Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: Where to start

  1. #1
    Junior Member
    Join Date
    Feb 2005
    Posts
    23

    Where to start

    I've decided that I want to get into computer security and learn all about it. I've looked through all of the tutorials and such and they are very helpfull. But what I really need to know right now is where do I begin? I need a starting point, which types of security i should start with, what I need to know before I begin this venture, and any other help would be appreciated.

  2. #2
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Start from the position that everything _can_ and _will_ be exploited in numerous different ways.

    From there you need to realize that you need to know _everything_ about every operating system and application ever created.

    From there you need to realize that the task is impossible.

    From there you need to do one of two things:-

    1. Pick a specific field, (Network Security, Web Security, Programming Security... etc.All by OS...), and run with it.

    2. Have an infrastructure and learn how to secure it - obviously mileage can vary here.

    In short, computer security isn't something you can know everything about. Understanding the computer, it's OS, it's apps etc. and being able to effectively mitigate the threat by means other than waiting for the patch is probably about the best you can do. If you can exceed that and leave the computer usable by an idiot then you have found the "key"....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  3. #3
    Take it from someone that has tried to learn everything only to continueally end up reading another article or book that points to something else I need to learn or catch-up on. Like Tiger said, it is pretty damn improvable to learn absolutely everything. You can, but you will
    1. not sleep, 2. not have a social life, and 3. Not remember half of it.

    It is funny, the more stuff I learn the more stuff that isn't readily accessable in my memory. I can remember it, but something has to tap on it, or have me to think about it, for me to remember it.

    Now for your question. I say you dable in every area for a little. (Yea, I know this is completely against what I just said.) The reason for this is, you won't truely be sure what you like until you try a little bit of everything.

    The next question you need to pose to yourself, is "Why do I want to learn this?" If it is simply to increase your own personal knowledge then there are a lot of things you can cut out. If it is to get a job, then there are a lot of things you can cut out. You need to figure out why you want to learn, and then you can better single in on what you want to learn. I will say in my own personal opinion, the programming side is most fun. Learning to code, working on coding, and then working on exploiting code is the most fun. Which is pretty much the underlining effect of everything.

    I would personally say start at just bs programming. Pick up a langauge, and go from there.

  4. #4
    Senior Member
    Join Date
    Mar 2003
    Posts
    245
    Couldn't agree more ...

    My chosen field is UNIX Systems Design and Management. Given 15 years experience, and several large scale
    environments I have worked in; it is relatively easy to focus a lot of time and energy on UNIX/Linux security.

    Sure, there is some bleed over into other areas like network, web, and physical security. For the most part
    though I look to folks that specialize in those fields to implement a secure design, rather than trying to do
    it all myself.

    If you choose OS security management, beware that often times what would be the most secure just isn't going
    to be possible. You manage systems because the company and your users need them for some business purpose.
    If the business needs and the security needs are in conflict guess who loses. I don't know your situation, but you
    will likely find that your first security job will be at a company full of old, unpatched systems that absolutely must
    stay that way for some support reason or another. That's what makes 'real' security far more challenging than
    the theoretical scenarios found in books and suggested in articles on securityfocus.com.

    Just remember this and you'll be fine. A lot of security is keeping one eye on the big picture, and the other eye on anything that looks out of place.
    Get OpenSolaris http://www.opensolaris.org/

  5. #5
    THE Bastard Sys***** dinowuff's Avatar
    Join Date
    Jun 2003
    Location
    Third planet from the Sun
    Posts
    1,253
    Originally posted here by spurious_inode
    Couldn't agree more ...

    My chosen field is UNIX Systems Design and Management. Given 15 years experience, and several large scale
    environments I have worked in; it is relatively easy to focus a lot of time and energy on UNIX/Linux security.

    Sure, there is some bleed over into other areas like network, web, and physical security. For the most part
    though I look to folks that specialize in those fields to implement a secure design, rather than trying to do
    it all myself.

    If you choose OS security management, beware that often times what would be the most secure just isn't going
    to be possible. You manage systems because the company and your users need them for some business purpose.
    If the business needs and the security needs are in conflict guess who loses. I don't know your situation, but you
    will likely find that your first security job will be at a company full of old, unpatched systems that absolutely must
    stay that way for some support reason or another. That's what makes 'real' security far more challenging than
    the theoretical scenarios found in books and suggested in articles on securityfocus.com.

    Just remember this and you'll be fine. A lot of security is keeping one eye on the big picture, and the other eye on anything that looks out of place.
    Needed to be said again. Business needs always wins
    09:F9:11:02:9D:74:E3:5B8:41:56:C5:63:56:88:C0

  6. #6
    Junior Member
    Join Date
    Feb 2005
    Posts
    23

    hrm

    Well im not really looking for a job right now, im only going into tenth grade. But, i figure if i start learning now about what i need to know, ill be a small step ahead when going to college and eventualy getting a job. But thanks for all the help so far.

  7. #7
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177

    Re: hrm

    Originally posted here by The Exploit
    Well im not really looking for a job right now, im only going into tenth grade. But, i figure if i start learning now about what i need to know, ill be a small step ahead when going to college and eventualy getting a job. But thanks for all the help so far.
    Well, I would suggest that you've already begun, just by being inquisitive. The best thing you can do is get experience. One can assume you enjoy working with computers and technology; I would pursue that, learn as much as you can. Ways to help with this may seem boring or dull, but they can help you earn a lot of skill and the ability to troubleshoot (read:ability to THINK). Being a student-assistant at school for the computer lab is a good way to get started. Get your hands on an old system cheap (you can possibly find a way to earn one by working, if you can't afford one out of pocket) and install every operating system you can get your hands on, playing with each and learning what you like. Learn Windows well enough to be useful, learn *NIX well enough not to be completely lost at a CLI or X-desktop. Begin to pursue the fundamentals of TCP/IP and how a LAN works.

    Also, there are some great books you can read, if you are so inclined. An oldy-moldy, but very good one is The Cuckoo's Egg by Cliff Stoll:
    http://tinyurl.com/cr77f
    ISBN 0743411463

    There are others; 'The Art of Deception' by Kevin Mitnick, 'Corporate Espionage' and 'Spies Among Us' by Ira Winkler, and many many more... but this one should help you get a good start.
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  8. #8
    Junior Member
    Join Date
    May 2005
    Posts
    10
    That is pretty damn good advice ZenCoder. Going into 10th grade too and thank you for the good advice.

  9. #9
    Also, there are some great books you can read, if you are so inclined. An oldy-moldy, but very good one is The Cuckoo's Egg by Cliff Stoll:
    http://tinyurl.com/cr77f
    ISBN 0743411463

    There are others; 'The Art of Deception' by Kevin Mitnick, 'Corporate Espionage' and 'Spies Among Us' by Ira Winkler, and many many more... but this one should help you get a good start.
    I say, If anything those book are great for entertainment purposes but other than that I really doubt each and every single one of those books have something to tell me that I haven't heard before. I think Barry had "pretty damn good advice" in both posts of this thread.

  10. #10
    Senior Member
    Join Date
    Dec 2004
    Posts
    320
    Are you kinding Spe©ialist ? First you bash on the post, then you recommend it ?
    The fool doth think he is wise, but the wiseman knows himself to be a fool - Good Ole Bill Shakespeare

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •