Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: NANOG: users

lawful intercept/IOS at BlackHat DC, bypassing and recommendations

  

 
NANOG users RSS feed   Index | Next | Previous | View Threaded


ge at linuxbox

Feb 4, 2010, 12:19 PM

Post #1 of 22 (3072 views)
Permalink
lawful intercept/IOS at BlackHat DC, bypassing and recommendations
"That peer-review is the basic purpose of my Blackhat talk and the
associated paper. I plan to review Cisco’s architecture for lawful
intercept and explain the approach a bad guy would take to getting
access without authorization. I’ll identify several aspects of the
design and implementation of the Lawful Intercept (LI) and Simple
Network Management Protocol Version 3 (SNMPv3) protocols that can be
exploited to gain access to the interface, and provide recommendations
for mitigating those vulnerabilities in design, implementation, and
deployment."

More here:
http://blogs.iss.net/archive/blackhatlitalk.html

Gadi.



--
Gadi Evron,
ge [at] linuxbox

Blog: http://gevron.livejournal.com/


morrowc.lists at gmail

Feb 4, 2010, 12:27 PM

Post #2 of 22 (3023 views)
Permalink
Re: lawful intercept/IOS at BlackHat DC, bypassing and recommendations [In reply to]
On Thu, Feb 4, 2010 at 3:19 PM, Gadi Evron <ge [at] linuxbox> wrote:
>
> "That peer-review is the basic purpose of my Blackhat talk and the associated paper. I plan to review Cisco’s architecture for lawful intercept and explain the approach a bad guy would take to getting access without authorization. I’ll identify several aspects of the design and implementation of the Lawful Intercept (LI) and Simple Network Management Protocol Version 3 (SNMPv3) protocols that can be exploited to gain access to the interface, and provide recommendations for mitigating those vulnerabilities in design, implementation, and deployment."


this seems like much more work that matt blaze's work that said: "Just
send more than 10mbps toward what you want to sneak around... the
LEA's pipe is saturated so nothing of use gets to them"

<http://www.crypto.com/blog/calea_weaknesses/>

Also, cisco publishes the fact that their intercept caps out at 15kpps
per line card, so... just keep a steady 15kpps and roll on.

-chris


morrowc.lists at gmail

Feb 4, 2010, 12:28 PM

Post #3 of 22 (3021 views)
Permalink
Re: lawful intercept/IOS at BlackHat DC, bypassing and recommendations [In reply to]
(of course for any LEA that really cares they'll just order a phyiscal
tap, and provision things properly)


tvarriale at comcast

Feb 4, 2010, 1:44 PM

Post #4 of 22 (3035 views)
Permalink
Re: lawful intercept/IOS at BlackHat DC, bypassing and recommendations [In reply to]
Would you mind passing along a source/link on the 15kpps? I haven't seen
that number yet.

tv
----- Original Message -----
From: "Christopher Morrow" <morrowc.lists [at] gmail>
To: "Gadi Evron" <ge [at] linuxbox>
Cc: "NANOG" <nanog [at] nanog>
Sent: Thursday, February 04, 2010 2:27 PM
Subject: Re: lawful intercept/IOS at BlackHat DC, bypassing and
recommendations


On Thu, Feb 4, 2010 at 3:19 PM, Gadi Evron <ge [at] linuxbox> wrote:
>
> "That peer-review is the basic purpose of my Blackhat talk and the
> associated paper. I plan to review Cisco’s architecture for lawful
> intercept and explain the approach a bad guy would take to getting access
> without authorization. I’ll identify several aspects of the design and
> implementation of the Lawful Intercept (LI) and Simple Network Management
> Protocol Version 3 (SNMPv3) protocols that can be exploited to gain access
> to the interface, and provide recommendations for mitigating those
> vulnerabilities in design, implementation, and deployment."


this seems like much more work that matt blaze's work that said: "Just
send more than 10mbps toward what you want to sneak around... the
LEA's pipe is saturated so nothing of use gets to them"

<http://www.crypto.com/blog/calea_weaknesses/>

Also, cisco publishes the fact that their intercept caps out at 15kpps
per line card, so... just keep a steady 15kpps and roll on.

