- slide 1 of 4
Computer and Information Security Training
Due to the increase in automated tools and a rapid expansion of the industry, gaining a position as a computer and information security expert is easier than ever. Between the Metasploit Framework and Nessus, the basics of penetration testing can be accomplished by even the most novice of computer users. You could just learn to use these tools by themselves, but your knowledge would be incomplete and it would be impossible to expand upon unless you worked from the tools and exploits back to round out your education.
A good computer security education encompasses both networking and programming essentials before ever touching the use of the automated tool sets. To fully understand what the tools are accomplishing and to use those tools to their full ability, you need to learn the background that supports them. Additionally, by the time you have learned the networking and computing fundamentals necessary for a good computer security education, then you've also learned the majority fo what there is to know about computer security. From there, you are simply learning about the creative ways that people have put that information to use and the tools that can help you accomplish the same. For that reason, both networking and programming resources are included in this article to help build a strong, informative base for your progression.
- slide 2 of 4
Networking knowledge is an essential foundation to understanding and working with security tools. If you do not understand at least basic network topology and protocol specifications then you will be unable to comprehend the actions you are performing in the field. Below is a list of some free networking courses, by no means comprehensive, that can get you started. Additionally, using the library for networking books is an excellent alternative to online resources since the majority of networking topics will not have changed.
- MIT OpenCourseWare - MIT provides a collection of free courses on computer networking and security.
- The Open University - Open University provides free distance learning, like MIT OpenCourseWare, and has a number of networking courses.
- SemSim CCNA Study Center - For some reason companies love to buy Cisco products. Going through a CCNA course can not only top off your networking knowledge, but also provides a window into Cisco's proprietary OS and some of their exclusive terminology.
- RFC Pages - The Request for Comment (RFC) pages published by the Internet Engineering Task Force (IETF) abound with complex and detailed information regarding common protocols and networking topologies. They are a great resource for discovering the details on a topic in its rawest form. The best part is that they all are freely available.
- slide 3 of 4
At least a basic understanding of programming is required to work with many of these tools. In Metasploit, you need to know Ruby to develop your own exploits and produce more advanced attack vectors. Having a good knowledge of perl and python is near essential for anyone looking to write scripts to automate their repetitive tasks. Further programming knowledge in C and Java is preferable since a number of the applications you will be exploiting will be written in those languages and a high level of understanding can only lead to a better success rate when it comes to researching exploits. Finally, a solid understanding of shell scripting is essential for anyone working on a UNIX-like operating system.
- Ruby-Doc.org's Programming Ruby - This is a free e-book with the basics of the Ruby language and all you need to know to get started. There are literally dozens of these out there if this e-book does not suit your learning style.
- Learn.Perl.Org - This is the official novice documentation from the Perl project and is an incredible learning resource for those new to the Perl language.
- Oracle's Learning the Java Language - This is Oracle's official guide for the Java language and is probably the best way to get a foundation started for Java.
- CProgramming.com - Although littered in ads, this site has a lot of good tutorials on C and C++ to help anyone get started.
- FreeOS Linux Shell Scripting Tutorial - This is another free e-book with a lot of information for anyone looking to learn shell scripting.
- Python scripting resources - An introduction and lots of resources.
- slide 4 of 4
Finally, the actual meat. By the time you've learned a lot about networking and programming, you've likely learned a great deal of what there is to know about computer and information security. A lot of the fundamentals revolve around the inherent problems in the structure of networks and programming languages. By learning to use a few automated tools, you can now greatly increase your productivity and solidify your security knowledge with some free resources.
- Metasploit Unleashed - This course, from Offensive Security, is the best way to learn how to fully use Metasploit and all the framework has to offer. They include the free Metasploitable VMWare image that will let you test your knowledge.
- SecurityTube - SecurityTube offers free computer security videos with a range of knowledge. This is a good way to catch up on recent research and to find out what is going on in the computer security world.
- BackTrack Forums - A lot of computer security knowledge comes from toying with and breaking things. The basic concepts are taught, but the majority of true, working knowledge comes from experimentation. Forums are a good source of information and tutorials on using security tools. BackTrack, the Linux distribution aimed toward security research, has forums that are commonly used by a number of professionals.
- Bright Hub - Bright Hub's Computer Security channel that has a lot of introductory articles that could be very useful when learning to use a new tool.