LT, get hacking for dummies. don't let the dummies name fool you. I really did learn from it. The author went with a lot of commercial software, but it was a good start.

There are a few noob threads around here with books to read.

I know what you mean about not being just a cookbook (do step a, step b, step c) kind of guy.

As for my firewalls, I prefer a small box, without a lot of stuff installed running straight IP Tables. Work however wants ASAs and PIXs.

LT72884,

I'm a former CCNA with 13 years of data networking experience. I recently read Hacking for Dummies. Some of the stuff I knew, some of it I didn't. I also read Firewalls and Internet Security (mostly theory and using something Unix based to create a firewall, down side it is dated but so was Hacking for Dummies).

My next step is going to get my Sec+ cert. After that, I'm looking forward to reading Hacking: The Next Generation and Network Security Assessment.

My interest is Overall security of the network I run (Network Engineer and Linux Admin).

You're lab will help you do lots of things, especially if you have a few extra computers you can toss on to it. I've got a lab I built for CCNA study purposes (3 routers, 3 switches). I can practice things like arp poisoning, turning the switch into a hub (forwards all packets to all ports), and practice port spanning with a packet sniffer, and then trying to find it. (I know it's there, I can see it but I can I find it without just going to where I set it up and killing the port).

Couple of things I want to add to my lab, a small voip infrastructure and a cisco firewall.

The place is usually pretty active.

Ketchup

As I understand it, there are two reasons for doing 4 ports instead of 3. One is to keep the system from being discovered by talking on the line. The second is you're trying to receive on all 4 wires in the cable.

If you could modify a nic to use all 4 wires as receive, and configure the os to handle that kind of nic, then I think it might be possible.

But I'm still just a noob.

I've seen several similar ideas lately. Including making a clean image virtual machine, and destroying the instance you run every time you surf the web. That way you're always loading a copy of the clean image. (a co-worker actually does this at home).

I have to agree education is an issue, but the question is where do you go to do the education? My mom and step dad (until I forced them to use Linux) were having to have their computer rebuilt every few weeks. Trojans, viruses and the like. Neither one will ever take a class, because they know how to turn the computer on and surf the web. They don't see the point in having to take one. It's not like a person needs a license to hit the "information super-highway"

I think the point the author was trying to make was, if you're using a clean distro (which you kind of lose with a persistent usb key like he suggested), you don't have to be worried about software key loggers and the like. If you don't use the same time to do banking and email you don't have to worry about being phished.

While I see it's merits, I just don't see it happening on a regular basis.

BillV,

I've seen the list, but like I said the reviews on amazon were mixed. I've been leaning towards the Sybex one, but since my budget is really tight, I wanted to see what everyone else thought so I wouldn't have to buy multiple books.

we usually get 1 cert from Thawte per server. I don't know if there is another way to do it. It would be nice, but usually management get's the cert, and I just apply it.

we tend to use symantec where I'm at. Yet we seem to have to take boxes off line and use TRK with it's choices to clean boxes way too often.

You still haven't said exactly why you want the password. I'm going on the assumption that you're not in the IT department. Which means you're trying to by pass your company's security policy. If you really want to impress your co-workers and be a real hero, make a business case as to why you need the software you think you do.

Those are not your personal computers, they don't belong to you.

(I've had to deal with problems like this at work recently, so I'm a little bitter).

shachola, why do you need admin access to your office laptop?

If you're job will not allow you to change your admin password, that tells me your employer(s) decided that you do not need admin access to do your job.

I would suggest talking to your manager, or calling the help desk for help.

Becca

Let me know if I'm understanding your goals:
1) you want to learn more about computers and networking
2) you want to the different rolls a computer can take
3) you want to know if you're too paranoid about what can be done with computers (based on what the others have told you).

Ketchup,
the way it was explained to me, was users that required dhcp (Home Users for the most part since their business clients got statics) have port 25 blocked where it goes out of the uverse network. They also push the web based email model. They did say that their reason to do it was to cut down on bots on their network.

When I called, it wasn't a very friendly customer service call (since I'm paying extra for a static ip address).

I don't know what other ISPs are doing this, but AT&T said they were not the only one.

While 800 spam bots would still send out a lot of data, it's effectively killed 200, and if the practice spreads, it could kill more.

Thing you're missing there, some providers are blocking port 25 access to their customers. Mine does. When I was using my home connection to test my work sever for an open relay (we were on an RBL), I couldn't connect to port 25 on the mail server for work.

From what I was told by my provider, AT&T, it's becoming more of a standard practice to block the SMTP traffic for the users. I was able to get mine unblocked because I have a static ip address for home. Otherwise they wouldn't unblock it. It would also make having a bot net with and SMTP server on the zombie a little more ineffective.

Actually the channel is still there. there's 2 of us in it right now. low amount of people, so it's the drop in and talk and leave style now. Not someone in there saying something at all times.

Don't say it's a calling me names on the internet. Say it's unauthorized access to my home network to do who knows what, including destruction of my reputation. It's all on how you sell it.

As for why to secure the network, start here: http://lifehacker.com/036577/todo-secure-your-wireless-network

Not having protection isn't always a defense. Cops will raid your house, not the people who steal the internet connection.

Might also check out the Oct 1st SANS' security tip of the day.
http://www.sans.org/tip_of_the_day.php

Mostly my interests lie in securing the network I build, and then keeping people from circumventing the rules I put in place because that's what the business has asked for. Time and again, I've seen that my employers value the opinion of someone certified over mine. As if they don't think I'm qualified unless I have a cert.

I'm hope the cert will help me get a new job too, because of the attitude I see here. The get past HR for an interview level. I'm looking at Sec+ because it's an "intro" for computer security. Should go good with the other 2 certs I'm working on right now (CCNA and Linux Professional Institute).