Security Lab (was Security+)

From: Brandon Buckley (b-buckley@attbi.com)
Date: 01/24/03

  • Next message: Arjun Pednekar: "Re: Searching a commercial version of Dumpsec"
    From: "Brandon Buckley" <b-buckley@attbi.com>
    To: <security-basics@securityfocus.com>
    Date: Thu, 23 Jan 2003 19:35:23 -0600
    
    

    Just wondering what others are doing to expand their security knowledge?
    I'm interested to hear what others are doing with some sort of test network
    or lab. What kinds of interesting or out of the ordinary things have you
    tried? I'm looking for something more than the setting up of firewalls and
    IDS's, published exploits, etc.) Any specific labs or scenarios that you've
    come up with or come across?

    ----- Original Message -----
    From: "Nick Shapley" <nick.shapley@ntlworld.com>
    To: <security-basics@securityfocus.com>
    Sent: Wednesday, January 22, 2003 4:52 AM
    Subject: Re: Security+

    > Jack made some very good points. I'm just coming to the end of my degree,
    > along with a year and half of NT/2000 based support.
    > Computer security facinates me and it's where I want to go, I'm planning
    to
    > do my security+ in the next few months but in this career it seems you do
    > need to get your foot in the door.
    > I've had my own home network for a few years now, but setup a separte
    > network with bog standard machines to test and play around with the
    various
    > toys.
    > Reading is the key, Amazon have some fantastic books that you need to
    read,
    > if you want a list of recommended ones from someone new on the learning
    > curve then let me know.
    > Hacking into someone elses system is illlegal but penetration testing
    yours
    > isn't, you need to know how they do i so you are one step ahead of them
    (or
    > more) at all times.
    > As well as strong programming you want to know Linux (as its free) inside
    > out, there's alot of theory with security but like alot of things you need
    > hands on experience with it, even if its playing around at home, you're
    > learning!.
    >
    > Does anyone think of chat rooms as a source of knowledge?
    >
    > Nick
    >
    > ----- Original Message -----
    > From: "Shaw, Kevin" <kevin.shaw@mail.va.gov>
    > To: <security-basics@securityfocus.com>
    > Sent: Thursday, January 09, 2003 4:59 AM
    > Subject: RE: Security+
    >
    >
    > > {long post warning}
    > >
    > > Mr. McCarthy, as well as the other responders, are very much right on
    the
    > > money here. If you have little to no experience you have to *get* that
    > > experience. However; don't do anything illegal in that process! Nobody
    > > takes kindly to having hacker tools running on their network. Anything
    > you
    > > experiment with or test should not be connected to the outside world in
    > any
    > > way - it's just safer to keep from accidentally releasing a trojan or
    > doing
    > > something that will have your cable or DSL company kill your account
    than
    > to
    > > use one of the machines you are working this stuff on have 'net access.
    > > Keep in mind that you have a fine line to look at; and it's easy to ruin
    > > your chances at a good legitimate job or a government clearance by even
    > > 'hinting' at any wrongdoing. I'm not saying you plan on it but I just
    > felt
    > > I should put my feelings on this here.
    > >
    > > I have a couple years' experience "brushing" upon security topics as I
    > have
    > > done a lot of installations and troubleshooting in my brief eight years
    in
    > > IT. That means *nothing* - the folks that hired me where I am now could
    > > care less what four-letter designations I already had; they wanted to
    know
    > > what I could learn and do and if I'd sit still for 12 hours watching a
    > > monitor. You know about this business - it's not as easy at it looks on
    > > paper. I just recently landed and entry-level network security position
    > and
    > > am taking as much advantage as I can of the certified and highly
    > experienced
    > > security professionals on this team to learn what I can from them; and
    to
    > > apply things to my personal lab at home - which was 'retooled' from a
    web
    > > applications QA testing environment to a security environment. I'm
    > working
    > > a while and waiting to see how the security certification market matures
    > > over the next year or two before even dreaming of taking any exams; and
    > I'll
    > > probably take them in a low-to-high-level progression with the Security+
    > or
    > > SSCP designation first; then make sure I have the real world time in to
    > > attempt anything else. You can take my story as an example or leave it;
    > but
    > > the old maxim: "Each one teach one" has proven oh-so-true in this field.
    > >
    > > I get the impression Security+ is geared towards system or network
    admins
    > > that need to add some security experience to their broad base of skills;
    > > while the SSCP/CISSP tracks are an administrative/management focus. A
    lot
    > > of the managers and experienced network engineers here swear by the GIAC
    > > tracks but immediately warn you they are *tough* - with essays and
    > > practicals and grueling exams. I've read a couple of the books from
    SANS
    > > since I started this job and they are very very good but make you
    *think*.
    > > Your mileage may vary. Take the time to decide what you really want and
    > > please do yourself and the rest of us a favor by getting good at what
    you
    > > want to do so we all have respected certifications and a future in this
    > > business. There are bound to be plenty of opportunities in the near
    > future
    > > for all levels of competence in the security area.
    > >
