Here here, Paul. Worried your test network isn't "real" enough? Make it better! Throw in IDS, patch management, whatever. As Paul suggested, get your buddies involved. I've seen workshops where people are designated "attacker" and "defender", objectives are obvious. If kids / pro's aren't smart enough to realise the benefits of this kind of exercise, they really have no business being in our trade. I'm with Paul. I don't care *who* you are or how ethical you *think* you are, it's not ethical to break into someone else's computer system without authorization for whatever reason, and you should be prosecuted for it. There are ample tools out there to setup a test network ranging from FOSS tools like QEMU and commercial stuff like VMWare etc. There's no excuse. Max > Oh, well that gives me great comfort. Never mind that I can be prosecuted > for the breakin because I've violated a law such as GLB, HIPAA, etc. by > "allowing" a breakin. I'm glad your friends are so "ethical". If you only > think about what's in it for you, you'll always be slanted toward violating > the law. Try thinking about the poor victim whose systems you're breaking > in to. Put yourself in their shoes and ask yourself, how would I feel if I > discovered that someone had entered my systems without my knowledge? Or > bettter yet, how about if I reach in your pocket and take the keys to your > car, take it out for a spin, then return it? Are you OK with that? No > hard feelings? > > Paul Schmehl (pauls@xxxxxxxxxxxx) > Adjunct Information Security Officer > University of Texas at Dallas > AVIEN Founding Member > http://www.utdallas.edu/ir/security/
Attachment:
pgpM06vuSpLK5.pgp
Description: PGP signature