Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 225
  • Last Modified:

Security 101?

When I was preparing for my CCNA I learned great deal about networks. It's a great entry level exam to learn networking.
Now I wonder which entry level security exam is the best to take to learn about security. I am just confused with to many options on the market.

Or maybe you could sugest a great book with hands on assignements..I am learn by doing type of person.

Thanks a lot
0
howei
Asked:
howei
  • 3
  • 3
  • 2
  • +3
1 Solution
 
lrmooreCommented:
Start with the Reading Room at http://www.sans.org
Pick a sub-topic and start reading...

Read Kevin Mitnik's book "The Art of Deception"
http://www.growingresults.com/prod/0471237124.html

You can go for the GIAC GSE Security Expert accreditation:
http://www.giac.org/
0
 
lrmooreCommented:
CISSP is another cert you can go after and learn in the process:
http://www.cissps.com/

0
 
KingHollisCommented:
If you are a hands on kinda guy, the CISSP and GIAC stuff may be [albeit important for sure!] a tad overwhelming. I recommend getting your feet wet with "Network Security: A Beginner's Guide" [ISBN: 0072133244] and perhaps "The Best Damn Firewall Book Period" [ISBN: 1931836906]. These books are usually light to read-- simply explained, but thorough in matter. These will help shape your understanding so that you can decide better where you want to go with security studies.
Hunt for your books on BN or Amazon, but see if you can find 'em cheaper on www.bookpool.com ! Good Luck.
0
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

 
howeiAuthor Commented:
Great!
Thank you guys, I'll wait a bit longer here to see if I'll get some more valuable input and opinions.
I guess I am after a balanced mix approach for learning security issues, to much of focus on the theory and no hands-on labs becomes to dry to me quite soon...
That is why I enjoyed studing for CCNA so much, I had theory and also lots of labs-simulations to practice with.
I also wonder if there is anything like that ( simulation/labs ) out for some of the security exams.
Of to check your suggested links and books...

Thanks for any comment.
Howei
0
 
TooKoolKrisCommented:
When preparing for the GSEC exam you may find this book to be of good help. Its a hands on type of book with plaent of tools and real world examples to lay with as well.

http://www.amazon.com/exec/obidos/ASIN/0789727749/qid=1068045831/sr=2-1/ref=sr_2_1/002-8357494-1219248

This package includes a Study Guide, a DVD containing instructor led training, and Web-based exam simulation and remediation. Step-by-Step Exercises. Hands-on exercises show you how to implement various security measures.

http://www.amazon.com/exec/obidos/tg/detail/-/1931836728/qid=1068045831/sr=1-8/ref=sr_1_8/002-8357494-1219248?v=glance&s=books

Here is one that pertains to Cisco security.

http://www.amazon.com/exec/obidos/tg/detail/-/0764516841/qid=1068046209/sr=1-8/ref=sr_1_8/002-8357494-1219248?v=glance&s=books

This is one of my recomendations for anyone in the security field.

Provides the definitive formula for computer security, from power outages to theft and sabotage. Fourth edition continues a long tradition of maintaining highly regarded industry guidelines for detecting virtually every possible threat to your system and prescribes specific actions you can take to eliminate them.

http://www.amazon.com/exec/obidos/tg/detail/-/0471412589/qid=1068046337/sr=1-18/ref=sr_1_18/002-8357494-1219248?v=glance&s=books

These should get your security library started off fairly well; I'm of the opinion that you can never read too much about security. I gain at least some new knowledge from everyone that I read. As far as certifications go I would look at starting with the SANS GIAC program as it will provide a sound foundation in security principles. If you want to take things to a professional level the I would consider the CISSP as most of the top companies will look for this certification when hiring it's security consultant's or personnel. If you are planning to continue on in your Cisco certification path then I would also recommend that you look at the CCSP path.

Hope this helps.

0
 
SunBowCommented:
I rather enjoyed Cuckoo's Egg
0
 
howeiAuthor Commented:
TooKoolKris,

lots of god info here, thanks a lot.

howei
0
 
ferg-oCommented:

All the above is great - a complimentary way to get your feet wet is to pick a security technology and learn it hands-on. If you are working and you can get access to things like post or pre-production firewalls then see if you can play with them. Also some firewall admins (if they are any good) don't mind sharing their knowledge with people who are keen to learn. You can't go wrong with learning how a Checkpoint works, if you are a CCNA then PIX is an obvious choice etc.

If you don't have access to any of the corporate stuff then start reading up and playing with things like ipchains and nmap on your linux box. Oh - and on that note - use linux - you will learn an awful lot about how to be a security person from getting great at linux.

I see a lot of people out there with paper qualifications - get your hands dirty while you do the boring stuff and you will get so much more out of it! Employers like to see people who can build firewalls or IDS systems out of rubbish machines as well as have qualifications. Not at the expense of communication skills of course :-]

Oh - and you can't go past EE for answers to those tricky questions (schlurp...)
0
 
TooKoolKrisCommented:
Your Welcome :)
0
 
howeiAuthor Commented:
ferg-o:

you got sam good points in your comment. Unfortunatelly at the place I work I can't get much of the knowledge sharing. It is that kind of enviroment here.
So I have to learn on my own. We do have an old pix and also ISA server so I could do that but thought to get some general knowledge first, eg. Security+

I am also sick of often dry and useless certification questions and books.

Thank you.
0
 
TooKoolKrisCommented:
I think you have the right plan in mind. Get yourself a good overview of general security topics and then you can decide what specific areas of security you would like to concentrate on. Don't depend on others to feed you your knowledge, these things are best done yourself and are best learned and comprehended via personal experience. It is always nice to have a mentor around to ask questions of but then again you always have EE right?
0

Featured Post

WatchGuard Case Study: NCR

With business operations for thousands of customers largely depending on the internal systems they support, NCR can’t afford to waste time or money on security products that are anything less than exceptional. That’s why they chose WatchGuard.

  • 3
  • 3
  • 2
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now