-chris


Crist.Clark at globalstar

Feb 4, 2010, 2:26 PM

Post #5 of 22 (3017 views)
Permalink
Re: lawful intercept/IOS at BlackHat DC, bypassing and recommendations [In reply to]
>>> On 2/4/2010 at 12:27 PM, Christopher Morrow
<morrowc.lists [at] gmail> wrote:
> On Thu, Feb 4, 2010 at 3:19 PM, Gadi Evron <ge [at] linuxbox> wrote:
>>
>> "That peer-review is the basic purpose of my Blackhat talk and the
associated
> paper. I plan to review Cisco’s architecture for lawful intercept
and explain
> the approach a bad guy would take to getting access without
authorization.
> I’ll identify several aspects of the design and implementation of
the Lawful
> Intercept (LI) and Simple Network Management Protocol Version 3
(SNMPv3)
> protocols that can be exploited to gain access to the interface, and
provide
> recommendations for mitigating those vulnerabilities in design,
> implementation, and deployment."
>
>
> this seems like much more work that matt blaze's work that said:
"Just
> send more than 10mbps toward what you want to sneak around... the
> LEA's pipe is saturated so nothing of use gets to them"

The Cross/XForce/IBM talk appears more to be about unauthorized
access to communications via LI rather than evading them,

"...there is a risk that [LI tools] could be hijacked by third
parties and used to perform surveillance without authorization."

Of course, this has already happened,

http://en.wikipedia.org/wiki/Greek_telephone_tapping_case_2004-2005


morrowc.lists at gmail

Feb 4, 2010, 2:42 PM

Post #6 of 22 (3019 views)
Permalink
Re: lawful intercept/IOS at BlackHat DC, bypassing and recommendations [In reply to]
On Thu, Feb 4, 2010 at 5:26 PM, Crist Clark <Crist.Clark [at] globalstar> wrote:

>> this seems like much more work that matt blaze's work that said:
> "Just
>> send more than 10mbps toward what you want to sneak around... the
>> LEA's pipe is saturated so nothing of use gets to them"
>
> The Cross/XForce/IBM talk appears more to be about unauthorized
> access to communications via LI rather than evading them,
>
>  "...there is a risk that [LI tools] could be hijacked by third
>   parties and used to perform surveillance without authorization."
>
> Of course, this has already happened,

right... plus the management (for cisco) is via snmp(v3), from
(mostly) windows servers as the mediation devices (sad)... and the
traffic is simply tunneled from device -> mediation -> lea .... not
necessarily IPSEC'd from mediation -> LEA, and udp-encapped from
device -> mediation server.

>  http://en.wikipedia.org/wiki/Greek_telephone_tapping_case_2004-2005

yea, good times... that's really just re-use of the normal LEA hooks
in all telco phone switch gear though... not 'calea features' in
particular.

-chris


jmamodio at gmail

Feb 4, 2010, 2:47 PM

Post #7 of 22 (3016 views)
Permalink
Re: lawful intercept/IOS at BlackHat DC, bypassing and recommendations [In reply to]
I'm totally ignorant (most of the time), is anybody actually using SNMPv3 ?

