-
May 27th, 2004, 07:48 PM
#1
Senior Member
The Best Security Materials
What is The best thing for a new guy to learn about Security as a whole.I am very new to this. I started as a PC tech intern then some help desk and some ISP stuff and now I was hired 3 months ago as the Security Admin for a Bank. I told them I had VERY little experiance and they didnt seem to care.
So here I am...I built the helpdesk up as was agreed upon when i was hired and now i need to start in on the security stuff.
Romans 7:14-20
14 We know that the law is spiritual; but I am unspiritual, sold as a slave to sin. 15 I do not understand what I do. For what I want to do I do not do, but what I hate I do. 16 And if I do what I do not want to do, I agree that the law is good. 17 As it is, it is no longer I myself who do it, but it is sin living in me. 18 I know that nothing good lives in me, that is, in my sinful nature. For I have the desire to do what is good, but I cannot carry it out.
-
May 27th, 2004, 08:29 PM
#2
Broad topic. You can look through the Security Tutorials forum for some specific tutorials, the Newsletters for some others and probably read everything. The following might help as far as links are concerned:
http://www.snort.org
http://www.netfilter.org
http://www.antionline.com
http://www.attrition.org
http://www.cert.org
http://www.sans.org <--- check out the Reading Room
http://www.securityfocus.com
http://www.cve.mitre.org <--- Common Vulnerabilities and Exposures
http://www.raid-symposium.org <-- Recent Advances in Intrusion Detection (RAID) Conference
http://directory.google.com/Top/Comp...mail/Security/
http://www.microsoft.com/security/ <--- Microsoft Security
Exploits
http://www.packetstormsecurity.com
http://www.zone-h.org
http://www.k-optik.com
http://www.cotse.com
http://www.netsys.com
Penetration Testing
http://www.gao.gov/special.pubs/mgmtpln.pdf <-- US General Accounting Office Management Planning Guide for Information Systems Security Auditing (PDF)
http://csrc.nist.gov/publications/dr...ty-testing.pdf <--- National Institute for Standards and Technology (NIST) Guidelines on Network Security Testing (PDF)
http://www.isecom.org/projects/osstmm.htm <--- Open Source Security Testing Methodology Manual (OSSTMM)
Security Email Lists
http://www.netsys.com/cgi-bin/displaynews?a=301 <-- Full Disclosure
http://www.securityfocus.com/archive <--- BugTraq Mailing Lists (variety of topics)
Scanning Sites/Utilities
http://www.security-forums.com/forum...b_pages&cat=21
Tools
http://www.blackcode.com/net-tools/
http://www.kloth.net/services/
http://network-tools.com/
Trojans/Port Listings
http://www.iss.net/security_center/a...ts/default.htm
http://www.blackcode.com/trojans/ports.php
If you are like me and like to read actual paper books some to consider include:
2600 <-- quarterly magazine
Hacking Exposed, 4th Edition
Network Intrusion Detection
Network SEcurity Hacks
Google Hacks
TCP/IP Illustrated
Hacking: The Art of Exploitation
Hacknotes
Unix System Administration Handbook (Purple Book)
.. and many others (my personal collection is about 300-400 books). Visit Amazon.com and do a search on computer security.
HTH
-
May 27th, 2004, 08:38 PM
#3
start with the basics. Make sure you keep everything updated, learn your hardware, keep ontop of knowing new virusis that are put on the net that may effect you. Read up on firewall configurations and make sure yours are set correctly. and dont forget about the people working for you, make sure they know what they are doing, and make sure they aren't giving out info to unauthorized people. (read "the art of deception" by Kevin Mitnik) Security isnt just your computers, users play a huge roll as well. Also do things like password audits and watch what they are downloading if anything. stuff like that. but read everything you can get your hands on, the more info you have the better. good luck.
-
May 27th, 2004, 08:41 PM
#4
Senior Member
Dang...this is going to take a while! :shocked
Thanks, J
Romans 7:14-20
14 We know that the law is spiritual; but I am unspiritual, sold as a slave to sin. 15 I do not understand what I do. For what I want to do I do not do, but what I hate I do. 16 And if I do what I do not want to do, I agree that the law is good. 17 As it is, it is no longer I myself who do it, but it is sin living in me. 18 I know that nothing good lives in me, that is, in my sinful nature. For I have the desire to do what is good, but I cannot carry it out.
-
May 27th, 2004, 08:53 PM
#5
Jason, you're starting at the snowflake of a huge glacier. Enjoy!
-
May 27th, 2004, 09:07 PM
#6
Well,does the bloody glacier EVER end?not that I've seen*looks at all the stuff he has to read*
oh,and getiing back to the topic...it'd also be nifty if you learned a bit about programming..it'd teach you how programs'd work and such
-
May 27th, 2004, 09:16 PM
#7
Well,does the bloody glacier EVER end?not that I've seen*looks at all the stuff he has to read*
oh,and getiing back to the topic...it'd also be nifty if you learned a bit about programming..it'd teach you how programs'd work and such
Nope. It never ends. That's why security is always considered a "verb" rather than a noun. It is a process, not a thing. Even IT doesn't have an end when you consider all the different things you can do. That's why when someone says "Where do I start in security?", it's always a broad question. Narrow it down to specifics and people can help you out faster.
-
May 27th, 2004, 11:21 PM
#8
Ms. M: There are times when you are "priceless"....
Jason, you're starting at the snowflake of a huge glacier. Enjoy!
This time you exceeded yourself......
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
May 28th, 2004, 01:29 AM
#9
security is a lifestyle (way of life) not just a 9 - 5 job
-
May 28th, 2004, 01:34 AM
#10
Can you name the bank Only i would like to make sure i dont use it, till your upto speed
What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|