Security Basics mailing list archives
Re: How to get into Penetration testing?
From: Mitch Pope <MPope () gwail com au>
Date: Fri, 16 Jun 2006 09:59:11 +1000
Systems and Network security is a very specific specialisation within our industry and most security experts have had quite an extensive career through the ranks of systems/network administration and into systems/network engineering. You cant just read a book and then do a 3 day CEH course and expect to begin working as a security expert. Most of these consultants are expected to analyse every aspect of the clients network and systems which involves an extremely high understanding of networking, routing and protocols, firewalling, operating systems (not just server operating systems but router and firewall operating systems such as Cisco IOS). Remembering that any open port with a service running on it has the risk of being used to exploit the server, that could be a web server running apache, mail server running Postfix/Cyrus, SSH server, Bind DNS server and the list goes well on. Exploits exist for all the services I just mentioned that allow the hacker to gain root or administrative privileges on the server. Part of the specialisation is being on the frontline and when a vulnerability is found and patches are released knowing about those vulnerabilities and knowing how to apply those patches on any operating system or service that might be running within a clients infrastructure. My advice for you is aim for a systems administrator position and build your knowledge of operating systems, networking and scripting. Maybe do a few respectable industry certifications such as MCSE, CCNA and RHCE. Kind Regards, Mitch Pope
Hi Guys, Apologies if this has been asked before (and if this is posted in the wrong thread) but I am seeking advice on how to get into a career in
Pen.
testing and IT security. I am based in the UK and have been a Java developer for the last 2.5 years after leaving university. However security is where my interest lies and I would like to get into this sector. My question is how? I have looked at many job adverts for pen. testers however they all require people with 1 years+ experience in the field. Should I pursue a certification such as the CEH first? Or are there
other
ways? Your advice and suggestions would be greatly appreciated. Thanks Rahul
********************************************************************** This email message is intended for the named recipient(s) only. Please advise GWA if you have received this email message in error and delete all copies. This email message may contain information which represents the views of the sender and not necessarily those of GWA and/or subsidiary companies. Virus protection is in place at GWA however liability for viruses or similar in any attachment remains the responsibility of the recipient. If you are the intended recipient of this email message you should not copy, disclose or distribute this email message without the authority of GWA. GWA cannot guarantee this email message has not been intercepted or interfered with as it traverses the Internet. Internet email messages sent to GWA are not private communications and may be viewed by GWA at any time to ensure compliance with the GWA Electronic Communications Policy available at http://policy.gwail.com.au. Please be familiar with this policy if you intend sending email to GWA or Subsidiary companies. **********************************************************************
Current thread:
- How to get into Penetration testing? rahul . joshi2 (Jun 12)
- RE: How to get into Penetration testing? Mr.Hartmann (Jun 13)
- Re: How to get into Penetration testing? Michal Merta (Jun 13)
- Re: How to get into Penetration testing? Erin Carroll (Jun 13)
- Message not available
- Re: How to get into Penetration testing? Erin Carroll (Jun 14)
- Re: How to get into Penetration testing? Erin Carroll (Jun 13)
- Re: How to get into Penetration testing? Sven Édouard (Jun 15)
- Re: How to get into Penetration testing? Edmund (Jun 22)
- Re: How to get into Penetration testing? Alice Bryson (Jun 26)
- <Possible follow-ups>
- Re: How to get into Penetration testing? port-scan (Jun 13)
- RE: How to get into Penetration testing? Tony (Jun 20)
- Re: How to get into Penetration testing? Mitch Pope (Jun 16)
- Re: Re: How to get into Penetration testing? tom_helge_skari (Jun 20)
- Re: Re: Re: How to get into Penetration testing? cidsauer (Jun 21)
- Re: RE: How to get into Penetration testing? ilya . burdman (Jun 21)