Regards


smb at cs

Feb 4, 2010, 2:49 PM

Post #8 of 22 (3024 views)
Permalink
Re: lawful intercept/IOS at BlackHat DC, bypassing and recommendations [In reply to]
On Feb 4, 2010, at 5:42 PM, Christopher Morrow wrote:

> On Thu, Feb 4, 2010 at 5:26 PM, Crist Clark <Crist.Clark [at] globalstar> wrote:
>
>>> this seems like much more work that matt blaze's work that said:
>> "Just
>>> send more than 10mbps toward what you want to sneak around... the
>>> LEA's pipe is saturated so nothing of use gets to them"
>>
>> The Cross/XForce/IBM talk appears more to be about unauthorized
>> access to communications via LI rather than evading them,
>>
>> "...there is a risk that [LI tools] could be hijacked by third
>> parties and used to perform surveillance without authorization."
>>
>> Of course, this has already happened,
>
> right... plus the management (for cisco) is via snmp(v3), from
> (mostly) windows servers as the mediation devices (sad)... and the
> traffic is simply tunneled from device -> mediation -> lea .... not
> necessarily IPSEC'd from mediation -> LEA, and udp-encapped from
> device -> mediation server.
>
>> http://en.wikipedia.org/wiki/Greek_telephone_tapping_case_2004-2005
>
> yea, good times... that's really just re-use of the normal LEA hooks
> in all telco phone switch gear though... not 'calea features' in
> particular.

There's a difference? CALEA is just the US goverment profile of the generic international concept of lawful intercept.

I recommend http://www.spectrum.ieee.org/jul07/5280 (linked to from the Wikipedia article) as a very good reference on what is and isn't known.

--Steve Bellovin, http://www.cs.columbia.edu/~smb


andrew.wallace at rocketmail

Feb 4, 2010, 3:04 PM

Post #9 of 22 (3012 views)
Permalink
Re: lawful intercept/IOS at BlackHat DC, bypassing and recommendations [In reply to]
On Thu, Feb 4, 2010 at 8:19 PM, Gadi Evron <ge [at] linuxbox> wrote:
> "That peer-review is the basic purpose of my Blackhat talk and the
> associated paper. I plan to review Cisco’s architecture for lawful intercept
> and explain the approach a bad guy would take to getting access without
> authorization. I’ll identify several aspects of the design and
> implementation of the Lawful Intercept (LI) and Simple Network Management
> Protocol Version 3 (SNMPv3) protocols that can be exploited to gain access
> to the interface, and provide recommendations for mitigating those
> vulnerabilities in design, implementation, and deployment."
>
> More here:
> http://blogs.iss.net/archive/blackhatlitalk.html
>
> Gadi.

For the sake of clarity and transparency,

Gadi Evron has absolutely no connection to this research whatsoever.

He is famous in the security community for piggybacking off other peoples research.

We are frustrated with him as much as we are annoyed.

Andrew

Security consultant


a.harrowell at gmail

Feb 4, 2010, 3:25 PM

Post #10 of 22 (3028 views)
Permalink
Re: lawful intercept/IOS at BlackHat DC, bypassing and recommendations [In reply to]
-original message-
Subject: Re: lawful intercept/IOS at BlackHat DC, bypassing and recommendations
From: "andrew.wallace" <andrew.wallace [at] rocketmail>
Date: 04/02/2010 11:09 pm

On Thu, Feb 4, 2010 at 8:19 PM, Gadi Evron <ge [at] linuxbox> wrote:
> "That peer-review is the basic purpose of my Blackhat talk and the
> associated paper. I plan to review Cisco’s architecture for lawful intercept
> and explain the approach a bad guy would take to getting access without
> authorization. I’ll identify several aspects of the design and
> implementation of the Lawful Intercept (LI) and Simple Network Management
> Protocol Version 3 (SNMPv3) protocols that can be exploited to gain access
> to the interface, and provide recommendations for mitigating those
> vulnerabilities in design, implementation, and deployment."
>
> More here:
> http://blogs.iss.net/archive/blackhatlitalk.html
>
> Gadi.

For the sake of clarity and transparency,

Gadi Evron has absolutely no connection to this research whatsoever.

He is famous in the security community for piggybacking off other peoples research.

We are frustrated with him as much as we are annoyed.

