Joshua.
Don't do it. Period.
Some months ago we had such a discussion(see archives,if you wish).
Bruce Schneier's paper is at least controversial(to be
polite)and,IMHO,dosen't deserve credit.
The most VALUABLE reason to don't do it was given by Christopher :
" Lets say someone does crack it and not tell you! No they have a
host they
can trojan and use to attack other hosts! Or worse yet post it on some
hacker web site and let their buddies use it also to do the same thing!
Depending on the OS I would look into a good penetration testing from a
know source.....Rhino9....L0pht......etc..."
Christopher Witter
Now,about to contract a "security professional" :
" (hmm.... I have to admit that nowadays a lot of such services are
being
offered by "professionals" while in reality they are not much more than
script kiddies themselves....But that's the universal problem of "seperating
the wheat from the chaff" and is another discussion....)"
Gr.
Arjan
Since you are
" Joshua Chamas wrote:
> I am new to sysadmin &
security"
how would you "separate the wheat from the chaff " even if you had budget
enough to contract such a pro. ?
(May be some people in this list will sugest you to contract a HR pro. to
identify a Security pro. for you ;-)
> I believe the conditions of winning the prize would be:
>
> ) documenting the hack
If you find it !
> ) forbidding hacking systems of upstream ISPs
> ) proposals for fixing the found security holes
see above
> ) a finite timeline for the hack to occur in, say a week
what guarantee do you have that they will stop after a week ?
> ) preservation of the system logs, so I can observe and learn
> from hacking strategies
this will be the first thing they will clean !
> What do you all think about this?
Don't do it ; just don't do it !!!
Best regards,
PL Steinbruch
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
