Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Security 101?

Posted on 2003-11-04
11
Medium Priority
?
223 Views
Last Modified: 2010-04-11
When I was preparing for my CCNA I learned great deal about networks. It's a great entry level exam to learn networking.
Now I wonder which entry level security exam is the best to take to learn about security. I am just confused with to many options on the market.

Or maybe you could sugest a great book with hands on assignements..I am learn by doing type of person.

Thanks a lot
0
Comment
Question by:howei
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +3
11 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 9682185
Start with the Reading Room at http://www.sans.org
Pick a sub-topic and start reading...

Read Kevin Mitnik's book "The Art of Deception"
http://www.growingresults.com/prod/0471237124.html

You can go for the GIAC GSE Security Expert accreditation:
http://www.giac.org/
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 9682193
CISSP is another cert you can go after and learn in the process:
http://www.cissps.com/

0
 
LVL 10

Expert Comment

by:KingHollis
ID: 9684985
If you are a hands on kinda guy, the CISSP and GIAC stuff may be [albeit important for sure!] a tad overwhelming. I recommend getting your feet wet with "Network Security: A Beginner's Guide" [ISBN: 0072133244] and perhaps "The Best Damn Firewall Book Period" [ISBN: 1931836906]. These books are usually light to read-- simply explained, but thorough in matter. These will help shape your understanding so that you can decide better where you want to go with security studies.
Hunt for your books on BN or Amazon, but see if you can find 'em cheaper on www.bookpool.com ! Good Luck.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Comment

by:howei
ID: 9686680
Great!
Thank you guys, I'll wait a bit longer here to see if I'll get some more valuable input and opinions.
I guess I am after a balanced mix approach for learning security issues, to much of focus on the theory and no hands-on labs becomes to dry to me quite soon...
That is why I enjoyed studing for CCNA so much, I had theory and also lots of labs-simulations to practice with.
I also wonder if there is anything like that ( simulation/labs ) out for some of the security exams.
Of to check your suggested links and books...

Thanks for any comment.
Howei
0
 
LVL 9

Accepted Solution

by:
TooKoolKris earned 200 total points
ID: 9687522
When preparing for the GSEC exam you may find this book to be of good help. Its a hands on type of book with plaent of tools and real world examples to lay with as well.

http://www.amazon.com/exec/obidos/ASIN/0789727749/qid=1068045831/sr=2-1/ref=sr_2_1/002-8357494-1219248

This package includes a Study Guide, a DVD containing instructor led training, and Web-based exam simulation and remediation. Step-by-Step Exercises. Hands-on exercises show you how to implement various security measures.

http://www.amazon.com/exec/obidos/tg/detail/-/1931836728/qid=1068045831/sr=1-8/ref=sr_1_8/002-8357494-1219248?v=glance&s=books

Here is one that pertains to Cisco security.

http://www.amazon.com/exec/obidos/tg/detail/-/0764516841/qid=1068046209/sr=1-8/ref=sr_1_8/002-8357494-1219248?v=glance&s=books

This is one of my recomendations for anyone in the security field.

Provides the definitive formula for computer security, from power outages to theft and sabotage. Fourth edition continues a long tradition of maintaining highly regarded industry guidelines for detecting virtually every possible threat to your system and prescribes specific actions you can take to eliminate them.

http://www.amazon.com/exec/obidos/tg/detail/-/0471412589/qid=1068046337/sr=1-18/ref=sr_1_18/002-8357494-1219248?v=glance&s=books

These should get your security library started off fairly well; I'm of the opinion that you can never read too much about security. I gain at least some new knowledge from everyone that I read. As far as certifications go I would look at starting with the SANS GIAC program as it will provide a sound foundation in security principles. If you want to take things to a professional level the I would consider the CISSP as most of the top companies will look for this certification when hiring it's security consultant's or personnel. If you are planning to continue on in your Cisco certification path then I would also recommend that you look at the CCSP path.

Hope this helps.

0
 
LVL 24

Expert Comment

by:SunBow
ID: 9690002
I rather enjoyed Cuckoo's Egg
0
 

Author Comment

by:howei
ID: 9695174
TooKoolKris,

lots of god info here, thanks a lot.

howei
0
 
LVL 4

Expert Comment

by:ferg-o
ID: 9699554

All the above is great - a complimentary way to get your feet wet is to pick a security technology and learn it hands-on. If you are working and you can get access to things like post or pre-production firewalls then see if you can play with them. Also some firewall admins (if they are any good) don't mind sharing their knowledge with people who are keen to learn. You can't go wrong with learning how a Checkpoint works, if you are a CCNA then PIX is an obvious choice etc.

If you don't have access to any of the corporate stuff then start reading up and playing with things like ipchains and nmap on your linux box. Oh - and on that note - use linux - you will learn an awful lot about how to be a security person from getting great at linux.

I see a lot of people out there with paper qualifications - get your hands dirty while you do the boring stuff and you will get so much more out of it! Employers like to see people who can build firewalls or IDS systems out of rubbish machines as well as have qualifications. Not at the expense of communication skills of course :-]

Oh - and you can't go past EE for answers to those tricky questions (schlurp...)
0
 
LVL 9

Expert Comment

by:TooKoolKris
ID: 9700616
Your Welcome :)
0
 

Author Comment

by:howei
ID: 9702217
ferg-o:

you got sam good points in your comment. Unfortunatelly at the place I work I can't get much of the knowledge sharing. It is that kind of enviroment here.
So I have to learn on my own. We do have an old pix and also ISA server so I could do that but thought to get some general knowledge first, eg. Security+

I am also sick of often dry and useless certification questions and books.

Thank you.
0
 
LVL 9

Expert Comment

by:TooKoolKris
ID: 9702317
I think you have the right plan in mind. Get yourself a good overview of general security topics and then you can decide what specific areas of security you would like to concentrate on. Don't depend on others to feed you your knowledge, these things are best done yourself and are best learned and comprehended via personal experience. It is always nice to have a mentor around to ask questions of but then again you always have EE right?
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

IF you are either unfamiliar with rootkits, or want to know more about them, read on ....
What we learned in Webroot's webinar on multi-vector protection.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question