Networking for Information Security/Penetration Testing

TeKniques

Lots of good advice in this thread. To answer your last question - I would not bother with the Network+ if you're going to get a CCNA. The CCENT will teach you as much as the Network+ but is more valuable. IMO, the CompTIA certs are way overpriced for their ROI.

aderon

LonVenu wrote: »

If i say that I decided to get a networking certification, should I go this route: Net+ > CCENT > CCNA R&S , or study CCNA R&S immediately ? in both routes, i will get the ccna certification only. I will probably then get the CCNA Security.

I would go CCENT > CCNA R&S. Net+ isn't necessary and trying to do the CCNA R&S as one test (instead of doing CCENT first) is needlessly difficult.

Also, I wouldn't recommend CCNA Security. There's a lot of issues with it and there's better ROI to be found elsewhere.

MeanDrunkR2D2

TeKniques wrote: »

Lots of good advice in this thread. To answer your last question - I would not bother with the Network+ if you're going to get a CCNA. The CCENT will teach you as much as the Network+ but is more valuable. IMO, the CompTIA certs are way overpriced for their ROI.

This. N+ is worthless if you have a CCENT or CCNA. And honestly I do think that CompTia certs are overpriced for what they are and most cases worthless. (Unless required by your job or potential job)

LonVenu

TeKniques wrote: »

Lots of good advice in this thread. To answer your last question - I would not bother with the Network+ if you're going to get a CCNA. The CCENT will teach you as much as the Network+ but is more valuable. IMO, the CompTIA certs are way overpriced for their ROI.

Maybe it will be sticky'ed!
Thanks! I think I am gonna study CCENT, and then the CCNA R&S.

wrfortiscue

CCENT+ CCNA is a pretty valuable and standard test for most. I agree with the Comptia exams, not worth it. The way it sounds is you have this idea of learning and studying for certain certifications and then getting a job right out the bat with them. While possible it's highly unlikely. Most people here had to start from the bottom and work their way up. Also, politics play a big part, such as moving someone up in the field fast because they like him/her or know them. Learn what you can, try to volunteer and get experience. Set yourself apart from the rest. Get a NOC job, gain exp and move up.

TeKniques

MeanDrunkR2D2 wrote: »

This. N+ is worthless if you have a CCENT or CCNA. And honestly I do think that CompTia certs are overpriced for what they are and most cases worthless. (Unless required by your job or potential job)

Yep, totally agree. Had they not been the first certs I got I would have never taken them

LonVenu

aderon wrote: »

I would go CCENT > CCNA R&S. Net+ isn't necessary and trying to do the CCNA R&S as one test (instead of doing CCENT first) is needlessly difficult.

Also, I wouldn't recommend CCNA Security. There's a lot of issues with it and there's better ROI to be found elsewhere.

Does the CCENT explain the fundamentals of networking ? that are not connected with the CISCO vendor ?

Really !? what do you mean by ROI ? (Yes, I am noob!)

TeKniques

Before taking any certification you need to read about what it is and specifically the exam objectives. Information on the CCENT can be found on Cisco's website:
CCENT - Cisco

ROI - Return on Investment. For your time and money spent obtaining something what can you see yourself getting out of it? A simple way to figure out what certifications have a better ROI is to search for them on a job board and compare to relative skillset, experience, and salary.

LonVenu

TeKniques wrote: »

Before taking any certification you need to read about what it is and specifically the exam objectives. Information on the CCENT can be found on Cisco's website:
CCENT - Cisco

ROI - Return on Investment. For your time and money spent obtaining something what can you see yourself getting out of it? A simple way to figure out what certifications have a better ROI is to search for them on a job board and compare to relative skillset, experience, and salary.

Thanks! A question, I know that N+ explains the general fundamentals (for people who know nothing, like me), does CCENT do that too ?

TeKniques

Having taken both exams I would say yes, the CCENT gives you most if not all the information in the Network+ and is targeted at entry level.

LonVenu

TeKniques wrote: »

Having taken both exams I would say yes, the CCENT gives you most if not all the information in the Network+ and is targeted at entry level.

Thank you!

beads

Another thread discussing nothing but getting certifications and the future of what the OP wants to do with nothing mentioned about labbing, home network or prior experience. Lots of interest but to make it at all in this field you need to have a passion to sit down and build things from scratch. Get as much experience as possible in your field as you can. Ummm... not seeing any of that "passion" here. Most people who go into IT are drawn to the field like an irresistible force of nature or quickly tire of the monotony of constant learning, studying and skill upgrades.

