• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Learning IT Security

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Beginners // Misc. Computer Questions

View previous topic :: View next topic  
Author Message
anthony777
Just Arrived
Just Arrived


Joined: 03 Feb 2007
Posts: 0


Offline

PostPosted: Sat Feb 03, 2007 4:12 pm    Post subject: Learning IT Security Reply with quote

I need help for learning IT Security where do I start? any good books and what subject to begin with. Please help and thank you

Anthony
Back to top
View user's profile Send private message Send e-mail
moondoggie
Lurker
Lurker


Joined: 27 May 2005
Posts: 19


Offline

PostPosted: Sun Feb 04, 2007 4:58 am    Post subject: Reply with quote

this is a *great* place to start Smile
Back to top
View user's profile Send private message
PhiBer
SF Mod
SF Mod


Joined: 11 Mar 2003
Posts: 20
Location: Your MBR

Offline

PostPosted: Mon Feb 05, 2007 7:16 pm    Post subject: Reply with quote

Anthony,
As a start, I would suggest you read, read, read, and listen to some security podcasts and watch some security videos (the "Practicing Better than Best" series is very good) to get a good foundation on security. Reading up on forums such as this will also help you greatly in learning about security. Good luck and welcome to SFDC Very Happy
Back to top
View user's profile Send private message
capi
SF Senior Mod
SF Senior Mod


Joined: 21 Sep 2003
Posts: 16777097
Location: Portugal

Offline

PostPosted: Mon Feb 05, 2007 9:18 pm    Post subject: Reply with quote

PhiBer wrote:
[...] listen to some security podcasts [...]

Shocked You're recommending the ramblings of the keyword-dropping, pseudo-expert hype-machine as a serious source of security information?

Let's see... "inventing" something the Linux folks had already been doing for years, managing to get it wrong and doing it in a poorly designed and broken way, then on top of it claiming it all as his own original and world-saving research (remember GENESIS?).

What else... Managing to make anyone who's ever made an actual fundamented, rational, argument criticizing Microsoft's practices and/or coding look like a paranoid idiot by association. Remember when he managed to accuse Microsoft of conspiring and inserting intentional backdoors inside Windows? The "expert" went public about it and everything... except it was all based solely on his idiotic research which consisted literally of "I wonder what happens if I change this byte to 1 in the WMF file then open it with the Windows viewer? Oh, it's running a piece of code from the WMF file! I FOUND A BACKDOOR!!" (no, he didn't go and disassemble the code, or do any further research... and no, it wasn't a backdoor, but a simple run-of-the-mill bug, caused by sloppy programming, as was eventually discovered by others who actually knew what real security professionals do).

And well, I'd better not say anything else, lest his cult of followers unleash their nanite warrior robots against my shields and use my computer's raw sockets to destroy the Internet.


Last edited by capi on Mon Feb 05, 2007 10:06 pm; edited 1 time in total
Back to top
View user's profile Send private message
PhiBer
SF Mod
SF Mod


Joined: 11 Mar 2003
Posts: 20
Location: Your MBR

Offline

PostPosted: Mon Feb 05, 2007 10:00 pm    Post subject: Reply with quote

Capi,
What a helpful response. Notice how I am recommending the podcast to someone new to security as it is geared more towards those types of people.

I do have to agree though that Steve's raw sockets ordeal annoyed me as well. I am not going to defend him or argue about his "security expert" status, but I do believe he explains certain things in regards to security in a very down to earth way -- atleast where newbies can understand.

Perhaps you might want to contribute to this post and let us know what you feel is a good start? How about a TCP RFC or perhaps a cert advisory on the Buffer Overflow in Core Microsoft Windows DLL? Those should certainly help someone just getting into security.


Last edited by PhiBer on Mon Feb 05, 2007 10:14 pm; edited 1 time in total
Back to top
View user's profile Send private message
alt.don
SF Boss
SF Boss


Joined: 04 Mar 2003
Posts: 16777079


Offline

PostPosted: Mon Feb 05, 2007 10:03 pm    Post subject: Reply with quote

How dare you criticize T3h Gibs0n! Heh, actually Capi makes a valid point in my opinion. Personally I would not look to Gibson for any serious computer security knowledge. As Phiber said, it all comes down to reading and then recreating what you read in a computer lab. You will only truly understand once you have recreated it.
Back to top
View user's profile Send private message Visit poster's website
capi
SF Senior Mod
SF Senior Mod


Joined: 21 Sep 2003
Posts: 16777097
Location: Portugal

Offline

PostPosted: Mon Feb 05, 2007 11:36 pm    Post subject: Reply with quote

PhiBer wrote:
Capi,
What a helpful response. Notice how I am recommending the podcast to someone new to security as it is geared more towards those types of people.

You ought to know by now, from my posts to this forum, that if there's something I'm not, that's an elitist. Misinformation like the one often found in that site is no help for anyone who's trying to learn, though.

PhiBer wrote:
I do have to agree though that Steve's raw sockets ordeal annoyed me as well. I am not going to defend him or argue about his "security expert" status, but I do believe he explains certain things in regards to security in a very down to earth way -- atleast where newbies can understand.

Wikipedia explains things in a down to earth, and correct, way. Howstuffworks explains things in a down to earth, and correct, way. Many people in this forum and others (yourself included) spend their time to explain things in a down to earth, and correct, way.

