Do you need to know how to attack to defend better?

security

Would I be able to better defend my electronic assets if I knew how to attack them?


Solution 1:

Knowledge of your environment is the first step to protecting it: Knowing the systems, learning about the languages and OS version used, knowing how the servers interact, and protective controls already in place, understanding what kind of organization you're trying to protect.

Once you have that knowledge, attack techniques are key because they give you the ability to audit these systems both in production and before they get there, and help expose the assumptions about how your systems are run. Assumption: Our firewall is working fine. Reality: nmap just returned a list of systems that have vulnerable ports exposed to the internet, lets take a closer look at our firewall rules.

But there is a danger, once you've seen all the attacks that come out of BH/defcon every year, you can become over focused on the cool new attacks and totally miss other critical basics. eg. You run around and disabled BIOS based virtualization because you read all about Blue Pill rootkits, but the systems aren't patched or screened by a firewall and they still get owned by a drive by download.

I find that the my most important question is not "what could an attacker do against my system?" but instead "What are most attackers doing right now against people running systems like mine?"

Solution 2:

In general, yes, you should know how the system works in order to subvert it, then you know a little better how to protect your systems and network.

If you approach your network with the mindset of "if I wanted to do XYZ, how would I do it?" you'll then be able to say, "If someone did ABC, how do I stop them?" and take it from there.

These are kind of satellite subjects to understanding how the system works in the first place.

Solution 3:

Would you better defend yourself, if you learned how to fight?

Solution 4:

I think that wihout actively trying to "break things", it is difficult to develop the right mindset - to be able to think as a hacker.

An interesting recently released book where a number of high profile security experts discuss "the security mindset" is Beautiful Security

Solution 5:

Yes. I think so.

Often it is not until you actively attempt to work around a solution, especially when it comes to security, that you will begin to discover it's weaknesses beyond a pen-a-paper mindset.

If you're after a more in-depth answer then you may need to provide some subject specifics.

Related

When using NFS, how do I make user A on the server appear as user B on the client?
Sysadmin performance metrics?
Is it possible to have a unique .bash_history file per host?
How do you increase the apache connection limit? (WAMP) [closed]
Apache no-cache on specific files
Multiple instances of MediaWiki on one server
What is windows "interactive user"?
Bitlocker equivalent for Linux
Prove the Wallis formula form $\left(4^{\zeta{(0)}} \cdot e^{-\zeta'{(0)}}\right)^2=\frac{\pi}{2}$
Show compactness with Arzelà–Ascoli
Prove that $\frac{\pi}{4}\le\sum_{n=1}^{\infty} \arcsin\left(\frac{\sqrt{n+1}-\sqrt{n}}{n+1}\right)$
$ U(1) $ and $ SO(2) $ are locally equivalent.