My first recommendation for those looking to learn about information
security is to not spend any money on materials yet. Why? I've read so
many doggone "hacking" books, they're all starting to look the same to me.
There are tons of free resources out there to explain and to teach
information security to you.
First, check out www.isecom.org, Home of the OSSTMM. I won't waste
keystrokes on spelling out the entire acronym, but I will say that it's
FREE.
Let's not forget Uncle Sam! http://csrc.nist.gov
is another wonderful site chocked full of government guidelines on
performing security scans, hardening networks, cryptography, etc.
Let's also not forget the NSA! Biggest security agency in the USA! They
are the authority on information security. And they even have some great
manuals on hardening systems. How much are the documents? Umm. FREE!
Get them here: http://www.nsa.gov/snac/index.cfm?MenuID=scg10.3.1
They cover securing operating systems, routers, switches, servers, you name
it.
You can even download the Security Enhanced Linux from their site:
http://www.nsa.gov/selinux/code/
If that's not enough information to keep you busy, you can look for hacking
documents on P2P file sharing programs. There's a world of free resources.
Use it before you break the bank buying the same book under different
titles.
I personally use the NIST & NSA guidelines when consulting to the
government, and I use the OSSTMM and even sometimes the NIST guidelines for
the private sector.
I'll leave you with a couple more sites that are great for gaining security
knowledge:
www.infosyssec.com
http://secinf.net/
Enjoy the information overload :o) The information provided freely from the
sites above will make you one formidable security person. Check it out
first before you purchase anything.
Also be advised, ethical hackers don't just hack stuff. There is a lot of
boredom and stress that goes with it, such as finely wording a contract for
a client that protects you from harm, writing endless reports, sifting
through 64MB word documents to eliminate the false positives generated by
even the most popular vulnerability scanning software.
A great actual book that I enjoyed for practical purposes is called "Hack
I.T. Security Through Penetration Testing by T.J. Klevinsky & Ajay Gupta.
It actually details a great bit of how the "ethical hacking" game really
works and helps to avoid certain pitfalls.
Hope this was useful;
Marcos
---------------------------------------------------------------------------
Computer Forensics Training at the InfoSec Institute. All of our class sizes
are guaranteed to be 12 students or less to facilitate one-on-one
interaction with one of our expert instructors. Gain the in-demand skills of
a certified computer examiner, learn to recover trace data left behind by
fraud, theft, and cybercrime perpetrators. Discover the source of computer
crime and abuse so that it never happens again.
http://www.infosecinstitute.com/courses/computer_forensics_training.html
----------------------------------------------------------------------------
