.

Yuck The Fankees noob

<<

YuckTheFankees

User avatar

Sr. Member
Sr. Member

Posts: 332

Joined: Fri Apr 08, 2011 3:07 pm

Post Fri Apr 08, 2011 4:10 pm

Yuck The Fankees noob

Hello everybody, I've been viewing a lot of the threads over the past week or two, just trying to learn as much as possible.  And I waited till now to ask some noob questions.

Here's a little bit about myself..
- turning 23 in a few weeks
- i was studying to be an actuary for 2 years
- i work for a fortune 100 company in retirement plans
- I'm looking to get into the information assurance field and work on the offensive side (red team?)


So from reading these threads I realized how very little I actually know about computers and everything else involved with them. SO here are my NOOB questions.

1. I want to get a degree in Information Assurance, I live by a state university but I prefer to keep my job and do the degree online. So... How do employers look at IA degrees from online schools in a bad way, say from Capella University? It's marked as a center of excellence from th DoD.

2. Explain to me what a home lab is?  I tried to search "what is a home lab" but nothing good came up.  I think I'm too early to even think about getting one but it sounds super fun lol

3. My cert. route:  network+, sec+, then I have no idea...there are so many cred. in IT it's crazy...its so hard to keep track


I have bought about $70 worth of books... hacking for dummies, prep exam for A+ and network + (just to learn the very basics), hacking 3, system enigeering textbook, c++ for dummies..


I welcome any extra information or advice
OSCP in progress
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Fri Apr 08, 2011 9:36 pm

Re: Yuck The Fankees noob

Welcome to the forum.

Question 2:
A home lab, is a pen-testing lab at home. It's bad form to learn on a live network, and it's rare to find a place that will let you learn on a test network.

So most of us have built testing labs at home.

Question 3:
that's a start.
OSWP, Sec+
<<

YuckTheFankees

User avatar

Sr. Member
Sr. Member

Posts: 332

Joined: Fri Apr 08, 2011 3:07 pm

Post Sat Apr 09, 2011 2:16 am

Re: Yuck The Fankees noob

What does the lab consist of? and how do you hack it? Do you create a network and hack it?  thanks ???
OSCP in progress
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Sat Apr 09, 2011 9:15 am

Re: Yuck The Fankees noob

Search and browse the forums, here, and you'll find MANY threads to answer your questions, such as:

http://www.ethicalhacker.net/component/ ... /#msg37127

(There are tons, like the thread above...)

Ultimately, though, you'll build up a lab consisting of physical or virtual machines, simulating real-world setups, and practice your skills against that lab.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Sat Apr 09, 2011 9:17 am

Re: Yuck The Fankees noob

~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Sat Apr 09, 2011 12:13 pm

Re: Yuck The Fankees noob

Welcome to EH-Net.

1) Some old-school employers may look at an online degree negatively others will not. I think the majority are understanding that many people have things to do, jobs, and other stuff that keeps them from physically attending classes. Plus, many choose to "return to school" as opposed to it being something done right after high school (so factoring into the same things already mentioned). That all being said, any degree from a school that's marked as a center of excellence will surely be looked up favorably.

2) A home lab is what you'll use to practice your computer/networking/hacking/etc skills with. Rather than, as mentioned above, playing with a live network you'll want to play and practice in a testing environment where it won't impact anything other than your lab. Also as mentioned above, one of the best way to go about this (as far as systems are concerned) is to use some sort of virtualized environment. This has many advantages that I'm sure you'll find by searching the boards here. Some people choose to buy used/inexpensive hardware (like cisco switches and routers) online to add into their lab as well.

3) As everyone here will tell you, certifications are a great baseline of knowledge. Your route is a good start. Depending on your current level of knowledge, it may also be worthwhile to consider the A+ or at least read the study guide. Having an N+/S+/A+ will give you a great foundation. The Security+ may open your eyes to directions you want to go as there are many routes within security - I know you mentioned the offensive side but you may find that you would rather go a forensics route, for example.

As for books, your list looks good. I would work on your basic foundational networking/system/security skills before jumping into your system engineering or C++ books. If you search around the forums, 'sil' has posted links to his recommended path into security [testing?] somewhere and that would probably be an excellent place to start.

You'll find the community here is very helpful and always willing to help out and answer questions - noob or not ;-)

BillV
<<

YuckTheFankees

User avatar

Sr. Member
Sr. Member

Posts: 332

Joined: Fri Apr 08, 2011 3:07 pm

Post Sat Apr 09, 2011 1:02 pm

Re: Yuck The Fankees noob

Thanks again guys. Do most of you work in the security field?
OSCP in progress
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Sat Apr 09, 2011 2:28 pm

Re: Yuck The Fankees noob

<nod>  Some do, some don't.  I do, and I'm pretty sure BillV does.  (As do MANY others)
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Sat Apr 09, 2011 3:03 pm

Re: Yuck The Fankees noob

Wow, Bill. That was basically going to be my response verbatim. Thanks for saving me the time :)

Honestly, the most challenging aspect of what you want to do will probably be humbling yourself and starting over. You seem to lack basic computer skills that children in their early teens have nowadays. I apologize for being blunt, and I'm not trying to be rude, but if you don't genuinely appreciate what lies ahead of you, you're not going to be successful.

