.

Hi everybody

Whis is so hard strarting to work in the security area?

Difficult
3
100%
Impossible
0
No votes
 
Total votes : 3
<<

ruggine

Newbie
Newbie

Posts: 2

Joined: Thu May 20, 2010 4:55 am

Post Fri May 21, 2010 2:30 am

Hi everybody

Hi. First of all i'd like to thanks all for creating this site in which i'll find (i hope) a lot of informations about computer security.I'm quite old (42) but i have got a real experience of computer programming and networking. I actually work as a computer angel in a University at the Faculty of Economics.I'm a security enthusiast and ,sometimes, i do some basic security tests in our network.i'd like to improve my security skill and try to transform this "hobby" in something much more interesting but nobody here is really interested in doing this. I try to conctact some security company thinking that they can help me, but the only answer that i got is: you have not the minimal requisite (degree and certification and blablabla). Now what? I think that the university network is a good way of learning security in real scenario. Any ideas?
Thanks.
<<

morpheus063

User avatar

Sr. Member
Sr. Member

Posts: 393

Joined: Sun Jun 25, 2006 10:08 am

Location: Cochin - India

Post Fri May 21, 2010 3:50 am

Re: Hi everybody

Hello Ruggine,

Welcome on-board EH-Net.

That's a wonderful introduction. Your programming skills will definitely help you with the security related researches. As far as learning security in the university network, I won't suggest if it is not a controlled lab. Try to setup a controlled lab network where you can practice and try out various security exercises. There are few threads discussing this:

Network pentest lab setup   

Pentest Lab: Web Application Edition

Wishing you all the best for your learning initiatives.

Happy learning 'n' hacking :)
Manu Zacharia
MVP (Enterprise Security), ISLA-2010 (ISC)², C|EH, C|HFI, CCNA, MCP,
Certified ISO 27001:2005 Lead Auditor

[b]There are 3 roads to spoil; women, gambling & hacking. The most pleasant with women, the quickest with gambling, but the surest is hacking - c0c0n
<<

Anquilas

User avatar

Full Member
Full Member

Posts: 169

Joined: Fri Mar 19, 2010 7:50 am

Location: Belgium

Post Fri May 21, 2010 5:19 am

Re: Hi everybody

Welcome to the forum!
I'm sure there are lot's of answers in various posts here. If you don't find any, ask away! :)
Twitter: https://twitter.com/dietervds
Blog: https://synquell.wordpress.com (not much there yet)

The beginning of knowledge is the discovery of something we do not understand.
<<

Xen

User avatar

Sr. Member
Sr. Member

Posts: 386

Joined: Tue Feb 03, 2009 3:59 am

Post Fri May 21, 2010 5:53 am

Re: Hi everybody

Hello, ruggine! Welcome to the forum :)
You've come to the right place. I'm sure that you'll find solution to any question you might have. Just stick around and you'll learn a great deal just by reading the discussions.

I try to contact some security company thinking that they can help me, but the only answer that i got is: you have not the minimal requisite (degree and certification and blablabla).

Have you considered any certifications? Security+ is a good one to start with. Even if you have some security skills, most employers will ask for some concrete proof to show to them. Certification is that proof. Check security jobs in your local newspapers and make note of certifications employers look for and start working on them.
I would also advice you to purchase Counter Hack reloaded by Ed Skoudis and practice the material in your OWN lab.

I think that the university network is a good way of learning security in real scenario. Any ideas?

Perhaps not. Make sure you've proper permission before you practice on your University network, otherwise you're just calling for unnecessary trouble.

Manu Zacharia has given you excellent links to build your own virtual lab. However, if you still have any confusion I'll just copy-paste a similar response I posted in some other thread. http://www.ethicalhacker.net/component/ ... /#msg28590

You do not need any expensive stuff to build your 'virtual' test lab. In fact most of the stuff in my lab is absolutely free. You can find various open source counterparts of commercial tools.
There are various 'free' virtualization products available like virtualbox, vmware player and vmware server. I'm a big fan of vmware products. Personally, I believe that vmware server will be enough for what you want to do. Vmware server is a stripped down version of the excellent commercial vmware workstation but contains almost all the basic features you'll require. You can download pre-built linux virtual machines from the vmware website http://www.vmware.com/appliances/directory/
There's also a free route to get Windows OS. Either you can download the OS from Microsoft's website which comes with around 3 month trial period. Furthermore, you can also download Windows XP SP2 virtual machine from  NIST's website http://www.offensive-security.com/metas ... hine-setup
As for the softwares like ftp, telnet daemons and webservers etc...well most of them are free anyway  :D

