Friday 29 October 2010

BackTrack 4 Linux Security Distribution

BackTrack is one of the most popular Linux security distributions and rightly so.
It is specially suited for penetration testing, with more than 300 tools available for the task. These tools are the best in the industry and are continuously revised. All of the tools are freeware including BackTrack.
It  has a full suite of the best free hacking applications that are pre-configured, so you don’t waste your time in setting up the tools.

BackTrack is based on Ubuntu. This means good stability and hardware detection and a whole lot of software that can be easily obtained. It's a one stop shop for a penetration tester. I would recommended any security professional to keep a live CD of BackTrack with him at all times.

I would suggest going through the BackTrack 4 review.

The official site for BackTrack is http://www.backtrack-linux.org/.
Latest version of BackTrack can be downloaded here:- http://www.backtrack-linux.org/downloads/

It has available as Live CD (ISO Image) as well as VMware Image.
For lab purposes and from a learning point of view, the VMware image is highly recommended.
After downloading the VMware image of BackTrack, you can instantly get started with it.
It can be run on VMware Workstation or the VMware Player.

But the Live CD is also equally good, which can be used to install BackTrack on a physical HardDrive, or on a pendrive or just running it live.

For downloading, I would suggest torrent download if you do not have a high speed net connection.

This was just to introduce you to one of the most important tools for an ethical hacker.
Installation instructions will be posted later along with steps for setting up a personal
hacking lab.

******************************************************************************
The quieter you become, the more you are able to hear…”

Thursday 28 October 2010

Security Certifications and Institutes

Without getting into the argument over the value of certifications or college degrees,  let me just state that :-

1. Certifications and Degrees do not prove anything, other than that you can take exams.

2. Certifications and degrees are often necessary to get past Human Resources (HR),   so you can get a interview.

3. All else being equal, certifications and degrees are the differentiators between employees and can improve your chances of a raise, promotions or provide an escape from a layoff.

Anyways, there is no real good reason except maybe financial for not doing a certification.
Generally, nowadays the price for Security Certifications are pretty steep in India.

For beginners the EC-Council's Certified Ethical Hacker (CEH) is one of the best.
Check here for more details:- https://www.eccouncil.org/certification/certified_ethical_hacker.aspx 

The curriculum for CEH is suited for beginners and it gives an overall knowledge about the subject. And even though there are some better certifications available from other organizations, I think that a beginner should start with CEH.

CBT Nuggets have a great video tutorial series for CEH. Hereis the link :- http://www.cbtnuggets.com/series?id=250
A search on www.HotFile.com will get you some good results for this videos.
Very highly recommended.

If not the certification for CEH, beginners should at least complete the course curriculum for CEH if you can get your hands on the video series. It is pretty basic stuff and a must for beginners.

Check out these links for other highly recommended certifications such as CISA, CISM, and CISSP although these are pretty advanced level and requires some experience as a prerequisite:-

http://www.isaca.org/CERTIFICATION/Pages/default.aspx

https://www.isc2.org/credentials/default.aspx

One other recommended certification is from C-DAC called CCCSP :-
http://elearn.cdac.in/eSikshak/help/English/eSikshak/CCCSP.html

This is available with or without training. It is held only twice a year. This course could be valuable for entry-level candidates since C-DAC has very good placement assistance and C-DAC also has Government support.

C-DAC has examination centers in Mumbai, Pune, Hyderabad and some other cities in India.

Pillai's Institute at Panvel in Navi Mumbai has a Cyber Security Division offering several courses in collaboration with Mile2 Security.

CPEH from Mile2 would a good choice. The links are :-

http://www.pillaiscyber.ac.in/

http://www.pillaiscyber.ac.in/CPEH.htm

http://www.mile2.com/outlines/CPEH_Outline.pdf


Mile2 has some of the best certifications and trainers available :-
http://mile2.com/Menu_Landing_Pages/courses_a_training_titles.html

Recommended Mile2 Certifications are :

1. CISSO
2. CSLO - 12 months IT experience required.
3. CSWAE (Certified Secure Web Application Engineer)
                This is the best one to get started in Web Application Security. It also does not have any prerequisites.
Link for CSWAE :- http://mile2.com/Course_Outlines/certified_secure_web_application_engineer.html

Here is a review of a Mile2 class:- http://www.ethicalhacker.net/content/view/9/2/

The Institute of Information Security also provides good training for various certifications. They also have their own security course. They have a centre at Andheri in Mumbai.

They are operated by Network Intelligence India, and chances of placement with NII is good.

Still, besides the certifications and the trainings, passion for knowledge is of outmost important, especailly for a field like ethical hacking and penetration testing.

**************************************************************************************

      "Begin nothing until you have considered how it is to be finished" – Russian Proverb

Thursday 21 October 2010

What is Mogambo ??

The word 'Mogambo' is taken from one of the local dialects of Swahili in Kenya, called kikuyu (the biggest tribe in Kenya), it means 'warning signal'. Back in the feudal old days local tribes used to put guards at the edge of the villages to look out for enemy tribes coming to attack. So, whenever these were spotted, the watcher would alert the village by raising a warning signal (mogambo!!). This could be in the form of a shriek, drumbeat or blowing of a large horn.

Apparently, "Mogambo" also means "big gorilla" in Swahili.