-
June 5th, 2005, 10:12 PM
#1
Junior Member
Where to start
I've decided that I want to get into computer security and learn all about it. I've looked through all of the tutorials and such and they are very helpfull. But what I really need to know right now is where do I begin? I need a starting point, which types of security i should start with, what I need to know before I begin this venture, and any other help would be appreciated.
-
June 5th, 2005, 10:29 PM
#2
Start from the position that everything _can_ and _will_ be exploited in numerous different ways.
From there you need to realize that you need to know _everything_ about every operating system and application ever created.
From there you need to realize that the task is impossible.
From there you need to do one of two things:-
1. Pick a specific field, (Network Security, Web Security, Programming Security... etc.All by OS...), and run with it.
2. Have an infrastructure and learn how to secure it - obviously mileage can vary here.
In short, computer security isn't something you can know everything about. Understanding the computer, it's OS, it's apps etc. and being able to effectively mitigate the threat by means other than waiting for the patch is probably about the best you can do. If you can exceed that and leave the computer usable by an idiot then you have found the "key"....
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
June 6th, 2005, 12:10 AM
#3
Take it from someone that has tried to learn everything only to continueally end up reading another article or book that points to something else I need to learn or catch-up on. Like Tiger said, it is pretty damn improvable to learn absolutely everything. You can, but you will
1. not sleep, 2. not have a social life, and 3. Not remember half of it.
It is funny, the more stuff I learn the more stuff that isn't readily accessable in my memory. I can remember it, but something has to tap on it, or have me to think about it, for me to remember it.
Now for your question. I say you dable in every area for a little. (Yea, I know this is completely against what I just said.) The reason for this is, you won't truely be sure what you like until you try a little bit of everything.
The next question you need to pose to yourself, is "Why do I want to learn this?" If it is simply to increase your own personal knowledge then there are a lot of things you can cut out. If it is to get a job, then there are a lot of things you can cut out. You need to figure out why you want to learn, and then you can better single in on what you want to learn. I will say in my own personal opinion, the programming side is most fun. Learning to code, working on coding, and then working on exploiting code is the most fun. Which is pretty much the underlining effect of everything.
I would personally say start at just bs programming. Pick up a langauge, and go from there.
-
June 6th, 2005, 08:42 PM
#4
Couldn't agree more ...
My chosen field is UNIX Systems Design and Management. Given 15 years experience, and several large scale
environments I have worked in; it is relatively easy to focus a lot of time and energy on UNIX/Linux security.
Sure, there is some bleed over into other areas like network, web, and physical security. For the most part
though I look to folks that specialize in those fields to implement a secure design, rather than trying to do
it all myself.
If you choose OS security management, beware that often times what would be the most secure just isn't going
to be possible. You manage systems because the company and your users need them for some business purpose.
If the business needs and the security needs are in conflict guess who loses. I don't know your situation, but you
will likely find that your first security job will be at a company full of old, unpatched systems that absolutely must
stay that way for some support reason or another. That's what makes 'real' security far more challenging than
the theoretical scenarios found in books and suggested in articles on securityfocus.com.
Just remember this and you'll be fine. A lot of security is keeping one eye on the big picture, and the other eye on anything that looks out of place.
Get OpenSolaris http://www.opensolaris.org/
-
June 7th, 2005, 03:38 AM
#5
Originally posted here by spurious_inode
Couldn't agree more ...
My chosen field is UNIX Systems Design and Management. Given 15 years experience, and several large scale
environments I have worked in; it is relatively easy to focus a lot of time and energy on UNIX/Linux security.
Sure, there is some bleed over into other areas like network, web, and physical security. For the most part
though I look to folks that specialize in those fields to implement a secure design, rather than trying to do
it all myself.
If you choose OS security management, beware that often times what would be the most secure just isn't going
to be possible. You manage systems because the company and your users need them for some business purpose.
If the business needs and the security needs are in conflict guess who loses. I don't know your situation, but you
will likely find that your first security job will be at a company full of old, unpatched systems that absolutely must
stay that way for some support reason or another. That's what makes 'real' security far more challenging than
the theoretical scenarios found in books and suggested in articles on securityfocus.com.
Just remember this and you'll be fine. A lot of security is keeping one eye on the big picture, and the other eye on anything that looks out of place.
Needed to be said again. Business needs always wins
09:F9:11:02:9D:74:E3:5B 8:41:56:C5:63:56:88:C0
-
June 8th, 2005, 12:10 AM
#6
Junior Member
hrm
Well im not really looking for a job right now, im only going into tenth grade. But, i figure if i start learning now about what i need to know, ill be a small step ahead when going to college and eventualy getting a job. But thanks for all the help so far.
-
June 8th, 2005, 02:29 AM
#7
Re: hrm
Originally posted here by The Exploit
Well im not really looking for a job right now, im only going into tenth grade. But, i figure if i start learning now about what i need to know, ill be a small step ahead when going to college and eventualy getting a job. But thanks for all the help so far.
Well, I would suggest that you've already begun, just by being inquisitive. The best thing you can do is get experience. One can assume you enjoy working with computers and technology; I would pursue that, learn as much as you can. Ways to help with this may seem boring or dull, but they can help you earn a lot of skill and the ability to troubleshoot (read:ability to THINK). Being a student-assistant at school for the computer lab is a good way to get started. Get your hands on an old system cheap (you can possibly find a way to earn one by working, if you can't afford one out of pocket) and install every operating system you can get your hands on, playing with each and learning what you like. Learn Windows well enough to be useful, learn *NIX well enough not to be completely lost at a CLI or X-desktop. Begin to pursue the fundamentals of TCP/IP and how a LAN works.
Also, there are some great books you can read, if you are so inclined. An oldy-moldy, but very good one is The Cuckoo's Egg by Cliff Stoll:
http://tinyurl.com/cr77f
ISBN 0743411463
There are others; 'The Art of Deception' by Kevin Mitnick, 'Corporate Espionage' and 'Spies Among Us' by Ira Winkler, and many many more... but this one should help you get a good start.
"Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
"...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore
-
June 18th, 2005, 03:20 AM
#8
Junior Member
That is pretty damn good advice ZenCoder. Going into 10th grade too and thank you for the good advice.
-
June 18th, 2005, 04:15 AM
#9
Also, there are some great books you can read, if you are so inclined. An oldy-moldy, but very good one is The Cuckoo's Egg by Cliff Stoll:
http://tinyurl.com/cr77f
ISBN 0743411463
There are others; 'The Art of Deception' by Kevin Mitnick, 'Corporate Espionage' and 'Spies Among Us' by Ira Winkler, and many many more... but this one should help you get a good start.
I say, If anything those book are great for entertainment purposes but other than that I really doubt each and every single one of those books have something to tell me that I haven't heard before. I think Barry had "pretty damn good advice" in both posts of this thread.
-
June 18th, 2005, 07:20 AM
#10
Are you kinding Spe©ialist ? First you bash on the post, then you recommend it ?
The fool doth think he is wise, but the wiseman knows himself to be a fool - Good Ole Bill Shakespeare
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|