    > > {The preceding message is my impression and opinion, and mine alone. I
    am
    > > not a manager [here though I have managed a help desk in the past] and
    > make
    > > no policy or other 'quotable' statements direct or implied.]
    > >
    > > -----Original Message-----
    > > From: Jack McCarthy
    > > Sent: Monday, January 06, 2003 1:32 PM
    > > To: security-basics@securityfocus.com
    > > Subject: RE: Security+
    > >
    > >
    > > I'm in a similar situation. I'm not a pro by a long shot, but here are
    > some
    > > things that have
    > > helped me...at least get a better handle on 'some' of the concepts. I'm
    > > still a long way off from
    > > being a security professional...
    > >
    > > Build a home network (or some sort of test network) and include the
    > > following:
    > > -A broadband connection. DSL or Cable. If you can afford it, have two
    > > separate connections - two
    > > modems. Keep one network connected as a regular connection so you can
    > check
    > > email and online
    > > documents (technical docs and PDFs) and the other modem connected to
    your
    > > test network. This way
    > > when you are trying to get (in my case) your UNIX-like firewall/router
    > > working and tying up one
    > > network, you still have the other network to access the Internet and
    look
    > up
    > > online documentation
    > > and check email. Instead of switching back and forth every time you
    need
    > to
    > > check email.
    > >
    > > Have the following equipment:
    > > -UNIX or a UNIX-like box. e.g. OpenBSD.
    > > -Linux box. Your pick.
    > > -NT/2000 boxes.
    > > -Hubs/switches.
    > >
    > >
    > > -Build your own firewall/router. UNIX or Linux. If you can get your
    hands
    > on
    > > a Firewall-1, even
    > > better.
    > > -Build your own IDS. Snort is free.
    > > -Learn how to use Nmap.
    > > -http://project.honeynet.org/ and read all submissions of 'Scan of the
    > > Month'.
    > > -You have to learn programming! Being able to read code (a.k.a.
    exploits)
    > > is an absolute MUST!
    > > I'm studding C programming now.
    > >
    > > -Read all the security news, articles, mailing lists that you possibly
    > can.
    > > -Go to securityfocus.com and get on all of their mailing lists.
    > (Obviously
    > > you've already been
    > > there).
    > > -Read, read, read...
    > >
    > > Anyone feel free to expand on this? Improve or rebut my
    ideas/strategies?
    > >
    > > I'd be interested to hear what other people are doing to gain more
    > > knowledge/experience.
    > >
    > >
    > >
    > > -Jack
    > >
    > >
    > >
    > >
    > >
    > >
    > >
    > > --- Mike Heitz <mikeheitz@upshotmail.com> wrote:
    > > > I'm new to Security (just had it heaped on me after my last
    performance
    > > > review) and am interested in some Certs. I've heard mention of the
    CISSP
    > > > before, and have seen articles on the Security+. I have really no
    > > > programming background and have limited access to funds for training,
    > > > etc... most of my training is through ordering a book from Amazon or
    > > > something and trying the stuff out.
    > > >
    > > > So my question is, am I going to be way over my head looking into
    these
    > > > certs? I have been an admin for Novell for 5 years, and have spent the
    > > > last 3 years in an NT/2000 environment. I want to learn as much as
    > > > possible, but really don't like using things like Transcender just to
    > > > pass a test. I want to "KNOW" what I am doing. :)
    > > >
    > > > Any advice????
    > > >
    > > > mike heitz ** sr it manager ** UPSHOT
    > > > 312-943-0900 x5190
    > > >
    > > > -----Original Message-----
    > > > From: Kriss Warner [mailto:kriss@cyberdinecorp.com]
    > > > Sent: Sunday, January 05, 2003 1:45 PM
    > > > To: simont@lantic.net; 'Security-Basics'
    > > > Subject: RE: Security+
    > > >
    > > > Hey Simon: I have been doing security work for the last couple of
    years
    > > > (Intrusion Detect, Policy compliance etc.) I did some investigation
    into
    > > > the various Cert's and basically found that most people are looking
    for
    > > > CISSP. I wanted to get one Cert this year and it going to be CISSP.
    I
    > > > understand that the other cert's are well respected. The final
    decision
    > > > should be based upon how the Cert will help in your career path.
    > > >
    > > > Hope that helps.
    > > >
    > > > Regards,
    > > > Christopher (Kriss) Warner
    > > > CYBERDINE
    > > > Kriss@cyberdinecorp.com
    > > > Phone: 905.576.5931
    > > > Fax: 905.571.6562
    > > > Cell: 416.402.9838
    > > > www.cyberdinecorp.com
    > > >
    > > >
    > > > -----Original Message-----
    > > > From: Simon Taplin [mailto:simont@lantic.net]
    > > > Sent: Saturday, January 04, 2003 3:29 PM
    > > > To: Security-Basics
    > > > Subject: Security+
    > > >
    > > > Has anybody done/looked at CompTIA's Security+ cert.
    > > >
    > > > Is it a good cert to get because I eventually want to get into
    security
    > > > but
    > > > at the moment I don't have the experience/cash to do the SANS or CISSP
    > > > courses (plus the fact that SANS is offered in South Africa)
    > > >
    > > > Simon
    > > >
    > > >
    > > > Quote of the day:
    > > > Systems Administration is the kind of job that nobody notices if
    you're
    > > > doing it well. People only take notice of their systems when they're
    not
    > > > working.
    > > > ---
    > > >
    > > > This email has been scanned by AVG Anti-Virus
    > > > Checked by AVG anti-virus system (http://www.grisoft.com).
    > > > Version: 6.0.435 / Virus Database: 244 - Release Date: 2002/12/30
    > > >
    > > >
    > > >
    > > >
    > > >
    >
    >