With the amount of ground you have to cover, you're probably looking at 5+ years to get where you need to be to do such work adequately. You'll probably have to get your foot in the door with basic systems or network administration and then work your way into security.

Having said that, it's certainly possible. There have been others who have been older and had less experience who have made the transition. Resources like this website will provide you with excellent direction. You're going to have roll your sleeves up and dig in though. Simply getting a cert or degree won't lead to true success with that type of work. You need to have an insatiable desire to understand how things work internally and the patience, persistence, and perseverance to work through the obstacles you'll encounter.

While you have a nice broad sample of books, you need to pick a starting place and focus on that. You're going to spin your tires and ultimately get nowhere if you try to learn systems, networking, and programming simultaneously. Develop a road map with short-term, manageable goals. You'll be astonished where you end up in a year or two if you can stick to such a plan.

In regards to Capella specifically, I'm extremely wary of for-profit schools, even if it is accredited. That just rubs me the wrong way and makes me question their priorities. Anyway, for any online school you're considering, make sure it's regionally (not nationally) accredited, and do some googling to find what current and past students think about it.

Review the other centers of excellence. This is one program I'm considering: http://www.scis.nova.edu/masters/msis.html It's a B&M school that offers that degree online; there's no distinction between the online or on-campus degree you end up with. There are several others like that out there as well. Just do some research and trust your instincts. If something seems to be too good to be true, it probably is.

Also, keep an eye on SANS' masters program. I know they've applied for accreditation and if that's granted, that could be a pretty good route to take. You'd also end up with some stellar certs in the process.

Finally, how about some weekend homework?

Download VirtualBox or VMware player and get one Ubuntu 10.10 and one Backtrack 4 VM installed and running. Home lab in a box.

Extra Credit: Use Nmap from within Backtrack to identify the default services running on your Ubuntu system.

Edit: http://www.infiltrated.net/pentesting101.html (courtesy of sil). I don't think the timeline's feasible for your current skill level, but that provides some additional direction.
Last edited by dynamik on Sat Apr 09, 2011 3:37 pm, edited 1 time in total.
The day you stop learning is the day you start becoming obsolete.
<<

YuckTheFankees

User avatar

Sr. Member
Sr. Member

Posts: 332

Joined: Fri Apr 08, 2011 3:07 pm

Post Sat Apr 09, 2011 3:37 pm

Re: Yuck The Fankees noob

Thanks dynamik for your answer. I might of down played my computer skills and knowledge, I know more than the average person about computers but I do not know the full extent of networks, every single component in the computer system or using Linux, and stuff like that. But I get where you are coming from. I know I have a good amount of years ahead of me in this field.
OSCP in progress
<<

ziggy_567

User avatar

Sr. Member
Sr. Member

Posts: 378

Joined: Tue Dec 30, 2008 1:53 pm

Post Sat Apr 09, 2011 4:57 pm

Re: Yuck The Fankees noob

You know, dynamik, it's funny you should put it in those terms...

I started out (as many did in this field) coming from a non-computer academic background. I studied Sociology/Anthropology in my undergraduate degree. I decided to go back to school in Information Systems, and while its a business degree it has a technical aspect to it. I spent two years to complete my Masters. I then spent two years working on a Security desk, but we were more of a glorified help desk more or less. But, I got a ton of experience troubleshooting and learning TCP/IP...a lot of the stuff you DON'T learn in school. Then I spent three years as a Unix/Linux sysadmin. I just started a new job as a pentester a couple months ago.

If you had told me 7 years ago when I started my Masters that it would take me an advanced degree and 5 years of on the job training in addition to half a dozen or so professional certifications to get to a Jr. level position, I would have probably given up right then and there....so maybe ignorance really is bliss! Seriously, though....in pretty much any technical field, you will never be able to have the luxury of sitting on the knowledge you currently have, because it is such a quickly evolving industry that you have to be constantly learning...if you get your head around that and accept that fact, you're already on your way.
--
Ziggy


eCPPT - GSEC - GCIH - GWAPT - GCUX - RHCE - SCSecA - Security+ - Network+
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Sat Apr 09, 2011 5:12 pm

Re: Yuck The Fankees noob

Another book to add to your reading list. Dissecting the Hack:The Forbidden Network by Jayson Street and company. It's broken into 2 parts that link to each other. The story part, showing what a real world adventure could be like, and the technical stuff. It won't make you a master hacker, but it'll start pointing you at skills, tools, and culture.

ziggy_567 wrote:You know, dynamik, it's funny you should put it in those terms...

