Good quality starting resources?
Results 1 to 10 of 10

Thread: Good quality starting resources?

  1. #1
    Junior Member
    Join Date
    Jun 2005
    Posts
    2

    Good quality starting resources?

    Howdy all,

    I'm just getting back into security and computers in general as a hobby, (Back in highschool I spent some time being the assistant to our network admin, and I run a linux system, so I'm not a complete newbie, just havent kept up with anything ) and I was wondering what some good resources for learning the ins and outs of security might be (Books, web sites, etc). I'd prefer things that are relatively static and organized tutorial or book style so I can delve in without having to jump around forums or IRC, as my style of learning is generally just diving in, and in particular I'm looking at *nix and XP security.

  2. #2
    Senior Member
    Join Date
    Feb 2004
    Posts
    270
    Check out the tutorials section there is some very good stuff in there

    also

    http://www.sans.org/rr/

    the sans reading room.

    have fun. Im sure others will chime in with more. And book recomedations.
    Since the beginning of time, Man has searched for the answers to the big questions: \'How did we get here?\' \'Is there life after death?\' \'Are we alone?\' But today, in this very theatre, you will be asked to answer the biggest question of them all...WHO LIVES IN A PINEAPPLE UNDER THE SEA?

  3. #3
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    I'd highly suggest you consider a Security+ certification. It's the CompTIA security certification; don't confuse it with A+ or Server+, this is not as simple as it looks. You have to have the technical background, and a solid foundation in the basic's of InfoSec.

    But even if you don't take the cert, going over the study materials (many free ones are available online) and knowing them thoroughly will help you get a grasp on the many diverse subjects in the Security industry.

    Best of luck, and welcome to AO!

    /* Edit: Added some specific book titles for reference */

    Good books to keep in the stable:

    Network Security Assessment
    By Chris McNab
    Publisher: O'Reilly
    ISBN: 0-596-00611-X
    Note: Excellent technical description of how to conduct an assessment. Chris is a pretty sharp guy.

    The Tao of Network Security Monitoring Beyond Intrusion Detection
    By Richard Bejtlich
    Publisher: Addison Wesley
    ISBN: 0-321-24677-2
    Note: Deep, but good info. Worth the time, if you can sink into this one.
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  4. #4
    A good reference I would recommend:

    Network Security Bible
    http://www.amazon.com/exec/obidos/tg...books&n=507846

    Good balance between technical content and policy/procedure.

    Hope this helps

  5. #5
    Frustrated Mad Scientist
    Join Date
    Dec 2004
    Posts
    1,152
    Your old school showed a lot of trust in you to let your work on their systems, you should stay in touch with them if you did a good job they will give you some nice references in the future.

    Anyhoo, Some O'Reilly books I found useful

    Network Security Assessment
    NetworkSsecurity Hacks

    Both are *nix and Windows books.

    Wesites:

    www.theregister.com (the BOfH is now your rolemodel)
    http://www.cert.org/
    http://www.knoppix-std.org/ (Linux CD distro security progs, good for practice)
    http://www.securityfocus.com/
    http://www.schneier.com/

    These are not technical sites per se but infosec is more than bricks and clicks.

  6. #6
    Member
    Join Date
    Jun 2005
    Posts
    34
    A book I would recommend:

    Hacking Exposed

    You cannot understand security fully, if you don't understand how you can be hacked. This book is good a taking you through the methodology of an attack and the countermeasures to prevent this type of attack.

    But like previous posts have said Security+ will give you a good foundation in the security essentials.
    to SYN, or not to SYN. That is the question. -Shakespeare?

  7. #7
    Junior Member
    Join Date
    Jun 2005
    Posts
    9
    Some other good books to get your hands are How to steal a Network and How to own a continent. Other than that just stick around forums and see whats new like IDS's, Attacks, and so forth. And depending on how serious you are, you might want to start studying the CISSP. But be aware the material is a mile wide and a inch deep, and the test itself is very difficult. Believe me when I say its hard........going on my 3rd try in Aug.

  8. #8
    Senior Member
    Join Date
    Jul 2004
    Posts
    469
    Just a guess, but if he's in HS and is just starting security training, he won't qualify for the 4 years of security work needed for the CISSP. Security+ would be the best bet for a certification involving security. A CISSP book wouldn't hurt either as it will give you a general overview of all aspects of security.

  9. #9
    Junior Member
    Join Date
    Jun 2005
    Posts
    2
    Eh, I'm not in HS any longer, but I wouldn't have the 4 years experiance (Working to get college money and just living life for a while before I go). However, I'm not particularly interested in getting certified at the moment, I'm mainly a hobbyist and at the rate I'm going now, I have at least a year before I'll get to college, and I'm just trying to learn as much as I can out of school before that.

  10. #10
    Senior Member
    Join Date
    Jul 2004
    Posts
    469
    Hah, I stand corrected. I read the line "Back in high school" completely wrong, thinking you meant you were back in high school. If you're doing this as a hobby, you might look into the material that is provided for the Certified Ethical Hacker. That is by far more interesting for a hobby.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •