Security Basics mailing list archives
RE: Security Evaluation Project
From: "Clayton T. Dillard" <cdillard () securespeed cc>
Date: Thu, 5 Feb 2004 11:12:05 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Donald, Might I suggest that you leave your fears behind and rely on your education to guide you through the often tricky world of information security and assurance - auditing, VA, Pen-testing, etc. It seems like you need to get your hands on a platform that will allow you to use and learn about security tools. Speaking personally, this is the best way to learn (on a test network of course). A good all around tool that should help you understand many of the popular exploits and security tools available today can be found in Knoppix-STD. STD is the Security Tools Distribution of the popular Knoppix "live-cd". Once you download Knoppix-STD, read as much as you can about the included tools, find a test network that you have permission to use and then begin using the tools on target systems. This is your best bet for learning quickly, IMHO. Good luck on your project and thank you sincerely for serving in law enforcement! Best Regards, Clayton T. Dillard, GSEC MCP Chief Executive Officer SECURESPEED, LLC http://www.securespeed.cc "Information Assurance & Security" - -----Original Message----- From: Donald Gerkin [mailto:dgerki1 () towson edu] Sent: Tuesday, February 03, 2004 12:14 PM To: security-basics () securityfocus com Subject: Security Evaluation Project Greetings to all: I've been an avid reader of the list for quite sometime now, and I am continually impressed by the level of expertise and willingness to help. It is now my turn to ask the masses for their opinions and insight. In a nutshell: I am in my last semester in an Applied Information Technology program (A MS degree). My concentration is Information Security and Assurance. I am a detective for the Baltimore (MD) police department. I have a fairly decent background as it relates to engineering and technology. My biggest issue is that my graduate program isn't very "hands-on." The theory I have learned is great, and I truly believe I am 1000 times the security practitioner I ever was, but it is in theory. Sit me in front of a unix or linux system and I would give you my best dumb look and blank stare. So the hands-on, nitty gritty dirty experience is what I sorely lack. I am faithful that it will come in time. For my project, I chose to perform a security audit of the Baltimore Police Department's network security and information infrastructure. It transcends nicely away from the traditional for-profit corporation eveluations and even has that catchy "homeland security" considerations. Part of the project will involve physical security evaluations and recommendations, policy evaluation, and studying past failures. So far, so good for me. I also want to get involved with a moderate amount of pen testing, and possible "war-driving" in the traditonal sense to evaluate the network, and wireless systems respectively. Not so good for me here... Again, in theory I can do it all day, but I am sorely lacking in experience. So.... what is is that I ask? Advice, links to resources, and even war stories from those who may have done this before, regardless of the forum. Any help from an email with a ton of links and resources to one telling me I am completely out of my mind are truly welcomed! Pardon the long e-mail, and feel free to contact me off list! Rick, I know you're still lurking out there in this list, so I fully expect an e-mail from you nagging me about going to linux! Thanks to all and regards, Donald Gerkin dgerki1 () towson edu - ---------------------------------------------------------------------- - ----- Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course! - ---------------------------------------------------------------------- - ------ -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.2 iQA/AwUBQCJrVIFuGAwX2rmNEQI/kgCg2vP8W2FKLbMVDxvrnuVv1lyOTWQAn3Lq tXtog1vOdpP89Iusm0NOvfML =BLct -----END PGP SIGNATURE----- --------------------------------------------------------------------------- Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course! ----------------------------------------------------------------------------
Current thread:
- Security Evaluation Project Donald Gerkin (Feb 03)
- RE: Security Evaluation Project Clayton T. Dillard (Feb 06)
- <Possible follow-ups>
- RE: Security Evaluation Project J. Yoon (Feb 04)
- 'hiding' internal IP addresses Meritt James (Feb 05)
- RE: Security Evaluation Project Shawn Jackson (Feb 12)