Andrew

Security consultant

CITATION NEEDED


andrew.wallace at rocketmail

Feb 4, 2010, 3:58 PM

Post #11 of 22 (3022 views)
Permalink
Re: lawful intercept/IOS at BlackHat DC, bypassing and recommendations [In reply to]
On Thu, Feb 4, 2010 at 11:25 PM, <a.harrowell [at] gmail> wrote:
> -original message-
> Subject: Re: lawful intercept/IOS at BlackHat DC, bypassing and recommendations
> From: "andrew.wallace" <andrew.wallace [at] rocketmail>
> Date: 04/02/2010 11:09 pm
>
> On Thu, Feb 4, 2010 at 8:19 PM, Gadi Evron <ge [at] linuxbox> wrote:
>> "That peer-review is the basic purpose of my Blackhat talk and the
>> associated paper. I plan to review Cisco’s architecture for lawful intercept
>> and explain the approach a bad guy would take to getting access without
>> authorization. I’ll identify several aspects of the design and
>> implementation of the Lawful Intercept (LI) and Simple Network Management
>> Protocol Version 3 (SNMPv3) protocols that can be exploited to gain access
>> to the interface, and provide recommendations for mitigating those
>> vulnerabilities in design, implementation, and deployment."
>>
>> More here:
>> http://blogs.iss.net/archive/blackhatlitalk.html
>>
>> Gadi.
>
> For the sake of clarity and transparency,
>
> Gadi Evron has absolutely no connection to this research whatsoever.
>
> He is famous in the security community for piggybacking off other peoples research.
>
> We are frustrated with him as much as we are annoyed.
>
> Andrew
>
> Security consultant
>
> CITATION NEEDED
>


You can goto Full-disclosure mailing list
http://www.grok.org.uk/full-disclosure/ and ask about "Gadi Evron".

There will be plenty folks there who will tell you he is involved in
plagiarism.

Andrew

Security consultant


dwhite at olp

Feb 4, 2010, 4:12 PM

Post #12 of 22 (3026 views)
Permalink
Re: lawful intercept/IOS at BlackHat DC, bypassing and recommendations [In reply to]
On 04/02/10 15:58 -0800, andrew.wallace wrote:
>> CITATION NEEDED
>
>You can goto Full-disclosure mailing list
>http://www.grok.org.uk/full-disclosure/ and ask about "Gadi Evron".
>
>There will be plenty folks there who will tell you he is involved in
>plagiarism.
>
>Andrew
>
>Security consultant

That's not a reference. And it reeks of security-consultant-gamesmanship.

If you've had a look at Gadi's paper that he intends to present, then
discuss with him where you feel he's infringing.

--
Dan White


chort at smtps

Feb 4, 2010, 5:55 PM

Post #13 of 22 (3017 views)
Permalink
Re: lawful intercept/IOS at BlackHat DC, bypassing and recommendations [In reply to]
>>> Andrew
>>>
>>> Security consultant
>>
>> CITATION NEEDED
>>
>
>
> You can goto Full-disclosure mailing list
> http://www.grok.org.uk/full-disclosure/ ...

> Andrew
>
> Security consultant

For "clarity and transparency" you were banned from that list for trolling under the persona "n3td3v".

--
bk


morrowc.lists at gmail

Feb 4, 2010, 6:23 PM

Post #14 of 22 (3007 views)
Permalink
Re: lawful intercept/IOS at BlackHat DC, bypassing and recommendations [In reply to]
On Thu, Feb 4, 2010 at 5:47 PM, Jorge Amodio <jmamodio [at] gmail> wrote:
> I'm totally ignorant (most of the time), is anybody actually using SNMPv3 ?

sadly, if you are present in the US and you do ip services (public
ones) and you deployed a cisco device + calea capabilites, yes you do!
:(

