HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 30 guests online
EH-Net Donations

Enter Amount:
$
Google Ads
EH-Net News Feeds
Latest Additions
Book Recommendations



 
Advertisement

You are here: Home arrow Forum arrow Ethical Hacking Discussions and Related Certificationsarrow Network Pen Testingarrow Starting off with Ethical Hacking
Ethical Hacker Community Forums
December 01, 2008, 06:59:08 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: ChicagoCon 2-Day Ethical Hacking Conference with MS Blue Hats Oct 31 - Nov 1. Tickets Only $100! www.chicagocon.com/content/view/103/51/
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Starting off with Ethical Hacking  (Read 6114 times)
0 Members and 1 Guest are viewing this topic.
redivivus
Newbie
*
Offline Offline

Posts: 2



View Profile
« on: May 26, 2006, 01:56:46 AM »
I am a newbie in this field.  I work as network/security engineer in one consulting company.. There are signs of starting off proffessional services in our company( Pen test, VA etc).
So i would like to get on to this field from now...
can anyone help me in the following areas...
1) What training i should take and what all tools i should keep for Pen test, VA etc..
2) Which all websites and forums will help me keeping my knowledge uptodate.
3) Also if someone already doing this kind of job(CEH,Pen Test,VA), please help me in setting up the same in my company.
4) The process flow and documents required ..will be more important for me in this aspect.
5) As i a script kiddie which all areas i should improve in skillsets.

Thanks in advance...
Logged
>--sho-->
don
Editor-In-Chief
Administrator
Hero Member
*****
Offline Offline

Posts: 2380


Editor-In-Chief


View Profile WWW
« Reply #1 on: May 26, 2006, 10:53:09 AM »
First of all, Welcome to EH-Net.

Whether or not you are interested in being certified, I would highly recommend studying for either CEH or CPTS. They already did the work for you by organizing the field into core modules. There are several great books on ethical hacking, pen testing, certs, etc. You can get sample chapters of some of them in the Book Reviews Category. Try this one, then explore the site for other book titles:

CEH: Exam Prep 2

Also, look in the forums for the boards dedicated to the modules for the different exams. Again, this info is great whether or not you plan to take an exam:

CEH Modules Board
CPTS Modules Board
CPTE Modules Board

As you go through the material in the boards and in the books, keep in mind that it is not a race to finish reading the material. As you get to each concept, tool or process, stop and look them up on the net, install them, get familiar with them. As you do that, you will find that your searching leads you to other places on the net, leads to questions, etc. It will really start to open the field for you.

As for starting your own pen testing division within your company, I was just having this discussion with Dengar13. As with any new venture, you not only need management buy in, but they also need to make the fiscal commitment to the right tools. As an example, Metasploit is a great framework, but when you start dealing with clients, they want a deliverable. That usually means an extensive report. Calculate the amount of time it would take to format the gobs of data from your pen tests into something legible for a client, and those packages like Core Impact that generate the reports for you quickly don't seem so expensive any more. We haven't even discussed the topic of getting your first client. You may need to drastically discount your pricing to "build your book" and get some testimonials. I could go on and on, so this may be a good topic for a new post.

Hope this gives you a good start,
Don
Logged
CISSP, MCSE, CEH, Security+ SME
Negrita
Sr. Member
****
Offline Offline

Posts: 289



View Profile
« Reply #2 on: May 26, 2006, 03:16:51 PM »
As don says, welcome.
5) As i a script kiddie which all areas i should improve in skillsets.
First and foremost don't call yourself a script kiddie unless you want to be flamed. Script Kiddie is a derogatory term. See here for more info about the terminology.

As far as skill sets go, I personaly feel that a good security professional should have at least a basic understanding in Windows system, UNIX/Linux system and also Networking. A basic level of programming also won't hurt.

1) What training i should take and what all tools i should keep for Pen test, VA etc..
There are a variety of network security courses but the 2 "entry level" (*) certs dealing with ethical hacking and penetration testing are;
Ethical Hacking and Countermeasures(CEH) from EC-Council, and
Certified Penetration Testing Specialist (CPTS) from Mile2.

(*) Both these "entry level" certs have prerequisites!!

As far as tools go, download a Live Linux Security distro and play around with the tools there. For your purpouse I recomend Knoppix STD even though it is quite old. To find out why I recomend this one for you, (besides the wealth of tools it comes with,) read my answer to question no. 2. Check this thread for a list of other security distros, or check DistroWatch.

2) Which all websites and forums will help me keeping my knowledge uptodate.
Well obviously this site and its sister The Certified Security Proffesional. If you get a copy of Knoppix STD, then open up the Firebird browser that comes with it and have a look at the list of web-sites already stored in the bookmark section. this is by far the most comprehensive list of security related web-sites I've seen any where.

3) Also if someone already doing this kind of job(CEH,Pen Test,VA), please help me in setting up the same in my company.
I have no experience with this, so I rather not answer. I'm sure others here will have some advice for you though.

