Announcement

Collapse
No announcement yet.

How to get into security and stuff.

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • How to get into security and stuff.

    Hey all,
    I'm new, Hi! The question I am seeking an answer for is "How do I get into security and all?" I know I need to be more specific, so I will. I am most interested in network security. Mainly firewalls and backbones.

    I have a decent background I would like to think (me being only 19). I completed the CCNA course last year, but didn't go for my cert. I got a cert for completing it though and did well in the class.....very well, A or B average. I currently work for a local liberal arts college doing tech support and hardware repair (virus removal and data recovery).

    Anyways....what types of things should I read and what should I play with; as in hardware? I don't have any cisco toys right now, but I do have a few switches, the best on being a 24 port bay networks managable switch (fun stuff). I have a few servers at home also on a broadband connection (FreeBSD 5.1).

    TIA

  • #2
    1) Go to a university where there are tons of high end toys you can play with, like at my school: http://cisac.math.ucalgary.ca/acl.html. And hey! You can hang out with these guys: http://cisac.math.ucalgary.ca/gallery/cisac.jpg.
    2) Get off your ass and research. Using google doesn't count, but it's a start. *cough*library*cough*
    3) Lose the mentality that people will come up to you and serve you everything you need to get into 'security and stuff' on a nice silver platter.
    Last edited by phobal; April 20, 2004, 13:45.

    Comment


    • #3
      You're 19.. Perfect age. You want to get into computer security and get a nice paying job for a defense contractor?

      Join the Military. Go in and learn some skills. But more then that, get a security clearence.

      Comment


      • #4
        Originally posted by phobal
        1) Go to a university where there are tons of high end toys you can play with, like at my school: http://cisac.math.ucalgary.ca/acl.html. And hey! You can hang out with these guys: http://cisac.math.ucalgary.ca/gallery/cisac.jpg.
        And *complete* your Degree course. I can't stress this enough; employers are not keen on dropouts. Anyone who tells you otherwise is talking out their ass.

        2) Get off your ass and research. Using google doesn't count, but it's a start. *cough*library*cough*

        3) Lose the mentality that people will come up to you and serve you everything you need to get into 'security and stuff' on a nice silver platter.
        Dude, chill out. He solicited opinion as opposed to asking to be spoonfed, and the one thing Google is really shitty at is giving advice based on real-world experience.

        Getting back to the original questions:

        I am most interested in network security. Mainly firewalls and backbones.
        I'd recommend a college that offers networking as part of its CS programme, as well as a job or internship outside of the school environment that lets you work with networking technologies.

        For backbone-level work, you absolutely will require certification as well as an understanding of things like frame relay, ATM, SONET, etc. The data arm of a major telco would be a good place to learn these things, but competition to get in is pretty fierce.

        I have a decent background I would like to think (me being only 19). I completed the CCNA course last year, but didn't go for my cert. I got a cert for completing it though and did well in the class.....very well, A or B average.
        Doesn't matter if you don't have the CCNA, though, because there's no visible proof of your abilities. About the completion certificate that you got - here's a little secret: everyone who manages to attend the majority of the course gets one of those. Hell, I have at least a half-dozen of them floating around for various things and just picked up another one for Secure IDS last week. Without completing and passing the test, you have nothing of any value. Not to sound harsh about it, but better you know up front the value of what you currently have than find out later.

        I currently work for a local liberal arts college doing tech support and hardware repair (virus removal and data recovery).
        Any community colleges you can get involved with for the networking programmes they offer? I did a fairly decent one a couple of years back; $70 for the course, which gave me (IIRC) 4 college credits should I choose to exercise them.

        Anyways....what types of things should I read and what should I play with; as in hardware?
        Get a solid understanding of TCP/IP, both from a packet construction and switching and routing point of view. My advice would be to learn Cisco's routing, switching, and firewalling platforms and know how to manage and configure them - Cisco is the behemoth of the IP network infrastructure industry, and you're pretty much guaranteed to not go hungry right now if you know their devices. For backbone-level stuff, you will almost certainly need time at a telco or Tier 1 (maybe Tier 2) colocation or bandwidth provider to learn it properly.

        I don't have any cisco toys right now, but I do have a few switches, the best on being a 24 port bay networks managable switch (fun stuff).
        From the standpoint of learning the basics of switching, the Bay will be useful. However, for other things like VLANs and MSFCs (both widely-used in enterprise environments), Cisco is the way to go. Remember also that without things like routers, you can't play with stuff like BGP or OSPF - and running an infrastructure homogenous to one manufacturer is a lot easier than a mixed one (believe me, I know because we do it here) particularly from a management and interoperability standpoint. Things like CDP don't exist on Bay switches, for example.

        I have a few servers at home also on a broadband connection (FreeBSD 5.1).
        fBSD is a nice platform to learn some of the basics of firewalling on. Again, my recommendation would be for dedicated appliances (think Pix) that'll get you on hardware that's more standard within the industry. Check ebay for networking gear that people are offloading after doing their CCNA/P.

        Comment


        • #5
          Originally posted by Hexx
          Hey all,
          I'm new, Hi! The question I am seeking an answer for is "How do I get into security and all?" I know I need to be more specific, so I will. I am most interested in network security. Mainly firewalls and backbones.

