Security 101?

When I was preparing for my CCNA I learned great deal about networks. It's a great entry level exam to learn networking.
Now I wonder which entry level security exam is the best to take to learn about security. I am just confused with to many options on the market.

Or maybe you could sugest a great book with hands on assignements..I am learn by doing type of person.

Thanks a lot
howeiAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

lrmooreCommented:
Start with the Reading Room at http://www.sans.org
Pick a sub-topic and start reading...

Read Kevin Mitnik's book "The Art of Deception"
http://www.growingresults.com/prod/0471237124.html

You can go for the GIAC GSE Security Expert accreditation:
http://www.giac.org/
0
lrmooreCommented:
CISSP is another cert you can go after and learn in the process:
http://www.cissps.com/

0
KingHollisCommented:
If you are a hands on kinda guy, the CISSP and GIAC stuff may be [albeit important for sure!] a tad overwhelming. I recommend getting your feet wet with "Network Security: A Beginner's Guide" [ISBN: 0072133244] and perhaps "The Best Damn Firewall Book Period" [ISBN: 1931836906]. These books are usually light to read-- simply explained, but thorough in matter. These will help shape your understanding so that you can decide better where you want to go with security studies.
Hunt for your books on BN or Amazon, but see if you can find 'em cheaper on www.bookpool.com ! Good Luck.
0
What were the top attacks of Q1 2018?

The Threat Lab team analyzes data from WatchGuard’s Firebox Feed, internal and partner threat intelligence, and a research honeynet, to provide insightful analysis about the top threats on the Internet. Check out our Q1 2018 report for smart, practical security advice today!

howeiAuthor Commented:
Great!
Thank you guys, I'll wait a bit longer here to see if I'll get some more valuable input and opinions.
I guess I am after a balanced mix approach for learning security issues, to much of focus on the theory and no hands-on labs becomes to dry to me quite soon...
That is why I enjoyed studing for CCNA so much, I had theory and also lots of labs-simulations to practice with.
I also wonder if there is anything like that ( simulation/labs ) out for some of the security exams.
Of to check your suggested links and books...

Thanks for any comment.
Howei
0
TooKoolKrisCommented:
When preparing for the GSEC exam you may find this book to be of good help. Its a hands on type of book with plaent of tools and real world examples to lay with as well.

http://www.amazon.com/exec/obidos/ASIN/0789727749/qid=1068045831/sr=2-1/ref=sr_2_1/002-8357494-1219248

This package includes a Study Guide, a DVD containing instructor led training, and Web-based exam simulation and remediation. Step-by-Step Exercises. Hands-on exercises show you how to implement various security measures.

http://www.amazon.com/exec/obidos/tg/detail/-/1931836728/qid=1068045831/sr=1-8/ref=sr_1_8/002-8357494-1219248?v=glance&s=books

Here is one that pertains to Cisco security.

http://www.amazon.com/exec/obidos/tg/detail/-/0764516841/qid=1068046209/sr=1-8/ref=sr_1_8/002-8357494-1219248?v=glance&s=books

This is one of my recomendations for anyone in the security field.

Provides the definitive formula for computer security, from power outages to theft and sabotage. Fourth edition continues a long tradition of maintaining highly regarded industry guidelines for detecting virtually every possible threat to your system and prescribes specific actions you can take to eliminate them.

http://www.amazon.com/exec/obidos/tg/detail/-/0471412589/qid=1068046337/sr=1-18/ref=sr_1_18/002-8357494-1219248?v=glance&s=books

These should get your security library started off fairly well; I'm of the opinion that you can never read too much about security. I gain at least some new knowledge from everyone that I read. As far as certifications go I would look at starting with the SANS GIAC program as it will provide a sound foundation in security principles. If you want to take things to a professional level the I would consider the CISSP as most of the top companies will look for this certification when hiring it's security consultant's or personnel. If you are planning to continue on in your Cisco certification path then I would also recommend that you look at the CCSP path.

Hope this helps.

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
SunBowCommented:
I rather enjoyed Cuckoo's Egg
0
howeiAuthor Commented:
TooKoolKris,

lots of god info here, thanks a lot.

howei
0
ferg-oCommented:

All the above is great - a complimentary way to get your feet wet is to pick a security technology and learn it hands-on. If you are working and you can get access to things like post or pre-production firewalls then see if you can play with them. Also some firewall admins (if they are any good) don't mind sharing their knowledge with people who are keen to learn. You can't go wrong with learning how a Checkpoint works, if you are a CCNA then PIX is an obvious choice etc.

If you don't have access to any of the corporate stuff then start reading up and playing with things like ipchains and nmap on your linux box. Oh - and on that note - use linux - you will learn an awful lot about how to be a security person from getting great at linux.

I see a lot of people out there with paper qualifications - get your hands dirty while you do the boring stuff and you will get so much more out of it! Employers like to see people who can build firewalls or IDS systems out of rubbish machines as well as have qualifications. Not at the expense of communication skills of course :-]

Oh - and you can't go past EE for answers to those tricky questions (schlurp...)
0
TooKoolKrisCommented:
Your Welcome :)
0
howeiAuthor Commented:
ferg-o:

you got sam good points in your comment. Unfortunatelly at the place I work I can't get much of the knowledge sharing. It is that kind of enviroment here.
So I have to learn on my own. We do have an old pix and also ISA server so I could do that but thought to get some general knowledge first, eg. Security+

I am also sick of often dry and useless certification questions and books.

Thank you.
0
TooKoolKrisCommented:
I think you have the right plan in mind. Get yourself a good overview of general security topics and then you can decide what specific areas of security you would like to concentrate on. Don't depend on others to feed you your knowledge, these things are best done yourself and are best learned and comprehended via personal experience. It is always nice to have a mentor around to ask questions of but then again you always have EE right?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.