Where to start in security?

[!mitationRust]

Originally posted here by Tedob1
hacking exposed is really a good recomendation, if your running NT. (haven't looked threw the later editions)

I have, they are worth the money if you buy them in sets on ebay, some guy had all sets starting out at $5 out bid at $44.


I recommend all these.
"Computer Networks" - Andrew S. Tanenbaum
"Operating Systems" - Andrew S. Tanenbaum
"TCP/IP Illustrated" (volumes I-III) - W. Richard Stevens
"Advanced Programming in the UNIX Environment" - W. Richard Stevens
"UNIX Network Programming" (volumes I and II) - W. Richard Stevens
"UNIX System Administration Handbook" - Evi Nemeth
"Practical UNIX and Internet Security" - Simson Garfinkel
"Building Open Source Network Security Solutions" - Mike Schiffman
"Hacking Linux Exposed"
"Linux System Administrators Handbook"
"Practical UNIX and Internet Security"
Best there is for the basics/*nix basics

[The Grunt]

I'll second rust's vote for "TCP/IP Illustrated"

VERY awesome book. Cleared up pretty much all my questions about protocols and explained to me what goes on behind the scenes.

[Spyder32]

I didn't know hacking exposed came with a dvd?? Damn, I'm going to hafta run to Barnes and Noble (bookstore) to pick myself a copy of that.

[Negative]

*Thr34d T1tl3 ch4ng3d*

Another good tip to get some really cheap books, is stores like 75% off bookstores. They have a huge selection in computer-books, and the most expensive one is $5. Stores like that buy overstocks, and slightly bruised books, and sell them at those discounted prices.

We got the entire Hacking Exposed collection there for $4.99 each...

[EyeQGuy]

Wow, good info AND at a cheap price. Most excellent. Thanks to all again.

[pooh sun tzu]

A few tips to get you started, and keep in mind along the way:

1. Find an OS you are comfortable with and master it. Don't just learn it, but figure out what makes it tick. Don't let gossip and heresay alter your perseptions on which OS is better than the other. Read http://www.antionline.com/showthread...hreadid=254589

2. Understand the concept of hacking is differerent than the concept of cracking. While cracking is moreso about computer security penetration, hacking is discovering the "why is it insecure? what makes it insecure? how could I make it more secure?" Embrace hacking, but know that to understand the aspects of cracking and grey-hat hacking means you will not only be able to understand how to defend an attack, but by learning how attacks work and how they would be preformed you can better impliment security measures in specifics and perfection.

3. Read the fscking manual. I can not stress this enough. If you do not know how something works, read the RFC. Read the manual. Read the help file. Read the installation file. Read the documentation. Read the forums. The reason I say this is not because people here are unwilling to answer questions, but because sometimes it is better for both memory and experience to learn it on one's own rather than have the answer handed to us.

4. Even with #3, don't be afraid to ask questions after you have exausted your resources. An answered question, no matter the content of the question, is better than a question never asked. We all started somewhere, and understand (AND REMEMBER) the harder times starting out.

5. Be prepared to purchase books on security (such as CERT, SAM, Hacking Exposed). However, never preassume that the book is 100% correct. Read it and study it, but keep a cynical mind. Cross check things if you are not sure.

6. Combining most of the above: Get hands on experience. Purchase a cheap 12 inch monitor and an old pentium 233. Slap a UNIX or BSD based operating system on there (command line only) and learn how to secure it, how to break it. Get used to the functionality of how command line works, for both Windows and UNIX/BSD. Hands on experience is what forges scholarly knowledge into experience, and experience into wisdom.

7. Get your hands on absolutley anything related to security. Read tutorial sections from top to bottom. Find something you don't quite understand yet? No worries, set it to the side and come back to it in a few weeks. Suddenly, a large part of what once confused you will make sense. Subscribe to a few security related newsletters. Keep up with security related news, products, security product reviews, exploits, etc. This industry moves fast, so you have to work hard to keep up.

8. Remember to stop once in a while and take a break. Relax, play a few games. Keep in mind that this field, while the above seven points may make it seem like a hectic and overbearing job, can be incredibly fun. If you try to move too far too fast in security, you will burn out. If you move too slow, you will still be attempting the bluebox trick So, find a comfortable median in which to learn and operate with.

9. Learn a programming language. Be it BASIC, PASCAL, Java, C, C#, etc etc etc.. learn one. Get masterful at it, and learn another one. Why? Programming is the root of security and operating systems. Learn it well enough to eventually give back to the security community after all they have given you. Make a difference, be a hacker.


May the Tao bring experience and happiness upon your path in security!