How to get into Security

steveh2001

Hey guys! First post here - just found these fantastic forums!

Gonna give some background and hopefully be able to get some advice from the experts (you guys!) already in the Info Sec field of work.

Discovered Info Sec recently after doing a degree in biochemistry and deciding i didnt want to go down that pathway lol. Found it to be very very intersting, and decided i wanted to follow that career path!

I almost signed up to a training acadamy which offered A+/N+/security+/MCSA/CCNP and CEH and a checkpoint firewall course, with a "guaranteed job" at the end of it. Decided i didnt like their salesman tactics and it was dodgy. And after some investigation i found some other cert forums and discovered the world of self studying!

Since then i have been trying to work my life into the direction of info sec. There is a uni course near me, doing an Info Sec Masters course (MSc) which i intend to do next year. I didnt want to go in with no experience in IT, so i managed to get a helpdesk position. I got into this by starting my A+ before hand (self study) and think i impressed them. The role is great - not just admin work, a bit of network administration basic stuff, but all the same, from someone with no experience, its great! Get to play around with active directory a bit, password resets, distribution lists etc etc.

This is a part time role so i can do my certs as well. Cert wise, my plan is to do: A+ N+ Security+, MCSA (with security i think? not sure how the MS ones work yet), and then onto CEH maybe, not sure yet, a long way off! And hopefully go do the uni Info Sec MSC.

And ill have had a bit of IT experience to go with it, hopefully at least 1 year, bearing in mind i came from a non IT background, was quite hard to come across!

Anyhow - any advice as to whether this is a good way to get into IS/security work would be great! Should mention im in the UK, dunno if things over the pond are similar

Cheers
Steve

sprkymrk

Your path sounds like a good one, and welcome to the forums too. Sounds like you're one of the lucky ones Steve, especially landing the Help Desk job with no prior experience.

The Info Sec IT field can be tough to break into, but if you follow your goals, leave room to adjust and adapt along the way, you'll be off to a good start. What will set you apart from the rest of the folks who take those classes and certs will be to really understand, question, dig-in beyond the curriculum, and practice practice practice!

For instance, get yourself a great book called "Intrusion Signatures and Analysis" by Newriders once you have the basics of TCP/IP down. Check out the "Hacking Exposed" series too. Find soome cheap computers on e-Bay and set up a test lab and really try out the stuff.

Without a lot of experience (like 4+ years) it will be difficult (not impossible) to get a Security job in IT. However, just keep working in the industry and the doors will open. Keep your eyes on your goal to avoid burn-out or frustration. All your Help Desk experience combined with certs and/or degree can lead to network and admin positions, which in turn can lead to an IT security position.

Good luck!

Webmaster

Welcome 'onboard' Steve,

steveh2001 wrote:

I almost signed up to a training acadamy which offered A+/N+/security+/MCSA/CCNP and CEH and a checkpoint firewall course, with a "guaranteed job" at the end of it. Decided i didnt like their salesman tactics and it was dodgy. And after some investigation i found some other cert forums and discovered the world of self studying!

Very good decision!

sprkymrk is right, it is very hard to get into security without extensive experience. It's mainly because you are expected to know the operating systems, devices and technologies before you can secure them properly. A masters in infosec should help a lot though.

And as long as you don't have a full-time infosec job, you can still involve security in almost anything you do in it, even on the helpdesk. I.e. suggest improvements for password related policies, make people aware of social engineering etc.etc. Once you get the interview for a more infosec related job, you can use this as extra ammo.

steveh2001

Thanks for the advice webmaster and sprkymrk - It’s nice to hear positive feedback from those already in the industry!

As you say – I don’t think it will be easy breaking into IS, but the two main ways I can think of are talking to people who are already in the industry, e.g. yourselves and people at work, and doing Certs! I’m hoping to get there eventually and not loose sight of my target! I feel really lucky with the helpdesk work, especially as it’s not just me passing on calls to others, I get to do some of the network admin work and it is an excellent starting role.

I’m think I’ve chosen a good path of certifications, as you say sprkymrk, its good to fully understand your subject, and by starting at the A+ I think I’m fulfilling this. I actually quite want to skip the N+ and go onto the security+ (bought the books already!) but I’m trying to avoid temptation!

I’ve also got the Hacking Exposed Book and am hoping to read this and start the security+ before undertaking the IS MSc next year. Also bought one of the Stealing the Network fiction books mentioned on another thread in this forum.

remyforbes777

This is a good post because this is something I want to get into also. What type of practice could I do in order to become more familiar. I have a few certs and I am working on my CCNA. I have three computers, two of the running a version of nix and a XP machine. What type of exercises can I do to become more familiar with network security?

sprkymrk

There is so much, where to start?

First, find a book or two (or 5) related to security. Then practice the stuff they talk about.

Get a trial version of ISA 2004 and install it and see an enterprise firewall in action.

You have Linux+, there are a ton of things you can do there. Set up and secure sendmail, vsftp, iptables, etc. Download and run Bastille Linux, if it breaks something (which it will) figure out how to fix it. Read the information it gives you about each configuration suggestion.

On a couple of Windows machines go through the server hardening process of turning off unneeded services, play with security/permission settings, set up a VPN with IPSec and L2TP, see if you can get it to work through your router/firewall, set up an IP Security policy between a couple of Windows boxes, check out the auditing options and see if you can decipher what the logs are telling you, etc. Check out the security options in gpedit.msc. Try a few enumeration exploits, then turn off anonymous enumeration and try again. Set the NTLM authentication level by reading what each level does/breaks/secures. Technet is your friend, so is google.

Play with and become familiar with security toools like ethereal, tcpdump, netcat, snort, etc.

Routinely visit sites like sans.org (they have free webcasts too), Foundstone, and cert. Get on their security mailing lists.

Set up PGP between yourself and a friend.

Read, read, read!

That's just for starters... Let me know when you're done with all that and I'll give you your next assignment.

steveh2001

Interesting info sprkymrk - i decided to keep my old PC instead of selling it so i can set up some kind of network to play with

Dont have any linux knowledge yet, but might have a play with that. Also see if i can set it up as a server of some sort

sprkymrk

Shortly after entering into the world of IT (after 12 years of electrical work), I set up a lab in my basement by buying old computers on auction sites. By the time a little over 2 years had passed my lab consisted of a W2K server running ISA 2000 as my firewall to my DSL connection, an NT4 PDC, an NT4 BDC, 2 W98 workstations (my wife's PC and my kid's PC), a W2K Pro box (my workstation), a W2K DC running DHCP, WINS and DNS, a second W2K DC to practice replication, backup the workstations, set up shares, share a network printer, (also trusts with NT4), etc, a FreeBSD (4.?) server, and a Red Hat 7.4 server. I remember having 12 computers in all, so I am obviously forgetting some but you get the idea. There was very little that I was not able to practice on that lab, and since it was a "production" setup for my home computers, if something broke you can bet I figured out how to fix it. I no longer have a lab at home, because of my access to any kind of lab environment I need at work. I still have about 6 computers in the house and 2 seperate broadband connections, a 3MB DSL and a 5MB cable - sweet!

JDMurray

There are several distros of Linux which are specialized for security, penetration testing, and forensic analysis. I've used WHAX, BackTrack (http://www.remote-exploit.org/), Security Tools Distribution (http://s-t-d.org/), and Helix (http://www.e-fense.com/helix/). You can find many more Linux distros by searching at http://distrowatch.com/. Most are Knoppix-based and bootable directly from the CD.