Security Basics mailing list archives
Re: learning ethical hacking
From: Jonathan Loh <kj6loh () yahoo com>
Date: Thu, 16 Sep 2004 16:41:48 -0700 (PDT)
here are a couple other free ones that have not been mentioned < a href="http://www.cerias.purdue.edu/news_and_events/">Cerias (Formerly Coast)</a> <a href="http://ciac.llnl.gov/ciac/index.html">CIAC</a> <a href="http://www.stokely.com/unix.sysadm.resources/security.html">Stokely Computing</a> While these may not teach you how to do security work they are invaluable to the security professional. They do show you another facet of security work which is incident response. There's a fine line between systems administrator and computer security personnel. --- "Marcos E. Rodriguez" <mrodrigu () agape-tech com> wrote:
My first recommendation for those looking to learn about information security is to not spend any money on materials yet. Why? I've read so many doggone "hacking" books, they're all starting to look the same to me. There are tons of free resources out there to explain and to teach information security to you. First, check out www.isecom.org, Home of the OSSTMM. I won't waste keystrokes on spelling out the entire acronym, but I will say that it's FREE. Let's not forget Uncle Sam! http://csrc.nist.gov is another wonderful site chocked full of government guidelines on performing security scans, hardening networks, cryptography, etc. Let's also not forget the NSA! Biggest security agency in the USA! They are the authority on information security. And they even have some great manuals on hardening systems. How much are the documents? Umm. FREE! Get them here: http://www.nsa.gov/snac/index.cfm?MenuID=scg10.3.1 They cover securing operating systems, routers, switches, servers, you name it. You can even download the Security Enhanced Linux from their site: http://www.nsa.gov/selinux/code/ If that's not enough information to keep you busy, you can look for hacking documents on P2P file sharing programs. There's a world of free resources. Use it before you break the bank buying the same book under different titles. I personally use the NIST & NSA guidelines when consulting to the government, and I use the OSSTMM and even sometimes the NIST guidelines for the private sector. I'll leave you with a couple more sites that are great for gaining security knowledge: www.infosyssec.com http://secinf.net/ Enjoy the information overload :o) The information provided freely from the sites above will make you one formidable security person. Check it out first before you purchase anything. Also be advised, ethical hackers don't just hack stuff. There is a lot of boredom and stress that goes with it, such as finely wording a contract for a client that protects you from harm, writing endless reports, sifting through 64MB word documents to eliminate the false positives generated by even the most popular vulnerability scanning software. A great actual book that I enjoyed for practical purposes is called "Hack I.T. Security Through Penetration Testing by T.J. Klevinsky & Ajay Gupta. It actually details a great bit of how the "ethical hacking" game really works and helps to avoid certain pitfalls. Hope this was useful; Marcos --------------------------------------------------------------------------- Computer Forensics Training at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse so that it never happens again. http://www.infosecinstitute.com/courses/computer_forensics_training.html ----------------------------------------------------------------------------
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com --------------------------------------------------------------------------- Computer Forensics Training at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse so that it never happens again. http://www.infosecinstitute.com/courses/computer_forensics_training.html ----------------------------------------------------------------------------
Current thread:
- Re: learning ethical hacking, (continued)
- Re: learning ethical hacking Kluge (Sep 16)
- Re: learning ethical hacking Shawn Duffy (Sep 16)
- RE: learning ethical hacking David Gillett (Sep 15)
- RE: learning ethical hacking Jonathan Loh (Sep 16)
- Re: learning ethical hacking Anirudhya Mitra (Sep 27)
- Re: learning ethical hacking Samir Kelekar (Sep 29)
- Re: learning ethical hacking Mike (Sep 15)
- Re: learning ethical hacking Times Enemy (Sep 16)
- Re: learning ethical hacking Marcos E. Rodriguez (Sep 16)
- Re: learning ethical hacking Jonathan Loh (Sep 17)
- RE: learning ethical hacking Louie (Sep 15)
- RE: learning ethical hacking xyberpix (Sep 15)