June 27th, 2005, 11:11 AM
Good quality starting resources?
I'm just getting back into security and computers in general as a hobby, (Back in highschool I spent some time being the assistant to our network admin, and I run a linux system, so I'm not a complete newbie, just havent kept up with anything ) and I was wondering what some good resources for learning the ins and outs of security might be (Books, web sites, etc). I'd prefer things that are relatively static and organized tutorial or book style so I can delve in without having to jump around forums or IRC, as my style of learning is generally just diving in, and in particular I'm looking at *nix and XP security.
June 27th, 2005, 11:13 AM
Check out the tutorials section there is some very good stuff in there
the sans reading room.
have fun. Im sure others will chime in with more. And book recomedations.
Since the beginning of time, Man has searched for the answers to the big questions: \'How did we get here?\' \'Is there life after death?\' \'Are we alone?\' But today, in this very theatre, you will be asked to answer the biggest question of them all...WHO LIVES IN A PINEAPPLE UNDER THE SEA?
June 27th, 2005, 02:17 PM
I'd highly suggest you consider a Security+ certification. It's the CompTIA security certification; don't confuse it with A+ or Server+, this is not as simple as it looks. You have to have the technical background, and a solid foundation in the basic's of InfoSec.
But even if you don't take the cert, going over the study materials (many free ones are available online) and knowing them thoroughly will help you get a grasp on the many diverse subjects in the Security industry.
Best of luck, and welcome to AO!
/* Edit: Added some specific book titles for reference */
Good books to keep in the stable:
Network Security Assessment
By Chris McNab
Note: Excellent technical description of how to conduct an assessment. Chris is a pretty sharp guy.
The Tao of Network Security Monitoring Beyond Intrusion Detection
By Richard Bejtlich
Publisher: Addison Wesley
Note: Deep, but good info. Worth the time, if you can sink into this one.
"Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
"...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore
June 28th, 2005, 10:04 AM
A good reference I would recommend:
Network Security Bible
Good balance between technical content and policy/procedure.
Hope this helps
June 28th, 2005, 02:39 PM
Your old school showed a lot of trust in you to let your work on their systems, you should stay in touch with them if you did a good job they will give you some nice references in the future.
Anyhoo, Some O'Reilly books I found useful
Network Security Assessment
Both are *nix and Windows books.
www.theregister.com (the BOfH is now your rolemodel)
http://www.knoppix-std.org/ (Linux CD distro security progs, good for practice)
These are not technical sites per se but infosec is more than bricks and clicks.
June 28th, 2005, 02:44 PM
A book I would recommend:
You cannot understand security fully, if you don't understand how you can be hacked. This book is good a taking you through the methodology of an attack and the countermeasures to prevent this type of attack.
But like previous posts have said Security+ will give you a good foundation in the security essentials.
to SYN, or not to SYN. That is the question. -Shakespeare?
June 30th, 2005, 02:28 AM
Some other good books to get your hands are How to steal a Network and How to own a continent. Other than that just stick around forums and see whats new like IDS's, Attacks, and so forth. And depending on how serious you are, you might want to start studying the CISSP. But be aware the material is a mile wide and a inch deep, and the test itself is very difficult. Believe me when I say its hard........going on my 3rd try in Aug.
June 30th, 2005, 12:46 PM
Just a guess, but if he's in HS and is just starting security training, he won't qualify for the 4 years of security work needed for the CISSP. Security+ would be the best bet for a certification involving security. A CISSP book wouldn't hurt either as it will give you a general overview of all aspects of security.
June 30th, 2005, 05:44 PM
Eh, I'm not in HS any longer, but I wouldn't have the 4 years experiance (Working to get college money and just living life for a while before I go). However, I'm not particularly interested in getting certified at the moment, I'm mainly a hobbyist and at the rate I'm going now, I have at least a year before I'll get to college, and I'm just trying to learn as much as I can out of school before that.
June 30th, 2005, 05:49 PM
Hah, I stand corrected. I read the line "Back in high school" completely wrong, thinking you meant you were back in high school. If you're doing this as a hobby, you might look into the material that is provided for the Certified Ethical Hacker. That is by far more interesting for a hobby.