Well, I can tell you what worked for me. I started learning this stuff maybe two, three years ago. The books Jeff Gieser mentioned are almost all "must own" titles. In particular, TCP Illustrated and Applied Crypto are fantastic, Building Internet Firewalls is one of the seminal works and important for basic architecture understanding. The thing that helped me most was providing advice of dubious worth on mailing lists. The key is to try and avoid guessing and knee-jerk responses. If, every time you feel like glossing over something, you go and read the RFC and find out the _correct_ answer, or look up the relevant stuff on the net or whatever you tend to learn quite fast. Trying to explain something in depth often shows you that you don't understand it as well as you thought. You really must build yourself a *nix box of some sort, then mess with it, blow it up, rebuild it etc etc. Play with security tools and poke around on networks. I just built myself (another) network-poking-around box. It's a Linux box (for some reason) and has tools like dsniff, hping2, nmap, ethereal, whisker, nessus, firewalk and perl. Just the basics, but they're all free and if you know how to _effectively_ use that lot then you know you have a decent grasp of the area. I wouldn't bother trying to "practice hacking" yet. It doesn't teach you as much about how to secure your own systems as you might think. If you know how the attacks work in principle then knowing where to download a r00tkit isn't useful knowledge. Everything IMHO, of course. Cheers, -- Ben Nagy Network Security Specialist Marconi Services Australia Pty Ltd Mb: +61 414 411 520 PGP Key ID: 0x1A86E304 > -----Original Message----- > From: Gary Jones [mailto:[EMAIL PROTECTED]] > Sent: Friday, March 30, 2001 1:27 AM > To: [EMAIL PROTECTED] > Subject: Re: Firewalls-Digest V8 #1568 > > > I am VERY new to this mail list![...] > I want to learn as much about security on the net as > possible [...] - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