Jhaddix and Laz3r have posted wonderful tutorials to build a virtual test lab. You can get them here:-
Network pentest lab setup
Pentest Lab: Web Application Edition

Additionally, you can practice on ready made targets like De-ICE live disks, hackerdemia and pWnOS all of which are available here http://forums.heorot.net/&nbsp; You also have LAMP security disks http://sourceforge.net/projects/lampsecurity/&nbsp; Also try your hands at the 'Skillz' section of this forum http://www.ethicalhacker.net/component/ ... oard,12.0/ They will test your limits.
There's also a topic here at EHNet which will direct you to more stuff for practicing http://www.ethicalhacker.net/component/ ... ic,5043.0/
<<

zeroflaw

User avatar

Full Member
Full Member

Posts: 208

Joined: Fri Feb 12, 2010 10:41 am

Location: Holland, Den Helder

Post Sat May 22, 2010 9:22 am

Re: Hi everybody

Hello, welcome to EH-Net!
ZF
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Sat May 22, 2010 9:41 am

Re: Hi everybody

Welcome aboard!
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

j0rDy

User avatar

Hero Member
Hero Member

Posts: 591

Joined: Tue Feb 23, 2010 4:55 am

Location: Netherlands

Post Sun May 23, 2010 3:50 am

Re: Hi everybody

Welcome! the only advice i can give you is look at the virtual lab building guide Equix3n- posted above...
CISSP, CEH, ECSA, OSCP, OSWP

earning my stripes appears to be a road i must travel alone...with a little help of EH.net
<<

JollyJokker

Post Sun May 23, 2010 5:40 am

Re: Hi everybody

Welcome! I am also new to the forum and new to Information Security. I guarantee you that this is an ideal place to learn!
<<

ruggine

Newbie
Newbie

Posts: 2

Joined: Thu May 20, 2010 4:55 am

Post Thu May 27, 2010 6:10 am

Re: Hi everybody

Thank's all. I create a small hacklab machine in which i put vmware server and other stuff that you suggested me. Obviously the machine is completly disconnect from the network university and i can play around with it without getting in troubles. I can scan,version,fingerprint and try to exploit known vulnerabilities with bt4.That's good stuff but i think that activity is not considered to be ethical hacking.I mean that noone will call me and say "Hey check my internal network and try to find known security holes! you'll get paid for this." Unfortunately i live in a small town in italy and the nearest interesting city is Milano. Perhaps i have to found someone like me and try to mix our experience... not so easy!!
Anyhelp(of corse)will be greatly appreciated.
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Thu May 27, 2010 7:20 am

Re: Hi everybody

Ah, but that is very much, still, ethical hacking.  Doesn't matter whether you're pentesting against an internal or external network.  Doesn't even matter if you're finding holes that the network owner is already aware of.  Very often you WILL get paid for this, because, even if you're just confirming their known flaws, there are legal and certification requirements that must be satisfied, through a pentest or audit.

As an ethical hacker, it's your job to find and disseminate security risks to the company, whether confirming existing or finding new ones.  Very often, I'm involved in a situation where the IT department knew about a hole, but didn't close it, because they didn't feel it was a high enough risk to the organization.  However, when I showed them, through a pentest, the amount of actual damage that could come THROUGH that hole, their mindsets changed.

Additionally, the internal side of things is VERY important, as it's where a skilled hacker / attacker is going to head, immediately, as soon as they breach the perimeter (whether by exploiting a flaw on the border servers, or by social engineering and client-side exploit.)  Either way, security holes on the inside MUST be closed, to avoid further potential data loss and risk.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

yatz

Full Member
Full Member

Posts: 222

Joined: Tue May 25, 2010 2:58 pm

Post Thu May 27, 2010 9:11 am

Re: Hi everybody

I'm new to these boards too, so welcome!  I think you'll find all sorts of skill levels around here, and the eagerness to learn is infectious!
"Live as though you would die tomorrow, learn as though you would live forever."

CCNA, MCSA, MCTS, Sec+, Net+, Linux+, CEH

Return to News Items and General Discussion About EH-Net

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software