twigg

Where do/can/should i start?

7 posts in this topic

Wow, this has been completely overwhelming....

First, an introduction. I grew up on DOS, can type a mean batch file, and have been nutured on every Windows O/S since 3.1. I also use Frontpage (I know... "gag!") instead of notepad... and what is CSS? (reading between the lines: been completely pampered with WYSIWYG and GUI for the last 15 years.)

I am also one of two techies at a small retail business (100 employees)... and therefore am relied upon to fix mundane things like printer errors to more "exciting" jobs like backing up a server.

Recently, I've been asked to make sure our internet connection is secure, and to "do as much as possible to avert any possible hacking into our system from outside sources". I met this request with mostly a blank stare.

Fast-forward to today: Thinking that if I have to learn about protecting from evil hackers, I've really gotta' learn what the good hackers know, that while scouring the web, I stumble (albeit, brilliantly I hope) onto binrev.com. And therin, a NUBIE hacker's forum... totally sweet!

So... hoping this establishes a starting point, here's my question(s):

1. Is there life outside of Windows? While I'm not dense enough to believe I can learn about hacking while using only a mouse pointer and cutting & pasting inside a GUI, would it be in my best interest to start learning a command-line language like Linux? Or are there better alternatives to learn as a Nubie hacker?

2. Proxy me. During some intense reading, I see that it seems a good idea to do any creative discovery behind a proxy... especially if experimenting from home (while using an honest-to-goodness excellent tech-savvy ISP). While I understand the premise, is this easily done, and if so, what tool can be used for this?

3. Being 99.9% self-taught? Yeah, I read that here too. While I can't say that I'm ambitious enough to think I can learn everything by trial-and-error, I do understand this thinking. To that end, would it be best to build a system to experiment from, or are there enough "safe" tools/OS's that I could run them from my every-day home/business PC?

And... I think that's enough for one post... :-)

Thanks for reading/browsing/understanding/answering...

- twigg

0

Share this post


Link to post
Share on other sites

I would look at latest backtrack.iso just google it. Its probly what your looking for its linux based and nothing but hacking tools.

0

Share this post


Link to post
Share on other sites

1. Yup there is life outside windows. It is a great idea to learn linux, if you happen to actually want it and spend some time. Regarding you testing your work network, you might wanna stick with windows. That way you may just need to learn about security, instead of having to learn a complete operating system AND security. There are plenty of security tools for windows out there (though some are $$$)

2. some people will better answer this. But you might wanna check out "tor" (tor.eff.org).

3. I doubt anyone here is 99,9% self taught. After all that's what the hacker community is about, learning from others, teaching stuff we know, you know, that whole sharing thing. And about that "safe tools" question, the best bet would probably be to run a virtual machine. (i use virtualbox (www.virtualbox.org)). That way you can install a complete OS without having to uninstall windows, or you can run another windows in which you can test whatever you feel like, without fear of breaking anything.

Have phun.

0

Share this post


Link to post
Share on other sites
I would look at latest backtrack.iso just google it. Its probly what your looking for its linux based and nothing but hacking tools.

Yes, use backtrack...but ONLY AFTER SECURING YOUR NETWORK! It's a pen-testing Live CD( Penetration Testing not prevention )

Are you running Active Directory? If you are running a windows network, you should be learning how to harden your windows network.A lot of big companies run active directory. You don't have to just switch to linux. You can in your spare time, but if I was in your position, I would learn how to harden my already setup network. Well places hardware firewalls between the internet and you is a good start. Correct router and switch configurations. You can also dowload the microsoft security resource guide kit from the microsoft website. As you say you have a small company, you should also teach your employees how to prevent being attacked by Social Engineering techniques either via the phone or in person. Take all of those into account. But you don't need to learn linux to keep your network secure and company secure. Once you are done, just run nessus( a vulnerability scanner) or something similar and then patch what you have found to be vulnerable.

post-script: if you run nessus or such, read the documentation. Some of the attacks it performs may actually HARM your network and flood it. Good luck man!

P.P.S: lol if you need a security or network admin intern...HIRE ME! lol. I need an internship for my last semester in college, then off to grad school woo! lol Good luck man.

0

Share this post


Link to post
Share on other sites

http://sectools.org - a list of alot of security tools

If you want to get a quick idea of the vulnerability of your network try using nesuss. It is idiot proof, and will print out a nice summary to show the boss. Then look for videos of a talk called "tactical exploitation" for an easy to follow lesson in why running nesuss isnt enough. Here is the paper with the same name http://www.milw0rm.com/papers/172

Edited by Lord Wud
0

Share this post


Link to post
Share on other sites
1. Is there life outside of Windows? While I'm not dense enough to believe I can learn about hacking while using only a mouse pointer and cutting & pasting inside a GUI, would it be in my best interest to start learning a command-line language like Linux?

Linux is not a command line language. It's not even a language.

Or are there better alternatives to learn as a Nubie hacker?

No better alternatives to reading, testing and experimentation, sorry.

2. Proxy me. During some intense reading, I see that it seems a good idea to do any creative discovery behind a proxy... especially if experimenting from home (while using an honest-to-goodness excellent tech-savvy ISP). While I understand the premise, is this easily done, and if so, what tool can be used for this?

Any tool that is capable of using a proxy server. See a list here:

http://en.wikipedia.org/wiki/Proxy_server#Proxy_software

3. Being 99.9% self-taught? Yeah, I read that here too. While I can't say that I'm ambitious enough to think I can learn everything by trial-and-error, I do understand this thinking. To that end, would it be best to build a system to experiment from, or are there enough "safe" tools/OS's that I could run them from my every-day home/business PC?

What do you mean by ""safe" tools/OS's"? Every operating system is safe to a certain level.

0

Share this post


Link to post
Share on other sites

As watchout tersely pointed out, linux is family of operating systems not a programming language (which I think you know). Unlike windows, linux has a vast array of programs and tools that can be run from the command line, and even most applications with a GUI will have a command line backend (this is a great idea for many reasons). Back in the days before X (the name of the linux windowing system) there was no GUI and you would log on and interact with the machine using only the command line, but these days everyone uses a GUI interface and a terminal program to interact with the shell.

Using a text-based interface is really not anything complicated or hard once you get familiar with it, and it offers a lot of flexibility and power (for example, you can pipe the output of one command into another, and easily automate complicated tasks with a script). But I see after rereading your post, you probably know all this...

In any case I would highly recommend trying linux. Many modern distributions don't even require that you ever touch the command line (but you should). I run Debian, but most people reommend Ubuntu (which is debian-based) as the most mature/easy desktop distro. Once you start using it you will discover the joys of Free Software:

for example, you want to install the nessus security scanner to easily scan your company's IP range for security problems. Simply run

> apt-get install nessus

and boom your computer downloads that package and any others that it requires from the debian repositories, installs it and it's ready to use. Would add more to address your post but gtg.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now