          I have a decent background I would like to think (me being only 19). I completed the CCNA course last year, but didn't go for my cert. I got a cert for completing it though and did well in the class.....very well, A or B average. I currently work for a local liberal arts college doing tech support and hardware repair (virus removal and data recovery).

          Anyways....what types of things should I read and what should I play with; as in hardware? I don't have any cisco toys right now, but I do have a few switches, the best on being a 24 port bay networks managable switch (fun stuff). I have a few servers at home also on a broadband connection (FreeBSD 5.1).

          TIA

          Everything that skroo said is on the money. Particulary about the degree. if nothing else it shows a prospective employer that you have the abilty/fortitude to stick to a task for four years and ride it out until completion. Is a degree "mandatory"...nope. It will however make attaining your goals much easier for you. Plus, you'll learn some things along the way.

          Also, although not the most popular opinion in the world, HighWiz is right. A security clearance, especially when combined with a degree and some experience (we'll get to the experience in a sec) is definite meal ticket. Hell, many contractors will hire folks with ZERO job related skills if they have the required clearance. The thought being that they can train you for the job for cheaper than getting someone who IS qualified cleared.

          Now, experience. PAYING experience is not the only experience. Three words. Volun Fucking Teer. Volunteer to help out with security out local schools (they can be kinda psycho depending on your area) churches, community organizations, etc. They almost all have networks of some sort. Find out who runs them, talk to them and let them know your goals and qualifications and ask if you can help out (for free) with their network/host security. You will be told to take a hike 8 times out of 10. The other two, well, you just got experience for your resume and, if you do a good job, a reference.

          It looks like you have started doing this already, but narrow down your field of interest. INFOSEC is a huge field. "Getting into security" is not realistic. If you like IDS, focus on IDS. If you are interested in forensics, focus on that aspect. Don't try to be the jack of all trades. People in this industry need to specialize. You can't expect to know it all, prospective employers don't expect you to either. If they DO, you probably don't want to work there anyway.

          Finally, be aware of the market. As skroo mentioned, FreeBSD is spiffy. I am a Unix Security Engineer. Unix is what I enjoy working with. Unfortunately for me, Windows didn't die out. I HAVE to understand Windows security issues (and 'Window$ sux0rs" is NOT understanding Windows security issues ;) ). It isn't my strength, in fact the words Microsoft and Windows aren't anywhere on my resume...but I have yet to go to an interview where I wasn't asked at least SOME Windows questions. Windows is a fact of life. Prepare yourself to deal with it.

          Hope that helps.
          perl -e 'print pack(c5, (41*2), sqrt(7056), (unpack(c,H)-2), oct(115), 10)'

          Comment


          • #6
            Originally posted by Hexx
            I don't have any cisco toys right now
            Check e-bay daily. Check half.com daily. You may find some good deals on a PIX or other Cisco products. As you get more into the field you will meet people who will be selling their old Cisco products as they replace them with newer models. As you probably already know expect to spend a decent amount of money on these products, but they will be cheap in comparison to the product at full price.
            The penguin is watching.
            "The DefCon forums dont reward knowledge, but punish iggnorance." -Noid

            Comment


            • #7
              Well i my example is 1, Get kevin Mitnicks Art of deciption. Great book it isnt about computers. But it will matter if you become say an IT man for your career. 2 Go to ITT Tech, or Devry university as a computer college wise. I am going for Network Security, then internet information security, as ITT Tech calls the course.

              Just my two cents. Hope it helps
              Ricky

              Comment


              • #8
                Originally posted by Ricky1146
                I am going for Network Security, then internet information security, as ITT Tech calls the course.
                No surprise there.

                Comment


                • #9
                  Originally posted by Ricky1146
                  Well i my example is 1, Get kevin Mitnicks Art of deciption. Great book it isnt about computers.
                  Why, thanks to this book I CAN HACK THE GIBSON!!!

                  Seriously, getting into "security" isn't possible unless you get into all the aspects of computing: hardware, systems administration, networking, programming, etc. My advice? Find a good school, take as much classes as you can, read as many books as you can and always try to diversify your background.
                  "Those who would willingly trade essential liberty for temporary security are deserving of neither." --Benjamin Franklin

                  Comment


                  • #10
                    Originally posted by jesse
                    Why, thanks to this book I CAN HACK THE GIBSON!!!
                    And when you hack, all that you see on the screen are random formulas floating in a purple background.

                    Comment


                    • #11
                      Originally posted by Ricky1146
                      Well i my example is 1, Get kevin Mitnicks Art of deciption. Great book it isnt about computers. But it will matter if you become say an IT man for your career. 2 Go to ITT Tech, or Devry university as a computer college wise. I am going for Network Security, then internet information security, as ITT Tech calls the course.

                      Just my two cents. Hope it helps
                      And this, folks, is how NOT to do it. Of course, this is coming from our most famous Wall of Sheep celebrity.
                      the fresh princess of 1338

                      What did I do to make you think I give a shit?

                      Comment


                      • #12
                        Thank you Ricky1146, I will have fries with that, thanks for offering!

                        Comment

                        Working...
                        X