As a penetration tester you ARE a hacker. That's the whole point. The best hackers I know understand systems from a developer's point of view to include databases, SQL and SDLC as well as the surrounding architecture and administration.

Please expand on your current lab setup and what experience you have prior to become a "skiddie"? This more than anything else will help the board narrow down comments to real advice.

- b/eads

LonVenu

beads wrote: »

Another thread discussing nothing but getting certifications and the future of what the OP wants to do with nothing mentioned about labbing, home network or prior experience. Lots of interest but to make it at all in this field you need to have a passion to sit down and build things from scratch. Get as much experience as possible in your field as you can. Ummm... not seeing any of that "passion" here. Most people who go into IT are drawn to the field like an irresistible force of nature or quickly tire of the monotony of constant learning, studying and skill upgrades.

As a penetration tester you ARE a hacker. That's the whole point. The best hackers I know understand systems from a developer's point of view to include databases, SQL and SDLC as well as the surrounding architecture and administration.

Please expand on your current lab setup and what experience you have prior to become a "skiddie"? This more than anything else will help the board narrow down comments to real advice.

- b/eads

Will, you said it, currently I am a skiddie!

My lab:
1. My PC specifications: i5 4460, 8gb 1600mhz ddr3 ram, some HDDs, that's it
2. My virtualization software: Vmware Workstation (Maybe I will change to ESXi in the future).
3. OS's/Software: Some windows operating systems, some linux vulnerable machines, nothing major. I will expand it when I finish learning networking.
4. My Vmware network config: nothing special. I just use NAT or Bridged.

My Prior experience:
1. 5 years of being a technician/repair guy.
2. Some experience in simple penetration testing (script kiddie'ing), but I have 1 big, very big achievement in hacking that I can't share.
3. I will update when it comes to my mind.

My Passion: I love penetration testing, mostly the practical side.

My studying hours/day: 18-20 hours/day

My goals: 1. Hacking all the OSCP Labs machines, and getting 100% score in the exam. I wonder when that time will come, I am so excited for the OSCP and the GXPN.
2. Will be added later.

MeanDrunkR2D2

LonVenu wrote: »

Will, you said it, currently I am a skiddie!

My lab:
1. My PC specifications: i5 4460, 8gb 1600mhz ddr3 ram, some HDDs, that's it
2. My virtualization software: Vmware Workstation (Maybe I will change to ESXi in the future).
3. OS's/Software: Some windows operating systems, some linux vulnerable machines, nothing major. I will expand it when I finish learning networking.
4. My Vmware network config: nothing special. I just use NAT or Bridged.

My Prior experience:
1. 5 years of being a technician/repair guy.
2. Some experience in simple penetration testing (script kiddie'ing), but I have 1 big, very big achievement in hacking that I can't share.
3. I will update when it comes to my mind.

My Passion: I love penetration testing, mostly the practical side.

My studying hours/day: 18-20 hours/day

My goals: 1. Hacking all the OSCP Labs machines, and getting 100% score in the exam. I wonder when that time will come, I am so excited for the OSCP and the GXPN.
2. Will be added later.

You are a script kiddie. You pretend and believe to be a big bad hacker and that has already hacked into something "major" that you cannot share. Did you come up with the technique for that particular hack, or did you just follow something from a script kiddie site?

And 18-20 hours of labbing a day? Bullshit. You'd never sleep and you'd have no life whatsoever. You have a sickness, not a passion. Stop trying to take the easy road and make easy money, you'll never do that and end up in federal pound me in the ass prison by doing that and hacking businesses/governments.

Try to be ethical and legit. Being a script kiddie is NOTHING to be proud of. Any moron can do that. It's takes intelligence to know why and how an exploit works not just running garbage you stumbled on in a script kiddie forum/site. If you want to be taken seriously stop doing that stuff.

LonVenu

MeanDrunkR2D2 wrote: »

You are a script kiddie. You pretend and believe to be a big bad hacker and that has already hacked into something "major" that you cannot share. Did you come up with the technique for that particular hack, or did you just follow something from a script kiddie site?

And 18-20 hours of labbing a day? Bullshit. You'd never sleep and you'd have no life whatsoever. You have a sickness, not a passion. Stop trying to take the easy road and make easy money, you'll never do that and end up in federal pound me in the ass prison by doing that and hacking businesses/governments.

