How can I learn computer security / hacking (ethical)?

How can I learn computer security / hacking (ethical)?: Posted by Beowulf on November 19th, 2003; I want to learn computer security-- specifically how to better protect my
Linux box, but also MS-Windows. I would like to set up a second linux
server box off my router, practice learning to (ethically) hack/crack
into it to better learn security. I hope to not only better secure my own
linux box, but to perhaps do consulting work on security down the road.
What is the best way to learn this? What are some recommended books to
read or website URLs to visit? (Please understand I am not looking to do
any unethical hacking, I would only attempt hacking on one of my own
computer server boxes in my home)

~Beowulf

--
Emperor Wu asked the great master Bodhidharma 'What is the highest
meaning of the holy truths?' Bodhidharma said 'Empty, without
holiness.' The emperor said 'Who is facing me?' Bodhidharma replied 'I
don't know.'; Posted by Kees on November 19th, 2003; In article <pan.2003.11.19.13.09.17.111213.3098@nowhere.net>, Beowulf wrote:
A good start is http://www.cert.org/

GG
Kees

[ Meet Your Meat...http://www.xs4all.nl/~kostercd/mym.rm ]
--
Conquering Russia should be done steppe by steppe.
20:23:04 up 12:10, 4 users, load average: 0.91, 0.94, 0.82
Linux Registered User #300181 | ICQ #179658498
PGP (Public Key) available by request -- # EOE; Posted by Ian Bell on November 19th, 2003; Beowulf wrote:

Get the book 'Hacking Linux Exposed'. Covers all this and more.

Ian; Posted by Joseph on November 19th, 2003; On Wed, 19 Nov 2003 13:09:30 -0600, Beowulf wrote:

Begin by learning how to use the "followup-to" header in Usenet.

--
-Joseph-
PLONK and get PLONKED to rid yourself of those who just want to whine.
The Absolute Beginner's Guide to Usenet: http://tinyurl.com/vdg2
The nOObs Best Friend: http://tinyurl.com/7t3w; Posted by Laurent Herve on November 19th, 2003; "Beowulf" <beowulf@nowhere.net> a écrit dans le message de
newsan.2003.11.19.13.09.17.111213.3098@nowhere.n et...
hm, i would like to learn un-ethical hacking... explose the pentagone
servers and
so on... what you mean with " ethical hacking" ?

laurent; Posted by Colonel Flagg on November 19th, 2003; In article <bpgj3r$9tr$1@news.tiscali.fr>, laurent.herve23
@libertysurf.fr says...

"ethical hacking" is exactly what he said, learning to hack to better
protect his services.

he's at the "first stage" to computer security, wanting to learn. he's
also on the correct route to learning the vulnerabilities that are out
there and how to exploit those vulnerabilities in order to obtain
escalated privileges on a remote or local machine.

I would recommend reading various administration books concerning the OS
of choice. reading www.cert.org, www.securityfocus.com (vulnerabilities)
after realizing the services he's running (smbd, httpd, sendmail, ftpd,
etc), researching each service through vulnerability databases, finding
exploits for the vuln's and attempting to gain access to the machines
through the vuln's.

--
Colonel Flagg
http://www.internetwarzone.org/

Privacy at a click:
http://www.cotse.net

Q: How many Bill Gates does it take to change a lightbulb?
A: None, he just defines Darkness? as the new industry standard..."

"...I see stupid people."; Posted by Robert Spielmann on November 20th, 2003; Beowulf wrote:

For a deep understanding of vulnerabilities, you might want to learn
something about programming and the reasons for (for example) buffer
overflows. "Smashing the Stack for Fun and Profit" by Aleph One might help
you with that issue. If this is a too detailed approach for you, check the
common security websites (e.g. securityfocus.com) for known vuln.s and try
to exploit those. You might also like to learn the difference between
hacking and cracking:

- hacking -> programming
- cracking -> circumvention of security mechanisms, for example breaking
into foreign systems or removing protection from software.

If you want to work as a security consultant, you should (imho) try to
achieve a very detailed level of knowledge, for example on network
protocols, firewalls, and system internals of Linux. This will probably
take a lot of time, but imho it´s worth the effort ;-)

I personally prefer to learn stuff by actually working with it at the very
basic levels, for example writing programs to send selfmade TCP packets, or
look at network traffic using Ethereal or similar software.

Hope I could help you,

-- Robert; Posted by Mateusz Marzantowicz on November 20th, 2003; Use www.google.com for any questions that you have on security.; Posted by jack on November 20th, 2003; Mateusz Marzantowicz wrote:
Sorry for butting in,

But You are correct as far as a question like this one is in focus.

On the long run, though, I would not discourage the OP to post his
questions here. -- Nothing to expect from there, yet, but perhaps
one day this person will turn up with some important point...

Again, sorry for butting in, but I had to say this, somehow...

Cheers, Jack.

--
----------------------------------------------------------------------
My personal reading of the string "MicroSoft" expands to "NanoWeak"...; Posted by Nico Kadel-Garcia on November 21st, 2003; "Ian Bell" <ian@ruffrecordsDOTworldonline.co.uk> wrote in message
news:3fbbc32d_1@mk-nntp-1.news.uk.worldonline.com...
I prefer the "Linux Security Cookbook", which gives a lot of approaches
about how to actually implement security policies and the trade-offs.; Posted by Volker Birk on November 22nd, 2003; In comp.os.linux.security Laurent Herve <laurent.herve23@libertysurf.fr> wrote:
http://www.ccc.de/hackerethics

VB.
--
X-Pie Software GmbH
Postfach 1540, 88334 Bad Waldsee
Phone +49-7524-996806 Fax +49-7524-996807
mailto:vb@x-pie.de http://www.x-pie.de; Posted by Volker Birk on November 22nd, 2003; In comp.os.linux.security Beowulf <beowulf@nowhere.net> wrote:
Computer security much has to do with understanding the concepts
how computers work.

Learn about how computers work and you're learning much about security.

http://catb.org/~esr/faqs/hacker-howto.html

VB.
--
X-Pie Software GmbH
Postfach 1540, 88334 Bad Waldsee
Phone +49-7524-996806 Fax +49-7524-996807
mailto:vb@x-pie.de http://www.x-pie.de; Posted by Luke Vogel on November 27th, 2003; "Beowulf" <beowulf@nowhere.net> wrote in message
newsan.2003.11.19.13.09.17.111213.3098@nowhere.n et...
have a go at the www.hackerslab.org server. Good fun too!

Luke.; Posted by Michael Erskine on November 28th, 2003; "Luke Vogel" <prime2000one@netscape.net> wrote in message news:<z8hxb.28940$aT.6761@news-server.bigpond.net.au>...

Some day, I am going to have to "have a go" on that site. But, guys,
don't ask Luke how well he did... 'cause he's one of the ones to
beat.

-m-; Posted by Luke Vogel on November 28th, 2003; "Michael Erskine" <osiris@deltaville.net> wrote in message
news:e59f93b2.0311271711.721d2a4a@posting.google.c om...
Sadly, they from time to time reset the "Hall of Fame" list, so my
"alias" has long been expunged!

Having said that, there are many hackers smarter than I that have won
the game.

Luke.

Similar Posts

Book on Security/ Hacking (Computer Security) by Bharat Bhushan
Security, Hacking, Encryption, Programming and Various other links [LONG] (Computer Security) by Lord Shaolin
Re: Where do you go to learn computer repair? (Computer Hardware) by YanquiDawg
Re: Where do you go to learn computer repair? (Computer Hardware) by Britten
Re: Where do you go to learn computer repair? (Computer Hardware) by V W Wall