Sledgehammer's Cycles

Sledgehammer's Cycles
Sledgehammer's Performance and Custom Cycles

Monday, June 24, 2013

Teach yourself computer security: Free training

Here's a site that has a bunch of open source lectures (some recorded) focused on computer and network security.  I haven't looked into these, but a lot of the topics seem pretty on-point.

Well, I have taken a skim on the Introduction to Vulnerability Assessment course (this is really my deepest area of expertise, and where I've published in the technical literature) and it passes the sniff test for usefulness.  The structure seems pretty coherent and complete for an intro course:
This is a lecture and lab based class giving an introduction to vulnerability assessment of some common common computing technologies.  Instructor-led lab exercises are used to demonstrate specific tools and technologies.

Course Objectives are
- Learning a general methodology for conducting assessments
- Scanning and mapping network topology
- Identifying listening ports/services on hosts
- Fingerprinting operating systems remotely
- Conducting automated vulnerability scans
- Auditing router, switch, and firewall security
- Auditing UNIX and Windows configuration and security
- Performing Web application and associated database security assessments

This class will serve as a prerequisite for later class on vulnerability assessment which dive deeper into specific areas such as Windows VA or web application VA.
There are slides in PowerPoint or PDF - 474 slides in the case of this course.  There's real training info here.

Given the state of the economy, anyone looking to switch career paths to a field where there will be long term (and well paying) demand, this is a good place to start.  Perhaps the most useful part of this is that it will gauge your interest - if this is boring or impenetrable, you should look at a different field.  If it's interesting and comprehensible, do more of the classes.

In particular, the CISSP Common Body Of Knowledge course is probably the most important if you want to break into the field.  CISSP is a general security certification that is recognized and accepted pretty much anywhere.  It will open doors for you even if you don't have any experience at all.

I must say that the Internet is truly a wonderful place.  Free knowledge.  It's raining soup, all you have to do is hold out a bucket.

6 comments:

Dave H said...

Thanks for all the pointers to security training. That'll help me keep my job. (One of the goals written into my performance review is to get training on network security.)

Doesn't the CISSP certification itself require some experience?

Dave H said...

Ack, I should learn to RTWT. You can pass the exam, then you have 6 years to get the necessary experience for the full cert.

Spike said...

I've been going through the SkillPort CISSP training. Lots to digest, but since the DOD is paying for the training, if not the exam, the least I can do is learn it.

Elex Murphy said...

A unique aspect of several of the aforementioned security courses is that they enable and encourage corporate IT professionals to approach data security analysis from the perspective of a hacker or other malicious interest set on penetrating a network.
it security courses


Thanks for sharing...!!!

Bala Murugan said...

This is important information,
Thanks for sharing this
Certified Ethical Hacker CEH Training VA
|Scrum Master Agile CSM Training VA

Bala Murugan said...

This is important information,
Thanks for sharing this
Certified Ethical Hacker CEH Training VA
|Scrum Master Agile CSM Training VA