Learning is paramount to any endeavor, and I can't think of a better way of learning than to practice what you need to learn. Training goes a long way toward any effort, but I think we all know that without adequate application, training is all for nothing. So how can you learn more security skills, flex your current security skills, and put these skills to the test in a reasonable fashion? One of the best ways to learn security is to practice cracking networks and computer systems.
I often remind people that to defeat the intruder, you must think like the intruder. And the only way to think like the intruder is to do as the intruder does, which is to practice, practice, and practice. And although you can easily set up one system (or a complete test network) to practice your security skills and test your security implementations, that approach isn't always the best way to learn new skills or to flex what you've already learned. Many factors come into play—for example, the cost of a test environment might be prohibitive, and chances are any test configurations you develop won't represent a broad enough real-world scenario to maximize the gain in knowledge. So how can you maximize the potential to learn without maximizing your cost at the same time?
An answer comes easily now, thanks to a few relatively new Internet sites. As you probably know, Microsoft has a new Windows 2000 (Win2K) test network online where anyone can attempt to crack into the infrastructure. In addition, LinuxPPC launched a test site, where people can attempt to crack a LinuxPPC-based network. And now, as you'll learn in this issue of Security UPDATE, PCWeek has joined the fold, offering two of its networks for penetration testing against either the Windows NT or Linux OSs. So now, four different networks exist (two Linux-based, one NT-based, and one Win2K-based) that are open to the public for almost any type of cracking effort.
Few things are as satisfying as making a significant gain using free resources, and the learning opportunity is ripe for the picking at no cost to you. Even though you might have a test environment for your security cracking endeavors, you can put your cracking skills to the test on someone else's network—and without any risk of being arrested for doing so. That's always good to know if you enjoy your freedom as much as I do.
The benefits of these free resources are numerous. For example, everyone's cracking efforts will lead to more secure OSs and networking environments across the board, and therefore, the computing community at large will indirectly reward your efforts down the road. In addition, you can benefit from testing your skills against networks that you know little or nothing about, which is essentially the same perspective crackers have when they approach a given target. So, if you want to stand in an intruder's shoes for a while (and you should if you're serious about becoming adept at information security), test your cracking skills against these publicly accessible systems. This opportunity is great for learning more about information security without jeopardizing anything in the process. And because LinuxPPC and PCWeek offer significant rewards for any successful cracking attempts (as detailed in the story below), the reasons for taking advantage of these opportunities quickly outnumber those that don’t. I strongly urge you to use these network resources to improve your overall security skills. The worst that can happen is that you might wind up thinking more like an intruder—and to keep them at bay, you've got to achieve that anyway, so why not? Until next time, have a great week.http://www.windows2000test.com