Penetration Testing mailing list archives
RE: New to INformation Security World Please give your expert advicein this matter
From: "Paul Melson" <pmelson () gmail com>
Date: Thu, 9 Feb 2006 16:59:13 -0500
-----Original Message----- Subject: New to INformation Security World Please give your expert advicein this matter
Hi everyone, I am a newbie in the world of information security. I have
received my MS in
Information systems security but have sort of limited knowledge about the
practical world. I
would appreciate it if someone can give me some advice on where to start
as far as practical
knowledge goes on personal level like in a home-lab environment, what
would I need and where
should I start, should I work with Windows cuz that's what I know mostly
but I would really
want to get some experience with linux and unix what sort of tools should
I use that are
freely available. And what kind of home lab should I setup I can have up
to about 4 to 5
machines what would be the ideal ideal and ideal setup for someone who has
no clue about
unix and linux. Please advice
An MS (which presumably stands for Master of Science) in information security, and you're still asking about what technical skills to learn? Can you say 'diploma mill?' Anyway, what you should learn depends on what you want to do. If you want to perform penetration tests, then you should probably start with a live CD like Whax (or whatever they're calling it now) and learn to use NMap and Nessus. If you want to learn firewalls, be advised that neither ISA Server nor iptables garners a whole ton of respect as a marketable skill on its own. If you want to learn IDS, I recommend Snort. And, of course, if you want to make a lot of money in "infosec" while doing very little actual work, I recommend you skip the technical stuff and go straight into audit compliance consulting. GLB, HIPAA, and SOX are making people rich. Or so I hear. :-) PaulM ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- New to INformation Security World Please give your expert advicein this matter Aamir Niazi (Feb 09)
- Re: New to INformation Security World Please give your expert advicein this matter Leif Ericksen (Feb 09)
- RE: New to INformation Security World Please give your expert advicein this matter Paul Melson (Feb 09)
- Re: New to INformation Security World Please give your expert advicein this matter Ryan Cummings (Feb 09)