I have been researching computer security for about 6 months now and still know very little, can anyone please point me to some good tutorials on getting started with detecting volnerabilities and such. I am most likely going to major in this field so i need anything possible to help me out
Just poke around in our Security Tutorials forum, that's where they're posted.
You may also want to play around with nmap or another scanner for some experience. (Do you run *NIX?)
Ask lots of questions. I'm a soon-to-be MIS major with only a handful of months experience as a network admin, and I still know next to nothing compared to the senior members here. Read tutorials, ask questions, and get to know people. Don't be shy!
It doesn't matter what you do professionally...
Some seniors are admins, computer teachers, consultants, etc. On the other hand, I dispatch tow trucks for a living, and a couple of other seniors haven't even graduated highschool yet.
It's all about what you do with your time. You will get as much from the computer world, as you put into it in terms of effort.
Best advice, find an OS, learn it. It doesn't matter if it is Windows or Linux, or even Mac. Learn everything you can about how it works. Knowing about a specific buffer overflow that can compromise Windows 2000 is wonderful... Now go find out why it works. When you start to understand how software works on the most basic levels, you will start to understand how it is compromised, and how compromises can be prevented.
Only time and effort can get you anywhere. There is no quick fix for knowledge, and there is also no substitute for just trying things.
Start right here...
Purify: One of the very best places to start is right in the search field of these forums. Search for new, and newbie, security, things of that nature. You will find about a million posts come up. Read thru them, scan them, and read the replies. You will find a huge wealth of knowledge being passed around.
As stated, check out the tutorials forum. Read the posts there. Anything you run into that you dont understand, search here or Google for an answer. Or write the author and ask to be pointed in the right direction.
Check out the Free White Pages from MS and other companies. Search Google for security. Etc.
Check out the hacking pages, and read the exploits and then the fixes. Post questions in the newbie forums, and don't be afraid to be snickered at or flamed. Happens to the best of us, when we are learning. The suggestion about learning an OS is a wonderful suggestion. Pick one, and then poke all the holes you can in it. I have been known to go and spend hours in Barnes and Noble or Borders pouring over books, then putting them back and returning to read some more another day. Once in a while I even buy one! :D
The most basic place to start of course is with your own interestes within the security field. But most of all, if you start on something, take it as far as you can or to the end if possible. Remember, there is a LOT of information to gather and read/understand, and becomming a security professional is a great field, but there is a large amount of work to do to get there.
You've stated off the right way, by asking the question in the right place.
This is a great portal for learning about computer security and sharing the knowledge you obtain as well. I visited many different sites prior to signing up here. I wanted to watch the interaction between the new folks and the more experienced folks and observe how serious they were about security, before I became a part of it. You will find these people most helpful and willing to teach at any pace you can receive.
I think a good place to start would be here
its a tutorial index of the tutorial on AO compiled by negative. Theres all sorts ranging from basic computer stuff up to highly technical stuff.
maybe get some old computers and connect them up in a network and learn to attack and defend it?
i2c is right about getting some computers and connecting them up and looking at ways to attack and defend them. And keep in mind, they do not have to be brand new systems or anything. You can get Pentium and PII systems CHEAP these days and they can be great test dummy machice. Companies like RetroBox will selll you a decent PIII for around $60 (Needs monitor) eBay you can get PII's a dime a dozen. I picked up a couple of IBM PII/350/64/4g
systems for $19.95 each not to long ago to give to my kids school.
Either way, nothing compares to having experience, and building and attacking and defending your own network is a great way to learn. Or even have a friend try and attack it. etc.
One more thing. I strongly recommend you get the a good book on TCP/IP and one that tells you all the gritty details. No matter what part of computers you go into these days, you are going to need the a very strong knowledge of TCP/IP. Doesn't even matter what OS your are working with, being Mac, Linux or Windows. TCP/IP is a must!