Try to be ethical and legit. Being a script kiddie is NOTHING to be proud of. Any moron can do that. It's takes intelligence to know why and how an exploit works not just running garbage you stumbled on in a script kiddie forum/site. If you want to be taken seriously stop doing that stuff.

Wow. Really BIG WOW.

1. I feel you hate me man!
2. Everyone was a script kiddie once. I said I am a script kiddie in advance. I never ever said I am a big bad hacker, and never said I want to be.
3. To do that major penetration test (It was not a hack, it was legal, I had the full permission, it was a challenge particularly), I created a Ruby script that is not copied and pasted, the hack was not hard, but the victim was so big, I got a full privileged shell, what allowed me to achieve it was a mix of misconstruction, and a vulnerability.
4. I didn't say 18-20 hours of labbing, I said 18-20 hours studying. I sleep few hours that are enough for me, and I have life, my pc is my life. This is called Passion.
5. Did I say I make money from hacking ?
6. I posted a question to gain information and help, that's what normal people do, and I did that to know if i should take the short or long way, and I decided to take the long way.
7. I am completely legit, I never break the law. And I was never proud of being a skiddie.
8. "It's takes" yeah that shows how intelligent you are.
9. I feel you hate hackers so so much! Maybe because you got hacked once, and got abused maybe ?
10. I feel you are abusing me, and calling me a script kiddie just to make me say what is that major hack.
11. "If you want to be taken seriously stop doing that stuff." what stuff do you mean ? oh wait, hacking ? did I say I do it ?! No.

wrfortiscue

LonVenu wrote: »

Wow. Really BIG WOW.

1. I feel you hate me man!
2. Everyone was a script kiddie once. I said I am a script kiddie in advance. I never ever said I am a big bad hacker, and never said I want to be.
3. To do that major penetration test (It was not a hack, it was legal, I had the full permission, it was a challenge particularly), I created a Ruby script that is not copied and pasted, the hack was not hard, but the victim was so big, I got a full privileged shell, what allowed me to achieve it was a mix of misconstruction, and a vulnerability.
4. I didn't say 18-20 hours of labbing, I said 18-20 hours studying. I sleep few hours that are enough for me, and I have life, my pc is my life. This is called Passion.
5. Did I say I make money from hacking ?
6. I posted a question to gain information and help, that's what normal people do, and I did that to know if i should take the short or long way, and I decided to take the long way.
7. I am completely legit, I never break the law. And I was never proud of being a skiddie.
8. "It's takes" yeah that shows how intelligent you are.
9. I feel you hate hackers so so much! Maybe because you got hacked once, and got abused maybe ?
10. I feel you are abusing me, and calling me a script kiddie just to make me say what is that major hack.
11. "If you want to be taken seriously stop doing that stuff." what stuff do you mean ? oh wait, hacking ? did I say I do it ?! No.

studying 18-20 hours, how do you make a living lol. Not to be a negative nancy but the brain can only retain so much info in a day. Studying for that long(if you do) is a waste of time.

LonVenu

wrfortiscue wrote: »

studying 18-20 hours, how do you make a living lol. Not to be a negative nancy but the brain can only retain so much info in a day. Studying for that long(if you do) is a waste of time.

I take some breaks of minuets..when i feel that i dont understand anymore, i stop!

MeanDrunkR2D2

LonVenu wrote: »

Wow. Really BIG WOW.

1. I feel you hate me man!
2. Everyone was a script kiddie once. I said I am a script kiddie in advance. I never ever said I am a big bad hacker, and never said I want to be.
3. To do that major penetration test (It was not a hack, it was legal, I had the full permission, it was a challenge particularly), I created a Ruby script that is not copied and pasted, the hack was not hard, but the victim was so big, I got a full privileged shell, what allowed me to achieve it was a mix of misconstruction, and a vulnerability.
4. I didn't say 18-20 hours of labbing, I said 18-20 hours studying. I sleep few hours that are enough for me, and I have life, my pc is my life. This is called Passion.
5. Did I say I make money from hacking ?
6. I posted a question to gain information and help, that's what normal people do, and I did that to know if i should take the short or long way, and I decided to take the long way.
7. I am completely legit, I never break the law. And I was never proud of being a skiddie.
8. "It's takes" yeah that shows how intelligent you are.
9. I feel you hate hackers so so much! Maybe because you got hacked once, and got abused maybe ?
10. I feel you are abusing me, and calling me a script kiddie just to make me say what is that major hack.
11. "If you want to be taken seriously stop doing that stuff." what stuff do you mean ? oh wait, hacking ? did I say I do it ?! No.

