** USE ROT13 TO SEE MY EMAIL ADDRESS ****************
    ********************************************************************
    Due to the volume of email that I receive, I may not not be able to
    reply to emails sent to my account. Please post a followup instead.
    ********************************************************************
    Hansang Bae, Apr 21, 2004
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. AM
    Replies:
    4
    Views:
    719
  2. Replies:
    0
    Views:
    617
  3. COMSOLIT Messmer

    IT-Security, Security, e-security

    COMSOLIT Messmer, Sep 5, 2003, in forum: Computer Support
    Replies:
    0
    Views:
    562
    COMSOLIT Messmer
    Sep 5, 2003
  4. John
    Replies:
    0
    Views:
    1,131
  5. Jim Watt
    Replies:
    0
    Views:
    577
    Jim Watt
    Apr 27, 2008
Loading...

Share This Page