Security 101?

Posted on 2003-11-04
Last Modified: 2010-04-11
When I was preparing for my CCNA I learned great deal about networks. It's a great entry level exam to learn networking.
Now I wonder which entry level security exam is the best to take to learn about security. I am just confused with to many options on the market.

Or maybe you could sugest a great book with hands on assignements..I am learn by doing type of person.

Thanks a lot
Question by:howei
  • 3
  • 3
  • 2
  • +3
LVL 79

Expert Comment

ID: 9682185
Start with the Reading Room at
Pick a sub-topic and start reading...

Read Kevin Mitnik's book "The Art of Deception"

You can go for the GIAC GSE Security Expert accreditation:
LVL 79

Expert Comment

ID: 9682193
CISSP is another cert you can go after and learn in the process:

LVL 10

Expert Comment

ID: 9684985
If you are a hands on kinda guy, the CISSP and GIAC stuff may be [albeit important for sure!] a tad overwhelming. I recommend getting your feet wet with "Network Security: A Beginner's Guide" [ISBN: 0072133244] and perhaps "The Best Damn Firewall Book Period" [ISBN: 1931836906]. These books are usually light to read-- simply explained, but thorough in matter. These will help shape your understanding so that you can decide better where you want to go with security studies.
Hunt for your books on BN or Amazon, but see if you can find 'em cheaper on ! Good Luck.

Author Comment

ID: 9686680
Thank you guys, I'll wait a bit longer here to see if I'll get some more valuable input and opinions.
I guess I am after a balanced mix approach for learning security issues, to much of focus on the theory and no hands-on labs becomes to dry to me quite soon...
That is why I enjoyed studing for CCNA so much, I had theory and also lots of labs-simulations to practice with.
I also wonder if there is anything like that ( simulation/labs ) out for some of the security exams.
Of to check your suggested links and books...

Thanks for any comment.

Accepted Solution

TooKoolKris earned 50 total points
ID: 9687522
When preparing for the GSEC exam you may find this book to be of good help. Its a hands on type of book with plaent of tools and real world examples to lay with as well.

This package includes a Study Guide, a DVD containing instructor led training, and Web-based exam simulation and remediation. Step-by-Step Exercises. Hands-on exercises show you how to implement various security measures.

Here is one that pertains to Cisco security.

This is one of my recomendations for anyone in the security field.

Provides the definitive formula for computer security, from power outages to theft and sabotage. Fourth edition continues a long tradition of maintaining highly regarded industry guidelines for detecting virtually every possible threat to your system and prescribes specific actions you can take to eliminate them.

These should get your security library started off fairly well; I'm of the opinion that you can never read too much about security. I gain at least some new knowledge from everyone that I read. As far as certifications go I would look at starting with the SANS GIAC program as it will provide a sound foundation in security principles. If you want to take things to a professional level the I would consider the CISSP as most of the top companies will look for this certification when hiring it's security consultant's or personnel. If you are planning to continue on in your Cisco certification path then I would also recommend that you look at the CCSP path.

Hope this helps.

Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

LVL 24

Expert Comment

ID: 9690002
I rather enjoyed Cuckoo's Egg

Author Comment

ID: 9695174

lots of god info here, thanks a lot.


Expert Comment

ID: 9699554

All the above is great - a complimentary way to get your feet wet is to pick a security technology and learn it hands-on. If you are working and you can get access to things like post or pre-production firewalls then see if you can play with them. Also some firewall admins (if they are any good) don't mind sharing their knowledge with people who are keen to learn. You can't go wrong with learning how a Checkpoint works, if you are a CCNA then PIX is an obvious choice etc.

If you don't have access to any of the corporate stuff then start reading up and playing with things like ipchains and nmap on your linux box. Oh - and on that note - use linux - you will learn an awful lot about how to be a security person from getting great at linux.

I see a lot of people out there with paper qualifications - get your hands dirty while you do the boring stuff and you will get so much more out of it! Employers like to see people who can build firewalls or IDS systems out of rubbish machines as well as have qualifications. Not at the expense of communication skills of course :-]

Oh - and you can't go past EE for answers to those tricky questions (schlurp...)

Expert Comment

ID: 9700616
Your Welcome :)

Author Comment

ID: 9702217

you got sam good points in your comment. Unfortunatelly at the place I work I can't get much of the knowledge sharing. It is that kind of enviroment here.
So I have to learn on my own. We do have an old pix and also ISA server so I could do that but thought to get some general knowledge first, eg. Security+

I am also sick of often dry and useless certification questions and books.

Thank you.

Expert Comment

ID: 9702317
I think you have the right plan in mind. Get yourself a good overview of general security topics and then you can decide what specific areas of security you would like to concentrate on. Don't depend on others to feed you your knowledge, these things are best done yourself and are best learned and comprehended via personal experience. It is always nice to have a mentor around to ask questions of but then again you always have EE right?

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now