Personal insults won't get you very far when you are asking for advice. You have been given alot of good advice, yet you attack a person for a simple spelling error? No hate for you.

And yes, you did say that you "hack". 18-20 hours of studying/labbing whatever is not good and doesn't make you an expert on anything. Do you even have a life if you spend that many hours a day studying? And yes, you admitted you are/were/whatever a skiddie. I have no respect for them or those who don't take honest advice and then keep begging for more information so they can get confirmation of what they want to hear.

You will not get that confirmation because to do what you plan on is extremely difficult if not impossible. Sorry you are not hearing that you are on your way to easy street. Work hard. Learn. Grow. Accept that there is no easy path to a successful career that will be lucrative or give you tons of respect. You have to earn it.

Good luck.

LonVenu

MeanDrunkR2D2 wrote: »

Personal insults won't get you very far when you are asking for advice. You have been given alot of good advice, yet you attack a person for a simple spelling error? No hate for you.

And yes, you did say that you "hack". 18-20 hours of studying/labbing whatever is not good and doesn't make you an expert on anything. Do you even have a life if you spend that many hours a day studying? And yes, you admitted you are/were/whatever a skiddie. I have no respect for them or those who don't take honest advice and then keep begging for more information so they can get confirmation of what they want to hear.

You will not get that confirmation because to do what you plan on is extremely difficult if not impossible. Sorry you are not hearing that you are on your way to easy street. Work hard. Learn. Grow. Accept that there is no easy path to a successful career that will be lucrative or give you tons of respect. You have to earn it.

Good luck.

I didn't mean insulting anyone. Don't you think you are the one who insulted me in that last post of you !? well, you did. You claimed things I didn't say..you called me a script kiddie and kept saying that in a rude way...

I said I want to learn, and stop being a script kiddie, admitting a fault is a good step in the right path. And I have already decided to learn everything and to take the CCNA R&S. So I don't need a confirmation of anything, I asked for the right direction since the first post. I want to hear more and more information and opinions to know how different people think, and what I can face in the future, and because someone may give me an advice I never heard.

LonVenu

And I respect all of your advice, and I thank you for that.
This post is just so much important to me, because it draws my future. And I am so stressed and worried.

wrfortiscue

LonVenu wrote: »

And I respect all of your advice, and I thank you for that.
This post is just so much important to me, because it draws my future. And I am so stressed and worried.

What are you stressed/worried about? If you have 18-20 hours of day to study then I doubt you are pressed for time lol. It's like the other poster said, work hard at it.

beads

Is there an impractical side to hacking? OK I suppose hacking into a machine that will never be used or has little to no connectivity would be impractical. Maybe a child's toy may be impractical. Otherwise its a good hack, IMHO.

You really don't need ESXi or any other flavor of VMWare outside of player unless you need to record then Workstation is appreciable. As far as the CCNA R/S. Great place to start. Once you tire of the electronic lab you can always buy a few pieces of used hardware cheap and learn on real equipment as well. This is even cheaper when you have a couple of guys buying used hardware, learning from one another and eventually selling your mid-sized lab to someone else. Nothing ever beats hands on experience.

Learn at least one higher level language like C++, Java or C# as well as one scripting language. Python for gray hat hacking is excellent and very practical.

HD Moore, the founder of Metaspolit was recently quoted as saying : "If your aren't a newb in this industry, you aren't trying hard enough..." Meaning that no one knows everything no matter how much they insist they do.

The human brain only retains information in 20 minute lengths of time in short memory so studying more than 20 minutes at a time without a break is useless. Its physiology not metaphysics or automagic.

- b/eads

LonVenu

wrfortiscue wrote: »

What are you stressed/worried about? If you have 18-20 hours of day to study then I doubt you are pressed for time lol. It's like the other poster said, work hard at it.

I am stressed because I don't know if the thing I am learning now is the right thing, if it is the right step to make. I am stressed because I don't know if I will be able to graduate with honors, and the certifications I am planning to get, if I will be able to achieve that with the number of hours I am studying in, if I am doing my best or not, if I will be a successful penetration tester or not, if i made the right decision when I chose IT Security over Medicine, and lots of things. I can barely sleep man, and no one feels me and my family puts more obstacles in my way, they don't help me in anything, they are like an enemy. And i need to pay for everything of my pocket, and i am still so young.

