Re: OS to know.

[Kurt <kryptology () gmail com>]

The bottom line is that the majority of  *auditing tools* are written
for a *nix platform, primarily Linux, and Red Hat/Fedora and SUSE
taking the lion's share of the distros. As such, it is important to
understand how to use *nix systems, AND develop C/C++ code on them, as
well as some familiarity with shell scripts and a language like Perl
or Python. I suggest starting with Red Hat/Fedora Linux and then if
you have time, look at a BSD like FreeBSD.  This will help you
familiarize yourself with the *nix utilities, environment, layout, and
capabilities. I happened to start on Solaris in college, and then I
worked on FreeBSD and Linux at home.

As far as what systems you will be most likely to *administer* in the
private sector, this is going to be Microsoft Windows of various
flavors, and possibly Cisco or Juniper devices if you are going to
work on things other than network endpoints.  If you are truly
dedicated, it is worth it to buy an old Cisco router and/or managed
switch to get a feel for IOS.

While the security world is run by a bunch of *nix geeks, the
corporate world you are most likely to deal with is MS - they own the
market.  You will be trying to figure out how to keep LANs as secure
as possible when your corporation demands that every Windows service
under the sun be turned on.  You may have to support and secure NT4,
even when MS doesn't.  You will have to know MS Active Directory,
Exchange, etc...  That will be your day to day reality and nightmare
if market share is a predictor of the environment you are likely to
audit and administer someday.

Being a Windows expert is definitely a good idea.  There are lots of
Windows machines out there, and we all know they can use the help.




> > > -----Original Message-----
> > > From: John Williams [mailto:ibmros () hotmail com]
> > > Sent: Wednesday, October 12, 2005 1:42 AM
> > > To: security-basics () securityfocus com
> > > Subject: OS to know.
> > >
> > > I am a graduate student at George Mason University obtaining
> > > my MS in Information Security and Assurance. What operating
> > > system is used more for security administration in the
> > > private sector versus the government sector?
> > > Pretty much I would like to know what operating system I
> > > should focus on if I wanted to pursue a government career in
> > > security or if I wanted to purse a career in the private
> > > sector. Thanks.
> > >
> > >
> > > Mark Jacobs
> > >
> > > _________________________________________________________________
> > > On the road to retirement? Check out MSN Life Events for
> > > advice on how to get there!
> > > http://lifeevents.msn.com/category.aspx?cid=Retirement