|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] Forensics for Dummies?
|
On 15:19 Tue 18 Jan, FloydLJohnsonIII@aol.com wrote:
> Dear PLUGgers,
>
> Mr. Kaplowitz's recent (mis?)adventure raised, for me, the question, of
> systematically solving these things. Can anyone recommend a beginner's guide to
> post-intrusion analysis? A good one would instruct in how to answer, "how'd
> they break our defenses?
Floyd,
There are tons and tons of resources both free and commercial. If you
don't want to spend any money, then googling for "network intrusion
detection" and "incident responce" will likely yield a lot of articles
related to the subject. From there you can drill down to more specific
searches. It's mind boggling just how many free articles, howtos and
white papers have been written on the subject. There's also the
aforementioned bugtraq mailinglist. That's a pretty good mailinglist for
learning about how to spot exploits (and for learning about there
existence).
I own a few books on the subject that seem decent. This seems a booming
subject in the computer books genre. If you want some recommendations I
can give some.
I also took a pretty good course with a silly name "Certified Ethical
Hacker", which is a certification path offered by the EC Council.
(They're actually changing the name to something like "certified
penetration tester". If you get a good instructor for the course it's a real blast.
You learn all kinds of useful stuff about exploits and hacks by
practicing them in real life (on lab hosts, of course). My employer paid
for that course. I'd probably not go if I had to pay on my own, but it
was one of the best week long trainings I've been to.
Good luck,
Dave
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|