Security Basics mailing list archives
RE: Security+
From: "Mike Heitz" <mikeheitz () upshotmail com>
Date: Mon, 6 Jan 2003 22:01:08 -0600
WEll, it's good to hear I'm on the right track. I read everything I can get my grubby little paws on. Don't have the
resources for two test networks, but I have got 1 XP box and a couple Linux boxes. Going nowhere fast with Linux... my
learning curve is getting in the way. I may be able to acquire a Cisco 2500 series router... not sure... I do have the
CCNA cert already, and would love to dig deeper in that. Programming is beyond just picking up a book and figuring it
out for me. I haven't been able to put the time into learning all the coding I would like and so I end up with a
general knowledge of it, but can't do it to save my life.
-----Original Message-----
From: Jack McCarthy [mailto:jack () jackmccarthy com]
Sent: Mon 1/6/2003 12:31 PM
To: security-basics () securityfocus com
Cc:
Subject: RE: Security+
I'm in a similar situation. I'm not a pro by a long shot, but here are some things that have
helped me...at least get a better handle on 'some' of the concepts. I'm still a long way off from
being a security professional...
Build a home network (or some sort of test network) and include the following:
-A broadband connection. DSL or Cable. If you can afford it, have two separate connections - two
modems. Keep one network connected as a regular connection so you can check email and online
documents (technical docs and PDFs) and the other modem connected to your test network. This way
when you are trying to get (in my case) your UNIX-like firewall/router working and tying up one
network, you still have the other network to access the Internet and look up online documentation
and check email. Instead of switching back and forth every time you need to check email.
Have the following equipment:
-UNIX or a UNIX-like box. e.g. OpenBSD.
-Linux box. Your pick.
-NT/2000 boxes.
-Hubs/switches.
-Build your own firewall/router. UNIX or Linux. If you can get your hands on a Firewall-1, even
better.
-Build your own IDS. Snort is free.
-Learn how to use Nmap.
-http://project.honeynet.org/ and read all submissions of 'Scan of the Month'.
-You have to learn programming! Being able to read code (a.k.a. exploits) is an absolute MUST!
I'm studding C programming now.
-Read all the security news, articles, mailing lists that you possibly can.
-Go to securityfocus.com and get on all of their mailing lists. (Obviously you've already been
there).
-Read, read, read...
Anyone feel free to expand on this? Improve or rebut my ideas/strategies?
I’d be interested to hear what other people are doing to gain more knowledge/experience.
-Jack
--- Mike Heitz <mikeheitz () upshotmail com> wrote:
> I'm new to Security (just had it heaped on me after my last performance
> review) and am interested in some Certs. I've heard mention of the CISSP
> before, and have seen articles on the Security+. I have really no
> programming background and have limited access to funds for training,
> etc... most of my training is through ordering a book from Amazon or
> something and trying the stuff out.
>
> So my question is, am I going to be way over my head looking into these
> certs? I have been an admin for Novell for 5 years, and have spent the
> last 3 years in an NT/2000 environment. I want to learn as much as
> possible, but really don't like using things like Transcender just to
> pass a test. I want to "KNOW" what I am doing. :)
>
> Any advice????
>
> mike heitz ** sr it manager ** UPSHOT
> 312-943-0900 x5190
>
> -----Original Message-----
> From: Kriss Warner [mailto:kriss () cyberdinecorp com]
> Sent: Sunday, January 05, 2003 1:45 PM
> To: simont () lantic net; 'Security-Basics'
> Subject: RE: Security+
>
> Hey Simon: I have been doing security work for the last couple of years
> (Intrusion Detect, Policy compliance etc.) I did some investigation into
> the various Cert's and basically found that most people are looking for
> CISSP. I wanted to get one Cert this year and it going to be CISSP. I
> understand that the other cert's are well respected. The final decision
> should be based upon how the Cert will help in your career path.
>
> Hope that helps.
>
> Regards,
> Christopher (Kriss) Warner
> CYBERDINE
> Kriss () cyberdinecorp com
> Phone: 905.576.5931
> Fax: 905.571.6562
> Cell: 416.402.9838
> www.cyberdinecorp.com
>
>
> -----Original Message-----
> From: Simon Taplin [mailto:simont () lantic net]
> Sent: Saturday, January 04, 2003 3:29 PM
> To: Security-Basics
> Subject: Security+
>
> Has anybody done/looked at CompTIA's Security+ cert.
>
> Is it a good cert to get because I eventually want to get into security
> but
> at the moment I don't have the experience/cash to do the SANS or CISSP
> courses (plus the fact that SANS is offered in South Africa)
>
> Simon
>
>
> Quote of the day:
> Systems Administration is the kind of job that nobody notices if you're
> doing it well. People only take notice of their systems when they're not
> working.
> ---
>
> This email has been scanned by AVG Anti-Virus
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.435 / Virus Database: 244 - Release Date: 2002/12/30
>
>
>
>
>
Current thread:
- RE: Security+, (continued)
- RE: Security+ Kriss Warner (Jan 06)
- RE: Security+ Christian Hampson (Jan 06)
- RE: Security+ Daniel R. Miessler (Jan 06)
- RE: Security+ Mike Heitz (Jan 06)
- Re: Security+ Meritt James (Jan 06)
- RE: Security+ Jack McCarthy (Jan 06)
- RE: Security+ Mark S. Searle (Jan 06)
- RE: Security+ Gedi (Jan 08)
- experience requirement (was: Re: Security+ Meritt James (Jan 09)
- RE: Security+ Clement Dupuis (Jan 09)
- RE: Security+ Gedi (Jan 08)
- RE: Security+ Mike Heitz (Jan 07)
- RE: Security+ Lachlan McGill (Jan 09)
- RE: Security+ Clement Dupuis (Jan 11)
- RE: Security+ Gedi (Jan 11)
- RE: Security+ Shaw, Kevin (Jan 21)
- RE: Security+ David Gillett (Jan 13)
- Re: Security+ Nick Shapley (Jan 23)
- careful! (was: Re: Security+ Meritt James (Jan 23)
- RE: careful! (was: Re: Security+ Tim V - DZ (Jan 24)