I started out (as many did in this field) coming from a non-computer academic background. I studied Sociology/Anthropology in my undergraduate degree


Ziggy_567 really, what sub-field were you interested in? I got burnt out on IT when the Dot-com bubble burst (I was over worked and tired of computers), so I got a degree in Anthro. Finished my CIS degree on momentum (Both associates). My interest was in Submerged Native American Archaeology. Really enjoyed my Native American anthro classes, and my interest was in Submerged Archaeology. Kind of mixed the 2. :)  Even got accepted to an underwater field school through SUNY Stoneybrook, but lacked the money for tuition and travel.
OSWP, Sec+
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Sat Apr 09, 2011 5:22 pm

Re: Yuck The Fankees noob

YuckTheFankees wrote:Thanks again guys. Do most of you work in the security field?


I used to be the Senior Network Engineer / senior technical resource / infrastructural engineer / system and network architect / person blamed by management when they ignored my recommendations and things broke like I warned them they would. I had an interest in security, and maintained the firewall and network monitoring tools.

Currently I'm a Data Network Engineer, and my job revolves around creating VPN user accounts, Site to Site VPN tunnels, Access List rule changes, server load balancers (mostly taking servers in and out of service) and Documentation.

I don't see it as a security job, but it has enough security included to keep me interested.
OSWP, Sec+
<<

ziggy_567

User avatar

Sr. Member
Sr. Member

Posts: 378

Joined: Tue Dec 30, 2008 1:53 pm

Post Sat Apr 09, 2011 6:10 pm

Re: Yuck The Fankees noob

@chrisj

Wow...that's a damned fine school....did you study under the Tedlocks?!?

I was more interested in cultural anthropology, but the school where I studied was heavy into Mayan Archaeology. The head of the department led a dig on the Yucatan penninsula. I don't think its an active site nowadays...
--
Ziggy


eCPPT - GSEC - GCIH - GWAPT - GCUX - RHCE - SCSecA - Security+ - Network+
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Sat Apr 09, 2011 6:20 pm

Re: Yuck The Fankees noob

ziggy_567 wrote:If you had told me 7 years ago when I started my Masters that it would take me an advanced degree and 5 years of on the job training in addition to half a dozen or so professional certifications to get to a Jr. level position, I would have probably given up right then and there....so maybe ignorance really is bliss!


Hah, maybe it is!

That's one of the reasons I stressed breaking up the entire journey into manageable steps (i.e. first focus on the CCNA and getting an entry-level networking job). If your attitude at the onset is, "I could either do this or start a PhD from scratch..." you're truly setting yourself up for failure.

IMHO, if the intrinsic rewards are there for you, it's with the effort; I don't know what I'd be doing if it wasn't this.

chrisj wrote:Another book to add to your reading list. Dissecting the Hack:The Forbidden Network by Jayson Street and company.


I just one-clicked the Kindle edition. I've repeatedly seen that recommended and finally had to check it out.

Have you read: http://www.amazon.com/Stealing-Network- ... 409&sr=1-1

Some of it's a bit dated at this point, but it's a REALLY FUN work of technical fiction.

The Hackers Challenge books are also in a similar vein, but that might be what the OP was already referring to with the "Hackers 3," book reference.

chrisj wrote:Ziggy_567 really, what sub-field were you interested in? I got burnt out on IT when the Dot-com bubble burst (I was over worked and tired of computers), so I got a degree in Anthro. Finished my CIS degree on momentum (Both associates). My interest was in Submerged Native American Archaeology. Really enjoyed my Native American anthro classes, and my interest was in Submerged Archaeology. Kind of mixed the 2. :)  Even got accepted to an underwater field school through SUNY Stoneybrook, but lacked the money for tuition and travel.


It's funny how diverse our backgrounds are. I *almost* have an undergrad in psychology (only need to fulfill my second-language requirement). I try to trick myself into believing it's really useful for social engineering, but, well, not so much...

I think the real benefit to me was being forced to become a semi-competent writer and learning to get up in front of a group and give a decent 15-minute presentation (check out Toastmasters if you want to hone those skills). I've seen people who are technical geniuses but have atrocious communication skills (poor grammar, stuttering on the phone/in-person, etc.). If you're in, or want to get into, a customer-facing position (which I consider to include providing written reports), it's extremely important to develop soft skill sets as well.

chrisj wrote:Currently I'm a Data Network Engineer, and my job revolves around creating VPN user accounts, Site to Site VPN tunnels, Access List rule changes, server load balancers (mostly taking servers in and out of service) and Documentation.

I don't see it as a security job, but it has enough security included to keep me interested.


This is an excellent point. A career in security isn't an all-or-nothing proposition. Security is intertwined with all aspects of information technology.

I forgot to respond to this question, but I recently took on a role as an information security manger. However, my previous role involve penetration testing, social engineering, audits, risk assessments, etc. I have some pretty interesting/challenging objectives to work towards over the next couple of years, but I ultimately want to get back into the technical side of things.
The day you stop learning is the day you start becoming obsolete.
Next

Return to Career Central

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software