4) The process flow and documents required ..will be more important for me in this aspect.
If you take one of those courses I mentioned above, the processes, documents and tools needed for each stage will become more apparent.
Logged
CEH, CCSA NG/AI, NNCSS, MCP, MCSA 2003

There are 10 kinds of people, those that understand binary, and those that don't.
don
Editor-In-Chief
Administrator
Hero Member
*****
Offline Offline

Posts: 2380


Editor-In-Chief


View Profile WWW
« Reply #3 on: May 27, 2006, 09:17:21 AM »
Moderated.

Don
Logged
CISSP, MCSE, CEH, Security+ SME
Oyle
Sr. Member
****
Offline Offline

Posts: 264


"Man. Nature. Technology".


View Profile WWW
« Reply #4 on: May 27, 2006, 10:33:01 AM »
Like I said, I was  not trying to insult, I was just offering constructive criticism.
I rest my case, I will not say anything else about it. Nuff Said.
Logged
MCP, MCP+I, MCSA, MCSE(NT4/W2K), CCNA, CCA, NWCCC, VH-PIRTS, CEH
--------------------
"hackers are like jedi, crackers are like the sith: do not fall prey to the dark side".

From 1337 h4x0r h4ndb00k: "the ten laws of geek", law x
                  -Tapeworm
redivivus
Newbie
*
Offline Offline

Posts: 2



View Profile
« Reply #5 on: May 31, 2006, 11:45:13 PM »
thanks for the reply....
i would take it as an advice and go forward....
Logged
>--sho-->
jas
Newbie
*
Offline Offline

Posts: 2


View Profile
« Reply #6 on: June 02, 2006, 06:10:59 AM »
hi guys
im new to this community .will somebody who is worth can help me out what to do and all that stuff.i would like to learn about what is this all about,
thanking you
James
Logged
Negrita
Sr. Member
****
Offline Offline

Posts: 289



View Profile
« Reply #7 on: June 02, 2006, 06:35:25 AM »
Quote from: jas on June 02, 2006, 06:10:59 AM
will somebody who is worth can help me out
So how do we know if we're worthy of answering your question or not?  Huh

Anyway (presuming I'm worthy,) I think that if you read both my and dons' responses above you'll have plenty of info to start off with. If it's not enough read through the other threads here on the forum for more info.
Logged
CEH, CCSA NG/AI, NNCSS, MCP, MCSA 2003

There are 10 kinds of people, those that understand binary, and those that don't.
don
Editor-In-Chief
Administrator
Hero Member
*****
Offline Offline

Posts: 2380


Editor-In-Chief


View Profile WWW
« Reply #8 on: June 02, 2006, 01:00:34 PM »
Hey Jas,

As we try to do with all of our newcomers, welcome to EH-Net. As Negrita wrote, try the recommendations above. As the questions arise, feel free to start your own posts.

One thing to keep in mind is the word 'easy.' As most of us know, 'easy' is a relative term based on the experience one has in a given field. If you're in the industry, then chances are that someone has come to you with a problem and told you, 'I have an easy one for you.' One could always respond with, "Well, if it were easy, why did you come to me?' But what they really should say is that they're confident it won't take long for someone with the proper knowledge and experience. So... is this stuff easy? As you start to explore, I'll let you answer that question.

We look forward to sharing with you and hearing your feedback.

Don
Logged
CISSP, MCSE, CEH, Security+ SME
Oyle
Sr. Member
****
Offline Offline

Posts: 264


"Man. Nature. Technology".


View Profile WWW
« Reply #9 on: June 02, 2006, 01:12:00 PM »
Hmmmm, seems to me traffic to the website and the Forums is on the rise. Guess it just takes some time for the word-of-mouth to spread....

Logged
MCP, MCP+I, MCSA, MCSE(NT4/W2K), CCNA, CCA, NWCCC, VH-PIRTS, CEH
--------------------
"hackers are like jedi, crackers are like the sith: do not fall prey to the dark side".

From 1337 h4x0r h4ndb00k: "the ten laws of geek", law x
                  -Tapeworm
Sniganoo
Newbie
*
Offline Offline

Posts: 13


View Profile
« Reply #10 on: June 03, 2006, 01:44:26 PM »
I for one am hoping that with my knowledge to date and gaining certs like CEH and CPTS that I will be in a better position moving forward in the IT world as security becomes of paramount importance to both large and small organizations.  I consider myself more of a jack of all trades IT person rather than an expert in any particular area which I feel is quite rare these days.  That said, I am still searching for companies that realise the importance of a real spread of knowledge, they seem few and far between.

The more "tools" there are to help hack and the more people want to hack then the more there should be a need for people who are able to counter the hackers.  If this is true then those at the forefront of hacking countermeasures should benefit the most.  Isn't it time IT security folk got the recognition they deserve?!

:0)
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.7 | SMF © 2006-2008, Simple Machines LLC
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.047 seconds with 23 queries.
 
Sponsors

cwnp_moto__120x90.gif

Polls
During the most recent election, I:
 
Support EH-Net

Support EH-Net by
Buying all of your
Amazon items using
the search bar above.
cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!
Recent Forum Topics
Vote For EH-Net

progenic.com
Click here to Vote!

Sadikhov.com
Top IT Cert Sites

binarica.com
Binarica Logo

Add to Technorati Favorites
technorati fave

 
         
Advertisement

© 2008 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.