Re: pen testing beginner
first, thank you all for your honest input on this.
shawn wilson wrote:
"I'll caveat my response by saying I'm not in this field - I'm a lowly sysadmin :) "
i was asked one time what i wanted to do with my linux knowledge and replied that i wanted to be a sys admin and not a programmer. told this gentleman that i know that i would need some programming to be a better sys admin, yet didn't want to just program.
i have a high level of respect for sys admins, since they need to know alot more than just programming. i've met many programmers that can't set up a mail server, etc..., properly.
"A word on certs - don't get them until someone is paying you to do so (with the exception of RHCE and OSCP)."
for the OSCP, i was looking at getting this down the road.
for the RHCE, i don't know if i want to focus on a specific distro cert. i was looking at the LPI cert since it isn't distro specific.
i don't know if one is better than the other, RH, LPI, LFS...
i do know that RH is a leader in enterprise systems, yet i believe that having cross distro knowledge would be better. thoughts on this would be nice to hear.
cindy-sue causey wrote:
" I did local tech school in 1999, and... was pretty much bored."
when i took the linux security class, community college, it was very general. it seemed that the instructor liked to talk more about what he had done in general with his linux experience instead of the hardening of the system. the students seemed to be impressed with my knowledge of linux at the time, yet they also knew nothing about linux in the first place. and as you, i was pretty bored with what i was/wasn't learning in the class.
david christensen wrote:
"If you are serious about this, go get yourself a degree in computer
science."
i can understand what you are saying about this. the process that is laid out on a specific course path and the steps that it takes, going from the ground floor to the upper limits of learning/knowledge. don't know about brick and mortar, would have to move as to there is not much for advanced learning on this subject in rural iowa. i have looked at some of the online colleges though, i just don't know how they stack up to being in an actual class room setting. i would hope that they are comparable.
don't know if i want that extra $KK of debt at this time, even though it could be made up for in future earnings.
as to the specifics that cindy-sue asked about, i'm thinking more about cyber-security and hardening systems. one of the reasons that i'm looking at pen testing is for this, understanding the vulnerabilities of a system and then be able to tighten them up, maybe throw some cryptography in there.
also, when i did have my server, i was more interested in making sure that i was following proper protocols to setting things up. i.e. didn't want my mail server being bounced from others for not having the spf's set up correctly, etc, etc.
shawn, yes the web has great offerings for learning. i have downloaded many books in pdf to start my learning.
just a few-
debian handbook, i think everyone should read it
multiple books on pen testing with kali linux
multiple books and white papers on selinux
man pages and info file are always at my finger tips.
the book that i'm reading right now, 2013 the basic of hacking and pen tesing....made easy, has talked about CVE's and RFC's and seems like something that i will have to check into more in depth. i have made a list of things that i have to read more on each time something new comes up. sometimes i go read it right away, sometimes i wait until that section is done and then go read it. as you said, read, find out more, return etc...
again, thank you all for your input and if you have anything else to contribute to the comments that i made everything is appreciated.
take care
em
Reply to: