Using CT, how easy or otherwise is it to bring down or attack vital systems? Depends on how you define CT, or vital. It really also depends on how savvy the sysadmin is, and the type of technology you use. It could be as simple as using a script off a Web site, or with physical access to the machines, playing games with them, etc. Filling a disk with plastique, and then putting it into a drive with a mechanism inside to scratch a match across a piece of sandpaper when the disk is spun (mounted) is an example of a low-grade approach... RE: What sort of skills would be needed to do so, and are they common/teachable? Depends on the exploit. Kitchen chemistry for physical attacks, how to operate a backhoe for infrastructure physical attacks on cables, network administration courses, books from any computer dealer, a copy of said system, scripts, security advisories. They're definitely teachable in the sense that once a technique is found it can be handed down. Having people with the right monkey mind to find the holes is something else. RE: Commercial-off-the-shelf software: can it really do CT? Sure. Depends on how it's used. FORMAT.COM comes with Windows - it can reformat a hard drive. RE: Which systems are actually attackable? Anything. RE: Can a recovery be made from such attacks? Depends: do you have backups? Sometimes not; if someone diverts info from your system, you'll never get it. RE: Is it likely to improve/get worse? Worse. RE: What sort of preventitive work would you recommend them to carry out? Get rid of all insecure code. Do a code audit. Prevent physical access to all machines and cables to and from said machines. Change passwords frequently, make them long, and refuse standard english words. REMOVE THE DEFAULT PASSWORD. Hire some hackers to try and break in. Keep on top of security bulletins.
Slashdot Mirror
Using CT, how easy or otherwise is it to bring down or attack vital systems? Depends on how you define CT, or vital. It really also depends on how savvy the sysadmin is, and the type of technology you use. It could be as simple as using a script off a Web site, or with physical access to the machines, playing games with them, etc. Filling a disk with plastique, and then putting it into a drive with a mechanism inside to scratch a match across a piece of sandpaper when the disk is spun (mounted) is an example of a low-grade approach... RE: What sort of skills would be needed to do so, and are they common/teachable? Depends on the exploit. Kitchen chemistry for physical attacks, how to operate a backhoe for infrastructure physical attacks on cables, network administration courses, books from any computer dealer, a copy of said system, scripts, security advisories. They're definitely teachable in the sense that once a technique is found it can be handed down. Having people with the right monkey mind to find the holes is something else. RE: Commercial-off-the-shelf software: can it really do CT? Sure. Depends on how it's used. FORMAT.COM comes with Windows - it can reformat a hard drive. RE: Which systems are actually attackable? Anything. RE: Can a recovery be made from such attacks? Depends: do you have backups? Sometimes not; if someone diverts info from your system, you'll never get it. RE: Is it likely to improve/get worse? Worse. RE: What sort of preventitive work would you recommend them to carry out? Get rid of all insecure code. Do a code audit. Prevent physical access to all machines and cables to and from said machines. Change passwords frequently, make them long, and refuse standard english words. REMOVE THE DEFAULT PASSWORD. Hire some hackers to try and break in. Keep on top of security bulletins.