RE: New to INformation Security World Please give your expert advicein this matter

From: Paul Melson (pmelson@gmail.com)
Date: Thu Feb 09 2006 - 16:59:13 EST


-----Original Message-----
Subject: New to INformation Security World Please give your expert advicein
this matter

> Hi everyone, I am a newbie in the world of information security. I have
received my MS in
> Information systems security but have sort of limited knowledge about the
practical world. I
> would appreciate it if someone can give me some advice on where to start
as far as practical
> knowledge goes on personal level like in a home-lab environment, what
would I need and where
> should I start, should I work with Windows cuz that's what I know mostly
but I would really
> want to get some experience with linux and unix what sort of tools should
I use that are
> freely available. And what kind of home lab should I setup I can have up
to about 4 to 5
> machines what would be the ideal ideal and ideal setup for someone who has
no clue about
> unix and linux. Please advice

An MS (which presumably stands for Master of Science) in information
security, and you're still asking about what technical skills to learn? Can
you say 'diploma mill?'

Anyway, what you should learn depends on what you want to do. If you want
to perform penetration tests, then you should probably start with a live CD
like Whax (or whatever they're calling it now) and learn to use NMap and
Nessus. If you want to learn firewalls, be advised that neither ISA Server
nor iptables garners a whole ton of respect as a marketable skill on its
own. If you want to learn IDS, I recommend Snort. And, of course, if you
want to make a lot of money in "infosec" while doing very little actual
work, I recommend you skip the technical stuff and go straight into audit
compliance consulting. GLB, HIPAA, and SOX are making people rich. Or so I
hear. :-)

PaulM

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:29 EDT