NEWBIE QUESTION

Discussion in 'other software & services' started by willid, Mar 4, 2007.

Thread Status:
Not open for further replies.
  1. willid

    willid Registered Member

    Joined:
    Mar 4, 2007
    Posts:
    2
    I am trying to get into IT Security and don't know where to start can anyone recommend any books or courses please.

    Thanks
     
  2. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
  3. Ice_Czar

    Ice_Czar Registered Member

    Joined:
    May 21, 2002
    Posts:
    696
    Location:
    Boulder Colorado
    helpful
    http://www.searchlores.org/tips.htm (your entering the labyrinth pretty near the entrance there)
    (also of interest probably at some point in your reversing studies also from fravia but now ghosted so bookmark or save it)

    mainstream programs
    http://www.sans.org/
    http://www.snort.org/training/

    Learning Projects (the sooner you start "for real" the sooner you start to get to the real questions)
    http://www.linklogger.com/vm_capture.htm
    http://tldp.org/HOWTO/Firewall-HOWTO.html
    http://www.snort.org/docs/
    http://ghh.sourceforge.net/ - http://www.honeynet.org/tools/index.html

    reference
    http://www.honeynet.org/papers/index.html

    "into security" is rather broad, my selections are more network defense
    building the perimeter, attack detection, attack diversion, with only a little capture project
    (firewall, IDS, Honeypot) basic and increasing familiarity with Linux is almost a given
     
    Last edited: Mar 4, 2007
  4. OldAlaska

    OldAlaska Registered Member

    Joined:
    Jan 12, 2007
    Posts:
    1
    Location:
    Central Alaska, second largest "city," Fairbanks,
    Hi folks. I am an old "newbie" of sorts, needing the same information generously given to the newby--I will use it--but additionally needing even more basic information. And, in any case, I just found that I am a "lurker," which dosen't fit me much--'tain't true, "tho' 'tis enjoyable some whiles."

    OK, on to the meat of my plea; only issues germaine to my need, mr. moderator, I hope, even though it may seem I wander from the path again. Quickly: I began with PC's in the early 80's, about Lotus 123 v1 time, or thereabouts, and was OK knowledge-wise 'till maybe 5-6-8 years ago, when management and GIS/graphics etc. absorbed most of my time, while the Win OS grew, applications proliferated, along with ugly malware. I operated in protected territory, with the system folks handling the security. I just had to produce GIS and-no small chore-help other users get what they wanted from the 'plotter'--read big HP printers, about an honest 600 dpi, 6 colors, 42 inches wide, 300 ft media rolls, strip-printed very well, uh, oh yes, mr. moderator. OK. Wandered a bit, just wanting to share a truism: the bigger the printer, more capable the printer, the bigger the hassle-user pain will be getting what he wants.

    Back to Now: after putting together a simple network (3-5 machines, all M$ Win, plus one on linux) I find that I have spent much of the last 3 weeks on security/privacy stuff, most of this time on M$ windows deeper, darker workings/complications/non-workings. Obviously there is a better way. So, what basic references are recommended for me to play catch-up? There are so many and my ignorance so vast my chances of choosing the 'right' few are slim. I have to add that I was/am a wildlife Biologist with most of my PC knowledge self-taught, with the 'holes' this engenders.

    And, last but perhaps most importantly, I have to add this:
    THere is, for me and it seems for many persons, an "ah hah!! That's what . . . ! " phenomenon that occurs when several different viewpoints are available for the same item/problem/etc. This, plus the different references in total being more than their sum--gestalt, if you prefer, how humans identify individual's faces, etc. So, in past years when I was the office "computer person," I obtained the three best independent 'how to' books I could find, in addition to the manuals furnished by the software company--who many times tended to down-play faults, problems, bugs, etc. And some still do. So, I am willing to spend fairly big $$ for M$ stuff, but please recommend other sources. Thanks for your help. Oh, and mr. moderator, I will revise this as needed--I do have experience--lots of experience.

    Best,

    harvey :D
     
  5. Ice_Czar

    Ice_Czar Registered Member

    Joined:
    May 21, 2002
    Posts:
    696
    Location:
    Boulder Colorado
    1. familiarization of "how" malware does what it does
    learn the attack vectors, the exploitable protocols\applications
    (historical of course) kinds of malware, social engineering

    2. learn the countering technologies and practices

    3. adopt them to your pattern (dont use IM? dont worry about IM exploits)

    4. maintain the information stream

    basics
    http://www.microsoft.com/technet/security/guidance/serversecurity/avdind_0.mspx

    "my" basic layers of defense

    OS hardening and native monitoring (security logs, templates, best practices)

    hardware hardening (NAT firewall, various firewall filtering)

    safe HEX practices (how you employ your computer, where you try to avoid, things you can do without like HTML and javascripts in email as a default, verifying download checksums, basic awareness of social exploits and behavior weaknesses)

    detection technologies, AV signature, heuristic detection, pattern matching

    rule based internal controls (rule based software firewall, HIPS, HOST files)
    in other words the ability to recognize the legitimate processes your running and legitimate traffic
    not that more advanced malware cant actually subvert them and wear em as sheep skins :p

    tripwire technologies (real time checksums of security aps, complex security logging that defies automated erasure)
    the ability to spot unusual requests, and log entries, largely based on malware attacking or subverting security applications

    security benchmarks ( a trail of installed changes, employing software like the Baseline security analyzer, rootkit detectors, startuplist\hijackthis, Install Watch) constant documentation of and verification of the code your trusting and keeping current with patches

    Virtualization of threat vectors (VMware\Sandboxie) IMO the most effective layer we currently have

    Bare metal restore strategy (dont defeat, just detect & repair ASAP)
    largely a partitioning strategy that seperates the OS from your data, involving forwarding shell objects (my docs ect) and ap data to a dedicated data partition with a seperate backup image of the bare OS install (updated of course as patched or with software changes) brings you back to a known secure state within the hour or less

    external verification (Dual boot cross scanning, safemode, USB or Live CD scanning)
    breaking infections and keeping stealth technologies from loading into memory

    breaking malware, by removing, or auditing (which is actually tripwire) system files it would call on to work
    based on the theory that the payload package cant bring everything it needs with it, and has to phone home to either get the rest or just report its findings

    the 3 advanced projects listed above, Snort IDS, Honeypot, and a "comparative" Malware Zoo
    the first an attempt to spot unusual traffic, the second an attempt to lure malicious behavior into a contained and isolated observation room, the third about the only real way to verify unknown code from an unknown pedigree

    develop security news sources
     
    Last edited: Mar 5, 2007
  6. willid

    willid Registered Member

    Joined:
    Mar 4, 2007
    Posts:
    2
    Thanks, I am interested in the defence of systems, building defences and understand the makeup of diffrent viruses.

    At the moment I am using ASP (Classic) for some simple websites but am going to move into .Net. I know this is maybe not the a good coding language to begin with.

    I am in the UK as well - which could limit things abit ?

    Cheers
    Willid
     
    Last edited: Mar 5, 2007
Loading...
Thread Status:
Not open for further replies.