IT Security

[Nottiboi]

Hi all,

I am new here. I would juz like to say hi to all!!!

I have a question? How do you guys know so much about IT Security? I am in IT Field too... but sad to say... i am juz an IT Asst. Engineer... I would like to build up my skills in Security... How shall I go by that??? I have no direction.......

Any Kind Brudders wanna show me some directions or led me to a sign board???



Thanks,
NB

[Shinobi]

How many years have you been working in IT?
Just wondering..
I have been a Computer Tech for more then 15 years,
A few years back I began to get more into computer security "type of mind" after finding a happy person probing for FTP Server(s) on my main computer.

The best way of learning, is research, and reading.


Sometimes it helps to find a hacker fourm, and just
"lurk" there and read, just to see what is going on, what exploits
and "toolz" that are being talked about and used.

Nmap for Linux and Windows, is a very awesome, free tool to check our secure your network is. Just don't try and use it against someone elses computer.. you don't want to get in to trouble.. ;-)

http://www.cert.org/ is a very cool place
if you look around the Cert.org web site, you can find current scanning activity thats going on thruout the web , plus new
exploits, in windows, linux/unix and other cool stuff.

You might want to load up a Linux Distro, there are a lot of security tools to use, like packett sniffers ect...

Oh yea...
Welcome to Speed Guide!

Shinobi

[greEd]

Research, learn about the history of hacking first ... study and read about people like "Captain Zap", "Dark Dante", and "Bill Landreth" to name a few.

Learn their methods and study how they were able to do what they did.

Set up a lab and beat up on your systems.

Read anything you can get your hands on about Information Security, anything. As Shinobi said "The best way of learning, is research, and reading."

Be careful not to corrupt yourself along the way ... it's tempting. Little piece of advice: don't get drunk and sit down at your computer at 2:00 a.m. pissed off.

[Nottiboi]

Thanks all fellow brethren of the IT Guild.....

So any good website to intro to read up...???

By the way... who is captain Zap and Dark Dante.......
Where to read them up????

[greEd]

Originally posted by Nottiboi
By the way... who is captain Zap and Dark Dante.......
Where to read them up????

Captain Zap - http://www.google.com/search?hl=en&lr=& ... phy+hacker

Dark Dante - http://www.google.com/search?hl=en&ie=U ... son+hacker

[Stu]

You might also try the newsgroups, both ones on security and ones on bugs (like bugtraq). Also, if you can get to Pittsburg, PA for a week or two, Carnegie Mellon University (the folks who run CERT.org) offer security seminars at various times throughout the year--they cost money, but you can usually get your employer to pick up the tab if you try hard enough.

Another thing that can help, is joining a SIG (Special Interest Group), the ACM has a group for just about any computing topic available. The Special Interest Group on Security, Audit and Control (SIGSAC) is the one they have on security. The nice thing about these groups (I belong to three myself) is that every one to three months you get a "book" sent to your house that has all the latest research papers that were released since the last one you got. It costs money to join, but it's a nice addition to the resume!

You can also go the book route. There are more books on computer/information security now then ever before. This is both a good and a bad thing (some of the security books out there are just thrown together and aren't very good at all). I tend to stick with books published by Prentice Hall, Addison Wesley, and Wiley. Their books are more "academic", but they tend explain the topic fully--unlike O'Reilly and Sams books, which have you "dive right in" without a full understanding of what you are doing.

By the way, since you are in the IT field, all this stuff is a direct tax write off. So, in the end, it costs you nothing!

[Nottiboi]

Thanks all once again....

I better Intro myself better here... ke ke ke

I am 24 yr old kid who stay in the Lion City!!!

Maybe you can intro abit of yourself here as you leave me a piece of map to direct me to my destination.....


As the saying goes.... Dun juz give that man a fish..... Teach him how to fish....








"Singapore: Lion City"

[denolth2]

Thinking about putting mandrake 9.1 on a spare machine...yeah, haven't been around for a while...been laid off, back to work, then laid off again...so.... :P

anybody have a quick checklist info on what to lock down, what firewalls/antivirus/spyware apps available for linux/mandrake?

den2 :O

[greEd]

Originally posted by denolth2
Thinking about putting mandrake 9.1 on a spare machine...yeah, haven't been around for a while...been laid off, back to work, then laid off again...so.... :P

anybody have a quick checklist info on what to lock down, what firewalls/antivirus/spyware apps available for linux/mandrake?

den2 :O

iptables for firewall
antivi ... not a big problem because of permissions builtin to the kernel

master7 has a nice set of links built up in the software forum:
https://www.speedguide.net/forums/ ... adid=64454

regards,
greEd