-chris


morrowc.lists at gmail

Feb 4, 2010, 6:26 PM

Post #15 of 22 (3011 views)
Permalink
Re: lawful intercept/IOS at BlackHat DC, bypassing and recommendations [In reply to]
On Thu, Feb 4, 2010 at 5:49 PM, Steven Bellovin <smb [at] cs> wrote:
>
> On Feb 4, 2010, at 5:42 PM, Christopher Morrow wrote:
>
>> On Thu, Feb 4, 2010 at 5:26 PM, Crist Clark <Crist.Clark [at] globalstar> wrote:
>>
>>>> this seems like much more work that matt blaze's work that said:
>>> "Just
>>>> send more than 10mbps toward what you want to sneak around... the
>>>> LEA's pipe is saturated so nothing of use gets to them"
>>>
>>> The Cross/XForce/IBM talk appears more to be about unauthorized
>>> access to communications via LI rather than evading them,
>>>
>>>  "...there is a risk that [LI tools] could be hijacked by third
>>>   parties and used to perform surveillance without authorization."
>>>
>>> Of course, this has already happened,
>>
>> right... plus the management (for cisco) is via snmp(v3), from
>> (mostly) windows servers as the mediation devices (sad)...  and the
>> traffic is simply tunneled from device -> mediation -> lea .... not
>> necessarily IPSEC'd from mediation -> LEA, and udp-encapped from
>> device -> mediation server.
>>
>>>  http://en.wikipedia.org/wiki/Greek_telephone_tapping_case_2004-2005
>>
>> yea, good times... that's really just re-use of the normal LEA hooks
>> in all telco phone switch gear though... not 'calea features' in
>> particular.
>
> There's a difference?  CALEA is just the US goverment profile of the generic international concept of lawful intercept.

hrm, I always equate 'calea' with 'ip intercept', because I
(thankfully) never had to see a phone switch (dms type thingy). You
are, I believe, correct in that CALEA was first 'telephone' intercept
implemented in phone-switch-thingies in ~94?? and was later applied
(may 2007ish?) to IP things as well.

-Chris


smb at cs

Feb 4, 2010, 6:42 PM

Post #16 of 22 (3006 views)
Permalink
Re: lawful intercept/IOS at BlackHat DC, bypassing and recommendations [In reply to]
On Feb 4, 2010, at 9:26 PM, Christopher Morrow wrote:

> On Thu, Feb 4, 2010 at 5:49 PM, Steven Bellovin <smb [at] cs> wrote:
>>
>> On Feb 4, 2010, at 5:42 PM, Christopher Morrow wrote:
>>
>>> On Thu, Feb 4, 2010 at 5:26 PM, Crist Clark <Crist.Clark [at] globalstar> wrote:
>>>
>>>>> this seems like much more work that matt blaze's work that said:
>>>> "Just
>>>>> send more than 10mbps toward what you want to sneak around... the
>>>>> LEA's pipe is saturated so nothing of use gets to them"
>>>>
>>>> The Cross/XForce/IBM talk appears more to be about unauthorized
>>>> access to communications via LI rather than evading them,
>>>>
>>>> "...there is a risk that [LI tools] could be hijacked by third
>>>> parties and used to perform surveillance without authorization."
>>>>
>>>> Of course, this has already happened,
>>>
>>> right... plus the management (for cisco) is via snmp(v3), from
>>> (mostly) windows servers as the mediation devices (sad)... and the
>>> traffic is simply tunneled from device -> mediation -> lea .... not
>>> necessarily IPSEC'd from mediation -> LEA, and udp-encapped from
>>> device -> mediation server.
>>>
>>>> http://en.wikipedia.org/wiki/Greek_telephone_tapping_case_2004-2005
>>>
>>> yea, good times... that's really just re-use of the normal LEA hooks
>>> in all telco phone switch gear though... not 'calea features' in
>>> particular.
>>
>> There's a difference? CALEA is just the US goverment profile of the generic international concept of lawful intercept.
>
> hrm, I always equate 'calea' with 'ip intercept', because I
> (thankfully) never had to see a phone switch (dms type thingy). You
> are, I believe, correct in that CALEA was first 'telephone' intercept
> implemented in phone-switch-thingies in ~94?? and was later applied
> (may 2007ish?) to IP things as well.

