Interest in Security

[*= WildCat =*]

I'm seriously thinking about giving up gaming as I find myself becoming more and more interested in the security side of Computing (eg) Firewall's, Anti Virus, Anti Mal ware, any suggestions from members on ways to pursue my growing interest please ?

 

[root]

you could try selfstudy for a comptia security +

do you have a goal in mind? (like getting a job in the field)

 

[iPwn]

you could try selfstudy for a comptia security +

To piggy back on root's word usage (intentional or not); There was no 'cram and get certified' in that. Study, practice, research, practice, study, and then practice.

All-too often I interview IT candidates with certifications to be proud of, but they can't answer basic, fundamental questions about the scope of the specialization. I had a kid who had a CCNA and a Network+ cert but couldn't answer questions about the OSI model. Learn it and don't cram for a piece of paper because that's all you'll get out of it.

 

[*= WildCat =*]

Thanks guys (I'm not going for any bits of paper) I have a growing interest in Computer Security and intend to learn much more then I know about it

 

[setishock]

Start with the security programming in your router. See what options you have then Google them to see what they do.

 

[*= WildCat =*]

Start with the security programming in your router. See what options you have then Google them to see what they do.

I setup port forwarding for an app and updated my Sky Router firmware some time ago, Hardware Firewall is in place

 

[berry120]

The other thing in terms of certifications is that they become out of date (or just out of fashion in some circles.) A good knowledge of the fundamentals goes a long way, and contrary to popular believe that doesn't really go out of date (the OSI model, TCP/IP, firewalls, routers, and the various topologies of networks have all been around for decades now.)

One other thing to remember is that "security" in itself has an incredibly broad definition - I'd advise looking more precisely at the sort of jobs around on the side of thing you're looking at. Do you want to be more practically based (installing firewalls and suchlike) in which case your role would likely encompass several other general tech based tasks as well, or do you want to be more theoretically based, doing original academic research? Either of those categories can be broken down much, much further of course

Your response thus far seems to point towards a desire to practically leverage existing technologies to provide security to various systems, and to that degree there's several things you may want to look at:

• Some of the theory behind common encryption / hashing algorithms. A grasp of things like TKIP, AES, SHA and MD5 would not go amiss. I say this because although you seem more practically oriented, a grasp of the theory can go a long way in understanding what is best to practically implement and use.
• Get a good grasp and knowledge of wireless security. Understand why WEP is broken in every sense of the word, how WPA2 improves on WPA and how RADIUS works. Understand what MSCHAPv2 actually is, and whether it actually works. (Hint: It's near enough fully broken as well.) Have a look at the various attacks possible over wireless, how to mitigate against them and the best technologies (or indeed combination of technologies) to use in these scenarios.
• Understand common web based attacks and how to mitigate against them. SQL injections are pretty much confined to history now, but a secure knowledge of them wouldn't go amiss, and there are still many, many other leaks out in the wild. XSS was all the rage until a couple of years ago, and now it seems to be authentication based attacks taking over. Understand what these are and how to best stop them.

Of course, you're not going to learn about all of those overnight, and nor should you - I simply include them as technologies and areas that would be beneficial to look at if you're thinking of learning more in this area (especially if you want a job out of it eventually.) If you want clarification on any particular technologies listed above or any other points then feel free to ask! I was once interested going into computer security myself, though admittedly more the academic / theoretical side of it - so I have a bit of knowledge around the area, but not hugely extensive

 

[vampist]

To piggy back on root's word usage (intentional or not); There was no 'cram and get certified' in that. Study, practice, research, practice, study, and then practice.

All-too often I interview IT candidates with certifications to be proud of, but they can't answer basic, fundamental questions about the scope of the specialization. I had a kid who had a CCNA and a Network+ cert but couldn't answer questions about the OSI model. Learn it and don't cram for a piece of paper because that's all you'll get out of it.

Looking to get into the networking field (CCNA, CCNP training in college and working on getting CCNA cert) Would you possibly mind shooting me some practice questions you would ask in an interview in a PM?



@ *= WildCat =*

I have always had a security mindset. I really enjoy reading about social engineering, common hacker tricks, "phreaks", the 2600 series, etc.

I would highly recommend you try to gear up for security not just study the ins and outs. Try to learn the "how would I break/crack/hack/exploit this?"

 

[berry120]

I would highly recommend you try to gear up for security not just study the ins and outs. Try to learn the "how would I break/crack/hack/exploit this?"

The latter is important, but actually I find that comes naturally out of a study of the theory, which offers a more extensive base from which to work from. But yes - learning the practical side is of course important too!

 

[*= WildCat =*]

berry120 thank you very much for the info and suggestions (I will be looking at these)

vampist thank you also for your suggestions , as to a job related ... no I am already involved in a career that I love and is very well paid

Thanks guys ... Kiss