Here's some info from a forum I frequent:
http://www.ultratech-llc.com/KB/?File=Security.TXT
http://neworder.box.sk/
http://www.cert.org
"I'm very impressed with Shadow Security Scanner, which I got turned onto by a 15-year old Russian hacker (black hat). I even got a Russian copy (so it was free) and I've used it a lot. It is very easy to use, like a port scanner and SATAN rolled into one. It also puts out very professional looking HTML page reports with links to all of the patches of detected security vulnerabilities. Oh, and did I mention it does password checks?
http://www.safety-lab.com/en/products/1.htm
Now, its gone legit (used to be http://www.rsh.kiev.ua/ ), so you might have to look around a bit. If I were you, I'd drop the cash to get this sucker and keep it a secret at work. You can *try* Cisco's Security Scanner, but when I went out to San Jose to the CPN conference, I sat in on a security session, and got a free copy of the it afterwards (the full version) to test against SSS, and......it was no comparison.
Basically, I'd say you need to know a few things;
1. TCPWrappers and access-lists
2. Some kind of scripting experience, to script brute force-type of scans
3. IRC experience, get into the hacker-scene and find out as much as you can from black hats, as well as the white hats.
4. Learn about the OSI 7-layer model, as well as IPv4 addressing, netmasks, NAT/private addressing, etc. Buy the introductory book by Cisco for the CCNA (even take the CCNA test).
5. Learn about logs. They are boring, but Logsentry (see the Psionic link above) can help there. This is one of the best ways to find where/when a break-in occurs."
-----Original Message-----
From: Richard Jenniss [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, December 04, 2002 2:37 PM
To: CLUG
Subject: (clug-talk) IT Education
Hello fellow Linux enthusiasts.
Next September is some time away, but I'm looking at options for continuing education.
I am taking Net-tech at SAIT, contact me if you wish to ask me questions.
I'm looking to get into IT security.
What are some recomendations as to where I can start, what I should take, and possibly resources for funding?
I would like to be a consultant, do network audits, and advise methods to improve.
There's a couple things I've had in my mind.
1. Course books, I will avoid a course if they use bad books.
2. Qualified instructors / professors.
3. Pace, and acceleration of the course. I like to move at my own speed. Not a huge priority.
Thank you all for your time.
Sincerely,
Richard Jenniss
