lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ELEOLHOJFMBPBFCJHOCIEEAPDMAA.aditya.deshmukh@online.gateway.technolabs.net>
From: aditya.deshmukh at online.gateway.technolabs.net (Aditya, ALD [Aditya Lalit Deshmukh])
Subject: Where to start

> 
> Does a good security-officer have to know everything about every hole? I
> myself don't think so, but where do people start?

security officer is more of a complience officer, he makes sure that all the users, admin and  other it staff stick to the policies created.

 
> If I see lists and forums about network-security it seems that everybody
> knows a lot and has a huge reference base. Is this true?

this is a mirage, people can make statements based on they find something they find in google and can appear all knowing ( this is a good method for finding info but it can be abused ), like they say little knowledge is a dangerous thing.... google is a dangerous thing. usless used properly  
 
> I want to learn more about security stuff, but I can't find the real
> basics to build upon anywhere. When there are posts on lists they
> presume that everybody has a certain knowledge level and are aware of
> best practices. But is this true?

to start the basics some of the more experienced members of this list will point you out just the right sources but take all the advice with a grain of salt.

> Just because there are discussions, it seems that there is not one
> overall and central way of keeping track of evolving issues. How do
> people keep track easily with up to date best practices and not get
> distracted by "old" advisory?

discussion is a good way to keep currunt and adapt your existing infrastructure for the latest threats



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