utahluge
join:2004-10-14
Draper, UT
 ·Comcast
1 edit | Changing My Direction Of Study --> Security
I have always been interested in the matter of security when it comes to computer systems. Whenever something happens and it seems like a security issue I try to do my best to figure it out. Currently I have been putting my studies into the Cisco product line but I have been slowly moving toward server security.
I have a couple network security classes coming up and I really want my learning to take off in these classes by getting some first hand knowledge first.
I want to set up my home 'lab' to act as a moderately secure network, then with each successful attack, up the security. What is the basic setup for me to start creating this security setup?
I know that I need to first know how people attack but I will venture on my own (this is not the place for that) in this subject as that will GREATLY help to protect the 'lab'.
To help with this, a friend from school is setting up a similar setup (to test against his work servers [normal web, ftp, etc] in a lab). I will be having him attack mine, and I will attack his.
Is this the best place to start?
Edit: FYI, ALL computers in the lab will be Linux. |
|
jaykaykay
4 Ever Young
Premium,MVM
join:2000-04-13
Scottsdale, AZ
 ·Speakeasy
| I am not certain if you're looking to learn how to set up your system securely or how to attack your buddy's system. To set up your system securely, you might want to start with »Security. To learn how to attack someone else's system, I have no help for you. |
|
utahluge
join:2004-10-14
Draper, UT
·Comcast
| ha, no. As I said, learning to attack FOR GOOD PURPOSE LIKE SECURITY CHECKS is what I am trying to do. That is not what I am looking for here though.
What I am wondering is stuff like:
Is just a firewall blocking services good enough?
Or should the service be completely turned off?
Should a database server always be separate from the web server?
Should hosts.allow / hosts.deny be a primary security measure?
Should I look into each service, such as ssh, to see about its own type of security measures?
etc..... |
|
jaykaykay
4 Ever Young
Premium,MVM
join:2000-04-13
Scottsdale, AZ
·Speakeasy
1 edit | reply to utahluge
Forum Links
· Hijack This logs?
· Panda Free Tools
· Security FAQ
· Add to our FAQ
· Archived Threads
· AS Poll 2006
· AT Poll 2006
· Firewall Poll 2006
· AV Poll 2006
These are all things that you can link to on the opening of the Security Page and will all be helpful to you. Nobody can tell you what is necessary on your system, IMHO. Everyone has a different system and it sounds to me as if you and your buddies are planning on playing with fire if you don't know the basics of Security. My personal feeling is that you could do with a shaping up of your knowledge and the link I gave you first plus the other points I've put here would be places to start.
Asking someone what you need will provide you with many responses, mine just one of them. I believe that were you to ask 10 people, you would get at least 8 different answers. Start reading and do a lot of research before you change your direction of study. 
--
JKK
Age is a very high price to pay for my maturity. If I can't stay young, I can at least stay immature!
»www.pbase.com/jaykaykay
|
|
nunsuperior
join:2004-04-07
Northridge, CA | reply to utahluge
I would look into VMWare for setting up the servers as virtual servers. They have Linux versions and you can get their software for free now! That way you can re-image the servers quickly after you mess them up. |
|
EGeezer
Go Bobcats
Premium
join:2002-08-04
Country!
 ·Callcentric
·RoadRunner Cable
·AT&T CallVantage
1 edit | reply to utahluge
I'd say if you aren't experienced in either penetrating or securing the systems you'll be playing with, the value would be little unless you're studying how to do both. Just putting together a script for your lab exercises would require a fair amount of prerequisite knowledge.
Whacking away at something with port scanners, NMap and Nessus does little good unless you understand what the tools do, and securing without understanding the basics of the system(s) being secured will also yield little more than keyboard time.
I'd say look at the class syllabus then read and study to that - and any prerequisite knowledge. If the material involves screen shots and commands then read, explain to your buddy what you just read, then sit down in front of the console and go through what you just read. On short, learn, recite and do.
--
We are what we repeatedly do. Excellence, therefore, is not an act but a habit.
Aristotle |
|
