NEWBIE QUESTION

I am trying to get into IT Security and don't know where to start can anyone recommend any books or courses please.

Thanks

 

You need knowledge of:
- coding in low-level languages.
- networking.
- IDS.
- reverse engineering.
- Windows architecture and APIs.
- etc.
Some reading material:
- IDS whitepapers
- The Art of Computer Virus Research and Defense (Symantec Press) (Paperback) by Peter Szor
- Sockets, Shellcode, Porting, & Coding: Reverse Engineering Exploits and Tool Coding for Security Professionals [ILLUSTRATED] (Paperback) by James C Foster
- Rootkits: Subverting the Windows Kernel (Addison-Wesley Software Security Series) (Paperback) by Greg Hoglund (Author), Jamie Butler (Author)
- Reversing: Secrets of Reverse Engineering (Paperback) by Eldad Eilam
- Microsoft Windows Internals, Fourth Edition: Microsoft Windows Server(TM) 2003, Windows XP, and Windows 2000 (Pro-Developer) (Hardcover) by Mark E. Russinovich (Author), David A. Solomon (Author)
- The book which is being written by Michael St. Neitzel and Peter Ferrie

 

helpful
http://www.searchlores.org/tips.htm (your entering the labyrinth pretty near the entrance there)
(also of interest probably at some point in your reversing studies also from fravia but now ghosted so bookmark or save it)

mainstream programs
http://www.sans.org/
http://www.snort.org/training/

Learning Projects (the sooner you start "for real" the sooner you start to get to the real questions)
http://www.linklogger.com/vm_capture.htm
http://tldp.org/HOWTO/Firewall-HOWTO.html
http://www.snort.org/docs/
http://ghh.sourceforge.net/ - http://www.honeynet.org/tools/index.html

reference
http://www.honeynet.org/papers/index.html

"into security" is rather broad, my selections are more network defense
building the perimeter, attack detection, attack diversion, with only a little capture project
(firewall, IDS, Honeypot) basic and increasing familiarity with Linux is almost a given

 

Hi folks. I am an old "newbie" of sorts, needing the same information generously given to the newby--I will use it--but additionally needing even more basic information. And, in any case, I just found that I am a "lurker," which dosen't fit me much--'tain't true, "tho' 'tis enjoyable some whiles."

OK, on to the meat of my plea; only issues germaine to my need, mr. moderator, I hope, even though it may seem I wander from the path again. Quickly: I began with PC's in the early 80's, about Lotus 123 v1 time, or thereabouts, and was OK knowledge-wise 'till maybe 5-6-8 years ago, when management and GIS/graphics etc. absorbed most of my time, while the Win OS grew, applications proliferated, along with ugly malware. I operated in protected territory, with the system folks handling the security. I just had to produce GIS and-no small chore-help other users get what they wanted from the 'plotter'--read big HP printers, about an honest 600 dpi, 6 colors, 42 inches wide, 300 ft media rolls, strip-printed very well, uh, oh yes, mr. moderator. OK. Wandered a bit, just wanting to share a truism: the bigger the printer, more capable the printer, the bigger the hassle-user pain will be getting what he wants.

Back to Now: after putting together a simple network (3-5 machines, all M$ Win, plus one on linux) I find that I have spent much of the last 3 weeks on security/privacy stuff, most of this time on M$ windows deeper, darker workings/complications/non-workings. Obviously there is a better way. So, what basic references are recommended for me to play catch-up? There are so many and my ignorance so vast my chances of choosing the 'right' few are slim. I have to add that I was/am a wildlife Biologist with most of my PC knowledge self-taught, with the 'holes' this engenders.

And, last but perhaps most importantly, I have to add this:
THere is, for me and it seems for many persons, an "ah hah!! That's what . . . ! " phenomenon that occurs when several different viewpoints are available for the same item/problem/etc. This, plus the different references in total being more than their sum--gestalt, if you prefer, how humans identify individual's faces, etc. So, in past years when I was the office "computer person," I obtained the three best independent 'how to' books I could find, in addition to the manuals furnished by the software company--who many times tended to down-play faults, problems, bugs, etc. And some still do. So, I am willing to spend fairly big $$ for M$ stuff, but please recommend other sources. Thanks for your help. Oh, and mr. moderator, I will revise this as needed--I do have experience--lots of experience.

Best,

harvey

 

1. familiarization of "how" malware does what it does
learn the attack vectors, the exploitable protocols\applications
(historical of course) kinds of malware, social engineering

2. learn the countering technologies and practices

3. adopt them to your pattern (dont use IM? dont worry about IM exploits)

4. maintain the information stream

basics
http://www.microsoft.com/technet/security/guidance/serversecurity/avdind_0.mspx

"my" basic layers of defense

OS hardening and native monitoring (security logs, templates, best practices)

hardware hardening (NAT firewall, various firewall filtering)

safe HEX practices (how you employ your computer, where you try to avoid, things you can do without like HTML and javascripts in email as a default, verifying download checksums, basic awareness of social exploits and behavior weaknesses)

detection technologies, AV signature, heuristic detection, pattern matching

rule based internal controls (rule based software firewall, HIPS, HOST files)
in other words the ability to recognize the legitimate processes your running and legitimate traffic
not that more advanced malware cant actually subvert them and wear em as sheep skins

tripwire technologies (real time checksums of security aps, complex security logging that defies automated erasure)
the ability to spot unusual requests, and log entries, largely based on malware attacking or subverting security applications

security benchmarks ( a trail of installed changes, employing software like the Baseline security analyzer, rootkit detectors, startuplist\hijackthis, Install Watch) constant documentation of and verification of the code your trusting and keeping current with patches

Virtualization of threat vectors (VMware\Sandboxie) IMO the most effective layer we currently have

Bare metal restore strategy (dont defeat, just detect & repair ASAP)
largely a partitioning strategy that seperates the OS from your data, involving forwarding shell objects (my docs ect) and ap data to a dedicated data partition with a seperate backup image of the bare OS install (updated of course as patched or with software changes) brings you back to a known secure state within the hour or less

external verification (Dual boot cross scanning, safemode, USB or Live CD scanning)
breaking infections and keeping stealth technologies from loading into memory

breaking malware, by removing, or auditing (which is actually tripwire) system files it would call on to work
based on the theory that the payload package cant bring everything it needs with it, and has to phone home to either get the rest or just report its findings

the 3 advanced projects listed above, Snort IDS, Honeypot, and a "comparative" Malware Zoo
the first an attempt to spot unusual traffic, the second an attempt to lure malicious behavior into a contained and isolated observation room, the third about the only real way to verify unknown code from an unknown pedigree

develop security news sources

 

Thanks, I am interested in the defence of systems, building defences and understand the makeup of diffrent viruses.

At the moment I am using ASP (Classic) for some simple websites but am going to move into .Net. I know this is maybe not the a good coding language to begin with.

I am in the UK as well - which could limit things abit ?

Cheers
Willid