Here here, Paul.

Worried your test network isn't "real" enough? Make it better! Throw in IDS,
patch management, whatever.

As Paul suggested, get your buddies involved. I've seen workshops where people
are designated "attacker" and "defender", objectives are obvious.

If kids / pro's aren't smart enough to realise the benefits of this kind of
exercise, they really have no business being in our trade.

I'm with Paul. I don't care *who* you are or how ethical you *think* you are,
it's not ethical to break into someone else's computer system without
authorization for whatever reason, and you should be prosecuted for it.

There are ample tools out there to setup a test network ranging from FOSS
tools like QEMU and commercial stuff like VMWare etc.

There's no excuse.

Max
> Oh, well that gives me great comfort. Never mind that I can be prosecuted
> for the breakin because I've violated a law such as GLB, HIPAA, etc. by
> "allowing" a breakin. I'm glad your friends are so "ethical". If you only
> think about what's in it for you, you'll always be slanted toward violating
> the law. Try thinking about the poor victim whose systems you're breaking
> in to. Put yourself in their shoes and ask yourself, how would I feel if I
> discovered that someone had entered my systems without my knowledge? Or
> bettter yet, how about if I reach in your pocket and take the keys to your
> car, take it out for a spin, then return it? Are you OK with that? No
> hard feelings?
>
> Paul Schmehl (pauls (at) utdallas (dot) edu [email concealed])
> Adjunct Information Security Officer
> University of Texas at Dallas
> AVIEN Founding Member
> http://www.utdallas.edu/ir/security/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQBD9KwlkhbPZHlRz4MRAnIXAJ9jnLbPl+6EWbBvUdG55FXbzo7RrACfTdCr
FOZXooEiiv9Lob0O80EyQS8=
=/2Zx
-----END PGP SIGNATURE-----

[ reply ]