I can make a very good case that CALEA was not just originally intended for voice, but was sold to Congress as something that didn't apply to data networks. The EFF has said it better than I could, though, so look at http://w2.eff.org/Privacy/Surveillance/20040413_EFF_CALEA_comments.

--Steve Bellovin, http://www.cs.columbia.edu/~smb


marcus at blazingdot

Feb 4, 2010, 7:43 PM

Post #17 of 22 (3016 views)
Permalink
Re: lawful intercept/IOS at BlackHat DC, bypassing and recommendations [In reply to]
On Thu, Feb 04, 2010 at 09:42:24PM -0500, Steven Bellovin wrote:
> I can make a very good case that CALEA was not just originally intended for voice, but was sold to Congress as something that didn't apply to data networks. The EFF has said it better than I could, though, so look at http://w2.eff.org/Privacy/Surveillance/20040413_EFF_CALEA_comments.

Corrected URL:

http://w2.eff.org/Privacy/Surveillance/20040413_EFF_CALEA_comments.php


andrew.wallace at rocketmail

Feb 5, 2010, 3:46 AM

Post #18 of 22 (2984 views)
Permalink
Re: lawful intercept/IOS at BlackHat DC, bypassing and recommendations [In reply to]
----- Original Message ----

From: Brian Keefer <chort [at] smtps>
To: NANOG list <nanog [at] nanog>
Cc: a.harrowell [at] gmail; andrew.wallace <andrew.wallace [at] rocketmail>
Sent: Fri, 5 February, 2010 1:55:58
Subject: Re: lawful intercept/IOS at BlackHat DC, bypassing and recommendations

>>> Andrew
>>>
>>> Security consultant
>>
>> CITATION NEEDED
>>
>
>
> You can goto Full-disclosure mailing list
> http://www.grok.org.uk/full-disclosure/ ...

> Andrew
>
> Security consultant

For "clarity and transparency" you were banned from that list for trolling under the persona "n3td3v".

--
bk

"n3td3v" isn't a persona, its my username and the name of the security & intelligence group I am the founder of.

If you do think I am a troll I will happily discuss with you off-list what part
of me you think is a troll because I have never trolled I am a deadly
serious person.

I will happily arrange a meeting with you so we can discuss this further,

Andrew

Security consultant


nanog at 85d5b20a518b8f6864949bd940457dc124746ddc

Feb 5, 2010, 9:45 PM

Post #19 of 22 (2905 views)
Permalink
Re: lawful intercept/IOS at BlackHat DC, bypassing and recommendations [In reply to]
On Thu, 4 Feb 2010 16:47:47 -0600
Jorge Amodio <jmamodio [at] gmail> wrote:

> I'm totally ignorant (most of the time), is anybody actually using SNMPv3 ?
>

I worked with an IPsec VPN product around 10 years ago that used SNMPv3
for automated provisioning of the tunnels.

> Regards
>


isabeldias1 at yahoo

Feb 6, 2010, 1:07 PM

Post #20 of 22 (2843 views)
Permalink
Re: lawful intercept/IOS at BlackHat DC, bypassing and recommendations [In reply to]
Big Brother is watching you! so last year!

True, but the lawfull intercept has been around for a while, active/passive flow tap monitoring, port mirroring , called ID spoofing .......i also saw an update on the IOS/Junos roadmpap not that long ago. the 7600 has been around for a while now and so the code that comes w/ that feature available .........

lets not generate more data traffic than this .......as in case of infringement all data is recorded, stored, used as evidence and brought to our attention by the home "team", so we know in advance .....:-)


snmp v3 has been around for a gd while .......


