November 4, 2008
@GeekGrrl posted a note on her blog asking this question:
1) How would you recommend getting started on a career toward Network Security/Network Pen Tester?
She has some follow-up questions to that first one requesting some specific information. Go read her post and then come back.
Okay, here is what I suggested. Obviously, not exhaustive.
Here is a good blog post that might help.
1) Certs –
- If you want to be technical, I would start with the SANS GSEC cert. Make sure you go for the GOLD cert and not just the silver. This cert will give you a good base to build on.
- From there, move on to firewalls, ids, etc. as appropriate. SANS certs are the best technology agnostic certs around.
- Defcon – cheap and worthwhile.
- Keep doing what you are doing, watch and read the presentations after they are posted. Garret Gee over at Infosecevents usually posts links to archives when he comes across them.
- See if there is an Infragard chapter nearby. Free and often strong in cyber security.
- Start a chapter of http://www.naisg.org/. You will probably learn more and meet more people that can help you doing this than anything else.
Finally, VirtualBox is a great free virtualization platform for Windows and Linux that will let you setup VMs like DVL to hack against.
Go ahead and offer up your suggestions in the comments.
UPDATE: On the drive home I today, I was still thinking about this question and I realized I left off one things that an individual can do that will probably reap more benefits than any of the items listed above.
Find a mentor.
Find somebody who has been in the business for a while who is willing to let you bounce questions off of them and is willing to give you the benefit of their experience when you hit situations that you are not familiar with. Somebody who can offer you those second opinions that can be so helpful.
Here is a link to a bunch of articles on finding a mentor and the mentoring relationship. The articles are not infosec related at all, but still apply.
November 3, 2008
This article talks about the conviction of Pryavrat Patel for actions he took after his long-term contract employment with Pratt-Read was terminated.
Now, what Mr. Patel did was definitely wrong, but frankly, Pratt-Read should probably put some thought into how they dealt with the situation too. It took them two weeks to recover from the actions of Mr. Patel and, per the article, were actually using paper and pencil at one point to keep the business running.
So, how do you bake a fail-cake?
- Long-term system administrator.
- No apparent backups.
- No apparent disaster recovery plan.
Have system admin work on systems for 8 years. Terminate said administrator. Leave remote access available to administrator and also leave access rights in place. Wait one month and break out pad and pencil to manage business when the systems can’t be used after administrator visits via remote access.
This isn’t the first story of a fired employee/contractor retaining access after being fired and causing mischief, nor will it be the last. However, it does drive home a few things we really ought to be doing in order to protect our business. Not only from situations like this, but in general.
The short list of failures I see in this story are:
- No process to terminate remote access and revoke access rights.
- Apparently, no backups.
- Apparently, no disaster recovery plan or a very poor one if it existed
So kids, make sure you change those passwords and disable the accounts of your departing personnel. Make double sure you change the administrative user passwords on all systems that said individual accessed, have a business continuity and disaster recovery plan, and backup your systems. Finally, test those plans and backups. If they don’t work, you are still in the same spot as if you didn’t have them in the first place.
June 12, 2008
We are going to try something a little new today.
As you have all probably realized, these posts have all been built from blogger sources to date. I am going to start expanding them to include things I see in the news and from other sources that have infosec applications. As we go forward, I am interested in knowing if you would prefer to have two separate posts or if you like the combined format.
As always, leave a comment with your opinion or email me kriggins _at_ infosecramblings.com. On with the show.
From the Blogosphere.
Jennifer Leggio has a post up on her new blog Feeds at ZDNET (congrats Jennifer) about privacy concerns with Company Groups on Linked. She points out some very real privacy and data leakage concerns for this type of automated grouping.
Richard Bejtlich has a good summary of the Verizon Business 2008 Data Breach Investigations Report which you should go ahead and read.
From the newsosphere.
Via Dark Reading, RSA is introducing a flexible card shaped authenticator.
Via SearchSecurity, The PCI council is launching an assessor quality assurance program. Kinda have to wonder why it has taken this long for something like this to happen.
The Register brings us an interesting article about fraudsters gaming the address verification system in use in the UK for charges.
From Comcast.net congressmen are saying that China is hacking their computers. Of course China is denying it.
Have a great day and remember, let me know which format you prefer, combined or separate.
Technorati Tags: linkedin, privacy, data leakage, data breach, verizon, rsa, pci, assessors, china, congress