• Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.

Increasing security knowledge

Collapse
X
  •  
  • Filter
  • Time
  • Show
Clear All
new posts

    Increasing security knowledge

    Hello - my background is as a Unix Administrator, but I am currently on a project involving a lot of security work (with ssh, ssl, Apache2 and Weblogic). I'd like to learn more about security and maybe make this a long term speciality. Does any have any recommendations of books or websites to learn more (particularly orientated towards linux/unix).

    I have already read the following for general background:

    The Code Book (Simon Singh)
    Cryptography: A Very Short Introduction

    But I am looking for something that is a bit more related to 'plumbing' things together, and I don't for example want to read an O'Reilly SSH book from cover to cover.

    Any info greatly recieved.

    #2
    Why not start with router security / firewalls?
    Me, me, me...

    Comment


      #3
      Fill yer boots man.

      Amazon.co.uk: CISSP / SSCP recommended reading from www.isc2.org
      "I hope Celtic realise that, if their team is good enough, they will win. If they're not good enough, they'll not win - and they can't look at anybody else, whether it is referees or any other influence." - Walter Smith

      On them! On them! They fail!

      Comment


        #4
        I've just signed up to do a distance learning Masters in Info Secuirty
        Originally posted by Stevie Wonder Boy
        I can't see any way to do it can you please advise?

        I want my account deleted and all of my information removed, I want to invoke my right to be forgotten.

        Comment


          #5
          Originally posted by reddog View Post
          Hello - my background is as a Unix Administrator, but I am currently on a project involving a lot of security work (with ssh, ssl, Apache2 and Weblogic). I'd like to learn more about security and maybe make this a long term speciality. Does any have any recommendations of books or websites to learn more (particularly orientated towards linux/unix).

          I have already read the following for general background:

          The Code Book (Simon Singh)
          Cryptography: A Very Short Introduction

          But I am looking for something that is a bit more related to 'plumbing' things together, and I don't for example want to read an O'Reilly SSH book from cover to cover.

          Any info greatly recieved.
          Security is a huge field, from policy and risk to hardcore techie stuff like cryptography and forensics. Pick the bit that interests you and get involved in as much of it as you can. The best way to learn is to do, just like anything else in IT, and will look much better on your CV than qualifications without the experience to back them up.

          If you have the kit available at home have a play with setting up secure connections, PKI, Certificates etc if you want to get into the plumbing side of things. Actually doing it, and looking for solutions to real problems, will teach you a lot moer than just reading a book.
          "Being nice costs nothing and sometimes gets you extra bacon" - Pondlife.

          Comment


            #6
            thanks - I think I'll build some VM's and play around rather than concentrating on theory. Its quite strange though, most books seem to be written in the 90's or very early 2000's. I would have thought there would have been some slightly more up to date literature!

            Comment


              #7
              Like others have said security is big and also covers putting nets/locks in windows so that people don't smuggle USB stick through windows

              But really nowadays when you look at what people do is Webapps over HTTP so focus on Application layer security, deep packet inspection, learn how to deal with SSL certificates and set up HTTPS properly and that's it.
              The lower OSI layers are already mature and it's a bit irrelevant if they're secure or not if higher up you're encrypting properly...

              Comment


                #8
                Originally posted by yasockie View Post
                Like others have said security is big and also covers putting nets/locks in windows so that people don't smuggle USB stick through windows

                But really nowadays when you look at what people do is Webapps over HTTP so focus on Application layer security, deep packet inspection, learn how to deal with SSL certificates and set up HTTPS properly and that's it.
                The lower OSI layers are already mature and it's a bit irrelevant if they're secure or not if higher up you're encrypting properly...
                No need to go near the windows. Just drop them in the carpark or send them to people as promotional freebies.

                If you are feeling really devious you could try something like this....

                Netragard’s Hacker Interface Device (HID). | Netragard's SNOsoft Research Team
                "Being nice costs nothing and sometimes gets you extra bacon" - Pondlife.

                Comment


                  #9
                  SANS: Computer Security Training, Network Security Research, InfoSec Resources

                  Comment

                  Working...
                  X