EH-Net

I am a Masters student of IT at UNC Charlotte. I have decided to take up Information Security as the concentration.
Can you please advice me what all certifications i need to do in this field? I know abt CEH only. I want general advice on how to get knowledge abt latest security issues.
I am already a CCNA, but donot think CCNP is useful for me.

There are many avenues you could pursue, dependent upon where you want your career to go.  Additionally, if you're looking for what may qualify for course credits, etc, you'd obviously need to check with the university.

That said:

If you're looking for management style, or overall infosec, you might look at CISSP, CISA / CISM, etc.

If you're looking to be more of the proactive, penetration testing / malware analysis side of things, you could look into the follow-up to CEH, the ECSA/LPT.  You could also look at the OSCP, or look into the SANS security certifications, such as the GPEN (SANS 560)

If you're looking for more of a law-enforcement, forensics side of things, you might pursue something along the line of the CHFI (Forensics Investigator) or others of that nature.

It's all dependent on what you want to do, etc.  I wish you luck, and you've found the right place to ask the questions, so fire away, and we'll all be glad to discuss!

SANS (sans.org (http://www.sans.org/info/52988)) has a wide range of classes that are just related to pen testing. They have classes for managers, auditors, and coders too. In my experience the training has been top notch. I highly recommend them.

My advise is to look at the different forums on this site, because as previously mentioned there are a lot of paths to take in Information Security.  Some of the certifications are entry level, like the CompTIA certs and even some of the SANS classes, like SEC 401, others are intermediate C|EH, OSCP, and others still are more advanced like the CISSP, CISM, CISA.

A lot of certifications require you to meet prerequisites, which usually deal with experience or education.

I would recommend that you take some time, look through the forums.  See what you may be interested in.  There are areas like Incident Handling (cleaning and mitigating hacker attacks), Intrusion Detection (catching the hackers when they strike), Penetration testing/Ethical hacking (making sure the hackers can't get in), Malware (studying what tools hackers use and how to defend against them), etc.  Just kick back and read, read, read.  there is no easy path into information security.

Btw, welcome to the site.

THANKS A LOT everyone for the guidance.

I am looking at acquiring skills to become a penetration tester/ethical hacker with the use of tools. I have the following questions in this regard:

Q1. What certifications do u recommend- CEH by EcCouncil or certifications by SANS?
Q2. Do we have tutorials on the forums for my field of interest?
Q3. My friend told me that i shud get my hands on Backtrack or Nessus.. can I learn them without professional training?

You can pretty much learn any tool without 'professional training'  However, the drawback is you have to measure the time to research and learn the tools against the time it might save by learning them from a professional instructor, or in a formal class setting.  What you'll need to do is to do some analysis and spend some time really deciding on which approach is best suited for you. 

If you're capable of self-study, and have a nice lab setup that you can 'play' against, then by all means, it can be more affordable to study for yourself.  If you learn better by watching and listening to someone else (if you're more of a senses learner than a reading learner,) then you would probably be better served attending a bootcamp or more formalized class.  Being that you're pursuing your degree at UNC, I'd be willing to bet you know your best-suited learning style, and comfort zones, and will probably make the best choice for YOU! 

As for tutorials, if you browse the site, there are plenty of links to sites where tutorials abound.  De-ICE and other pre-built distros exist to 'hack against' and learn with.  (implied search hint here for the EH-Net forums ;D )

Good luck, and as you find more to play with and learn, feel free to continue to ask.

Yes, I recommend you to see the http://heorot.net/ trining

Both Backtrack and Nessus are handy tools.  Just a few things to keep in mind (I am on the path of transitioning from Sys Admin to Info Sec)... I have observed the newest version of Nessus can produce a good amount of false positives.  Not good to tell someone there site is vulnerable to something when it is not.  Learn to not fully rely on the tools and learn to work your way through the vulnerability.  Which I found, as someone who loves puzzles, the most fun part of the game! :D  Backtrack is great but one thing I found with that is there are so many tools crammed into it that you might find yourself wondering which one is the correct one to use.

As for certs, I too am trying to determine where to proceed.  One suggestion I found was the GISF cert.  It is a pricey cert to get, but could be worth it.  An important factor with Info Sec is knowledge and experience.  If you can gain those, then getting the certs won't be as difficult.

Good luck!!

I think that formal training will help with the methodology.   While you can learn how to be effective with just about any tool, it can be more difficult to learn how to put them together to achieve results.  This is where learning from others' experience is helpful.   It can be difficult to assemble this knowledge on your own.

Look into the Y approach http://www.myinfosecjob.com/2010/02/whats-the-right-information-security-certification-for-me/ (http://www.myinfosecjob.com/2010/02/whats-the-right-information-security-certification-for-me/)

I found that article useful. Check my response http://sector876.blogspot.com/2010/02/y-approach.html (http://sector876.blogspot.com/2010/02/y-approach.html)