Direction to go

Chipsch

So currently i work in a cisco centric environment as a network engineer. Other than cisco i manage a SG520 Juniper FW. So all of my security experience is on Firewalls and router/switch security. i am looking for advice on a route to take for learning more about network pen testing though. Poked around the SANS site, specifically exams 502,503, and 560. All looked like tons of fun, just crazy expensive for the self study materials. So where to go and start if one is looking into network pen testing for a hobby without going broke in the process.

docrice

For relatively low-cost pentesting courses, check out the following:

http://www.offensive-security.com/
http://www.elearnsecurity.com/
http://heorot.net/

As a start, you can also get acquainted with Nmap (http://insecure.org/), read the docs, or optionally (and I recommend it) buy the book for it if you aren't already familiar with this tool.

http://www.amazon.com/Nmap-Network-Scanning-Official-Discovery/dp/0979958717/ref=sr_1_1?ie=UTF8&qid=1292714669&sr=8-1

Download BackTrack and just start playing around using tcpdump or Wireshark, looking at traces while these tools to their work:

http://www.backtrack-linux.org/

I just started on the SANS 502 (Perimeter Protection In-Depth) OnDemand / self-study course yesterday, and as someone who works in a small Cisco-centric environment, the experience so far is fantastic. While the Cisco training I've had explores their hardware and configuration, it hardly ever digs deep into the protocol level which is where all the attacks / pentesting stuff happens.

There's also a promo code on SANS' site for 20% off to lower the cost of a course:

http://www.sans.org/ondemand/discounts.php#current

This is only my second SANS course, but I will say that so far in my overall training experience hardly any other course from any other training provider comes close to providing such a rich level of experience. I also had a lot of fun with Offensive Security's WiFu course (although that's a relatively short and easy one).

Chipsch

Thanks for the info Docrice. Forgot to mention that i use wireshark pretty actively to troubleshoot problems. Also....how much is the material for the SANS 502 costing you?

Figure if i am going to go for a certification with this that i may as well make sure it is 8750.1 compliant seeing as i am federal.

docrice

502 cost me $3,355.96 after the discount. This includes a certification attempt. It's a pretty heavy chunk of change for sure, and I was originally planning to go for this course in Q2 next year, but I got impatient and figured I wanted to run with this over the holidays. I haven't received my course books yet, but I'm already going through the OnDemand material right now. Absolutely no regrets. I'll just have to live on 10 cent packages of noodles for the next year and sell a kidney.

I'm not sure if 502 is really a pentesting course though, although it goes over some methods used by attackers. 560 is probably what you're after if you want what most people consider as pentesting. The blue team stuff is obviously 502, 503, 504, and perhaps some of the forensics courses.

If you want to learn pentests which relate more to app-level attacks, take a look at eLearnSecurity or Offensive Security. I think they're a hard value to beat. I've gone through most of the eLearnSecurity course and while it's technically a beginner's course, I thought what I have gotten out of it so far has been pretty good (since I'm not a programmer, some of it was a bit over my head). On the plus side, eLearnSecurity gives you lifetime access to the major version of the course you paid for.