LonVenu

beads wrote: »

Is there an impractical side to hacking? OK I suppose hacking into a machine that will never be used or has little to no connectivity would be impractical. Maybe a child's toy may be impractical. Otherwise its a good hack, IMHO.

You really don't need ESXi or any other flavor of VMWare outside of player unless you need to record then Workstation is appreciable. As far as the CCNA R/S. Great place to start. Once you tire of the electronic lab you can always buy a few pieces of used hardware cheap and learn on real equipment as well. This is even cheaper when you have a couple of guys buying used hardware, learning from one another and eventually selling your mid-sized lab to someone else. Nothing ever beats hands on experience.

Learn at least one higher level language like C++, Java or C# as well as one scripting language. Python for gray hat hacking is excellent and very practical.

HD Moore, the founder of Metaspolit was recently quoted as saying : "If your aren't a newb in this industry, you aren't trying hard enough..." Meaning that no one knows everything no matter how much they insist they do.

The human brain only retains information in 20 minute lengths of time in short memory so studying more than 20 minutes at a time without a break is useless. Its physiology not metaphysics or automagic.

- b/eads

I respect your help.
It was a legal penetration test as a challenge actually, not a hack, sorry for the mix.

I will learn python/ruby/C/C++/assembly/java/bash/html/php/sql and some others, they all needed if i want to master all the information security fields. I will learn them separately in the best times.

wrfortiscue

LonVenu wrote: »

I am stressed because I don't know if the thing I am learning now is the right thing, if it is the right step to make. I am stressed because I don't know if I will be able to graduate with honors, and the certifications I am planning to get, if I will be able to achieve that with the number of hours I am studying in, if I am doing my best or not, if I will be a successful penetration tester or not, if i made the right decision when I chose IT Security over Medicine, and lots of things. I can barely sleep man, and no one feels me and my family puts more obstacles in my way, they don't help me in anything, they are like an enemy. And i need to pay for everything of my pocket, and i am still so young.

Graduate with honors? All that really doesn't matter in the industry man. Don't stress yourself so much. What you are doing is taking a risk, now will it pay off or not only time will tell. Do what you love. If you love security then pick a specialization in it and do really good. Start from the bottom if you have to, work your way up. Prepare yourself for interviews, know your stuff.

Don't stress yourself about knowing every single thing there is to know... you won't. It's impossible.

LonVenu

wrfortiscue wrote: »

Graduate with honors? All that really doesn't matter in the industry man. Don't stress yourself so much. What you are doing is taking a risk, now will it pay off or not only time will tell. Do what you love. If you love security then pick a specialization in it and do really good. Start from the bottom if you have to, work your way up. Prepare yourself for interviews, know your stuff.

Don't stress yourself about knowing every single thing there is to know... you won't. It's impossible.

I want to master all the fields in security, I want to be the Best.
I thought honors have a value in the resume!

blatini

You're still in school so this really isn't make or break by any means. Security is constant learning tho about everything. You can't get daunted by the Net+ because that is baby steps compared to what you will be expected of later. IT is very forgiving in the way that you can go to school for X and go into Y. Best thing is to get a well rounded education and give everything a shot to find what you really enjoy. The jack of all trades, master of none is a great approach not only for you, but from the perspective of potential hiring managers.

MeanDrunkR2D2

LonVenu wrote: »

I want to master all the fields in security, I want to be the Best.
I thought honors have a value in the resume!

I graduated with honors and haven't had it on my resume since I got my first IT job. Experience trumps all.

Danielm7

LonVenu wrote: »

I want to master all the fields in security, I want to be the Best.
I thought honors have a value in the resume!

Well, you're talking outside the US I believe, where honors might been more, here, not so much. As for mastering all fields in security, you never will, honestly. No one is a master of all fields in security.

TheFORCE

Danielm7 wrote: »

Well, you're talking outside the US I believe, where honors might been more, here, not so much. As for mastering all fields in security, you never will, honestly. No one is a master of all fields in security.

This is very true, especially the way technology is moving. If you are setting that as a goal to master everything, you are just going to put yourself in a lot of stress. A lot of knowledge is gained by real life and real world experience. Don't expect to know everything by studying books and taking certificates.