Information is one thing, misinformation is another.

PhiBer wrote:
Perhaps you might want to contribute to this post and let us know what you feel is a good start? How about a TCP RFC or perhaps a cert advisory on the Buffer Overflow in Core Microsoft Windows DLL? Those should certainly help someone just getting into security.

Ok, that was certainly a very unexpected change in tone...

Sorry, I'm not inclined to answer challenges as to whether or not I contribute to this community. Nor am I about to start counting how many posts I have made teaching people how to find their way around a given problem or describing highly technical concepts in layman's words.

Congratulations on knowing that TCP is described in RFC 793, though. Nice of you to point me there, too; you saved me from having to dig into the network stack that I implemented from scratch to find out what this "TCP" thing is that everyone speaks of. I'm afraid you'll have to explain what this "DLL" thing is, though, you lost me there...
Back to top
View user's profile Send private message
PhiBer
SF Mod
SF Mod


Joined: 11 Mar 2003
Posts: 20
Location: Your MBR

Offline

PostPosted: Tue Feb 06, 2007 9:29 am    Post subject: Reply with quote

capi wrote:

Ok, that was certainly a very unexpected change in tone...

Sorry, I'm not inclined to answer challenges as to whether or not I contribute to this community. Nor am I about to start counting how many posts I have made teaching people how to find their way around a given problem or describing highly technical concepts in layman's words.

Congratulations on knowing that TCP is described in RFC 793, though. Nice of you to point me there, too; you saved me from having to dig into the network stack that I implemented from scratch to find out what this "TCP" thing is that everyone speaks of. I'm afraid you'll have to explain what this "DLL" thing is, though, you lost me there...


Capi -- In no way do I mean disrespect and I do admire the contributions you have made to the security community. Still though, I feel that the podcasts can be of value to those just beginning in security and in my opinion, the amount of "misinformation" compared to the "valuable information" is minimal. Sure, they might not be as technical as a seasoned security professional might want, but they are a good starting point in conjunction with some reading and research. I will agree to disagree with you (waiting to hear a long response to my every sentence, Capi style! Wink ).
Back to top
View user's profile Send private message
capi
SF Senior Mod
SF Senior Mod


Joined: 21 Sep 2003
Posts: 16777097
Location: Portugal

Offline

PostPosted: Tue Feb 06, 2007 11:52 am    Post subject: Reply with quote

PhiBer wrote:
Capi -- In no way do I mean disrespect and I do admire the contributions you have made to the security community.

Thank you. Just to be clear, I should note that I was not, in my initial post, criticizing you or the help you provide; I was, rather, criticizing GRC. If I gave a different impression, I apologize, as that was not my intention.


PhiBer wrote:
Still though, I feel that the podcasts can be of value to those just beginning in security and in my opinion, the amount of "misinformation" compared to the "valuable information" is minimal. Sure, they might not be as technical as a seasoned security professional might want, but they are a good starting point in conjunction with some reading and research.

I have no problem whatsoever with technical information being presented in a friendly way for someone who doesn't yet have experience in a given field. As I've said before, just because someone isn't an expert in computers that doesn't mean they're any more or less intelligent than anyone else, it just means they're an expert at something else.

Hell, if some brain surgeon started to explain the latest innovation in neurosurgery to me, he'd better well do it in a friendly way, or I wouldn't understand any of it. There is a big difference, though, between a real professional explaining something difficult in layman's words, and someone trying to push truisms, half-truths and (at times) outright lies upon the layman in order to make himself look like a real professional.

There is a distinct difference between the kind of information and advice offered, for example, on this site (or many others, this is not about SFDC), where technical and often specialized information is explained in a correct, yet friendly way, and the sort of "information" which is seen at GRC. To be perfectly honest, most of GRC reads as an experiment in self-glorification, a platitude of truisms and bloated half-truths mixed with enough techobabble pseudo-terms to make its originator sound good. Big flashy colors and fancy names like nanoprobes for a glorified SYN scan that you can top with nmap any day. He "invented" this, he "invented" that. GENESIS.. He took it from SYNcookies, which the Linux kernel had been doing years ago (and he managed to do a poor job even at that, breaking the design) but hey, he gave it a fancy-sounding name, so why shouldn't he call it his own?

That site reads more as a marketing brochure than anything, but has the added danger of being passed off as actual scientific information. This is called "misinformation" and using it as a source of serious learning is worse than using nothing.

Smoke and mirrors, that's what it's all about. Some truth, covered in a completely hyped and unprofessional way. Hell, just look at that "backdoor" scandal, and the podcast in which he first mentioned it, it was just appalling... you don't go public and make a claim like that without some proof, some actual research! I mean, more research than just "uuh I changed this byte here and uuh y'know, code executed, omgwtf BACKDOOR!!1!" Say, how about, looking into the program's code... Those who've read my posts to this forum will know very well that I've always been an active critic of Microsoft, for its business practices, its technical quality and other reasons. However, things like this only manage to make those of us who actually try to make a rational point look like idiots by association.


PhiBer wrote:
I will agree to disagree with you (waiting to hear a long response to my every sentence, Capi style! Wink ).

This one long enough for you? Razz
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Beginners // Misc. Computer Questions All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register