--- On Sat, 2/6/10, Mark Smith <nanog [at] 85d5b20a518b8f6864949bd940457dc124746ddc> wrote:

> From: Mark Smith <nanog [at] 85d5b20a518b8f6864949bd940457dc124746ddc>
> Subject: Re: lawful intercept/IOS at BlackHat DC, bypassing and recommendations
> To: "Jorge Amodio" <jmamodio [at] gmail>
> Cc: "NANOG" <nanog [at] nanog>
> Date: Saturday, February 6, 2010, 6:45 AM
> On Thu, 4 Feb 2010 16:47:47 -0600
> Jorge Amodio <jmamodio [at] gmail>
> wrote:
>
> > I'm totally ignorant (most of the time), is anybody
> actually using SNMPv3 ?
> >
>
> I worked with an IPsec VPN product around 10 years ago that
> used SNMPv3
> for automated provisioning of the tunnels.
>
> > Regards
> >
>
>


Valdis.Kletnieks at vt

Feb 8, 2010, 10:37 AM

Post #21 of 22 (2635 views)
Permalink
Re: lawful intercept/IOS at BlackHat DC, bypassing and recommendations [In reply to]
On Thu, 04 Feb 2010 15:04:22 PST, "andrew.wallace" said:
> On Thu, Feb 4, 2010 at 8:19 PM, Gadi Evron <ge [at] linuxbox> wrote:
> > "That peer-review is the basic purpose of my Blackhat talk and the
> > associated paper. I plan to review Cisco’s architecture for lawful intercept

> Gadi Evron has absolutely no connection to this research whatsoever.

For the benefit of those who just fell out of a tree - anytime a conference
paper abstract says "review", it's pretty certain that the presentation won't
be cutting 0-day technical stuff, but a *review* of stuff that half of us
already know, for the benefit of getting the other half up to speed.

Also - note that the skillset needed to be a cutting-edge researcher is *very*
different from the one needed to actually present a good review talk and have
the information retained by the audience. (I've done overview presentations.
It's definitely not easy to make the points "You should be doing X, Y, and Z,
and here's why you should invest the time and effort to do so").

> He is famous in the security community for piggybacking off other peoples
> research.

You apparently fail to understand that making other people's research well
known in the community is an important role. Would we be more secure, or
less secure, if somebody did the research, but then nobody told the owners
of all that Cisco gear about it? (Hint: "pwned router" is never a good
day for the network provider)

Or would we as a community be more safe, or less safe, if <trollbait> SANS
didn't do security traning courses </trollbait>?

> Andrew

> Security consultant

Is that what you're calling yourself these days?


andrew.wallace at rocketmail

Feb 8, 2010, 1:08 PM

Post #22 of 22 (2626 views)
Permalink
Re: lawful intercept/IOS at BlackHat DC, bypassing and recommendations [In reply to]
On Mon, Feb 8, 2010 at 6:37 PM, <Valdis.Kletnieks [at] vt> wrote:
> You apparently fail to understand that making other people's research well
> known in the community is an important role. Would we be more secure, or
> less secure, if somebody did the research, but then nobody told the owners
> of all that Cisco gear about it? (Hint: "pwned router" is never a good
> day for the network provider)
>
> Or would we as a community be more safe, or less safe, if <trollbait> SANS
> didn't do security traning courses </trollbait>?
>
>> Andrew
>
>> Security consultant
>
> Is that what you're calling yourself these days?

They cater for mostly the public sector, doing a SANS course does not make you *SAFE* it just means you have an understanding of current trends and be able to take mitigation. It is not a sure-shot way to be secure, you need to have years of hands-on experience in security.

You can't walk out of SANS courses and be a security professional, you need to have a lot more than that.

I started Cyber Security from my basement back in 1999 as an 18 year old, I am now 29 years old and am doing independent security consultancy work here in the UK for multiple global vendors.

I have various titles and skills, security researcher, ethical hacker, security consultant, any of them can be used as those are the qualifications i've achieved over the years. It's not unusual in the security community for one person to fall into more than one category or be qualified to undertake more than one role.

Kind regards,

Andrew

Security Consultant

NANOG users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.