Yet another guide to learning computer security ! ... Yes, but this one is with a DIFFERENCE. It will reveal to you all the untold secret methods that are never there in those other laughable tutorials on the net. Even those books in market won't teach you as much content you are going to learn here, and that too at a storming pace ... you will be able to hack your school's servers, read your enemy's mails (yes, hack Yahoo!, Gmail and many other mail servers !) and more with the super-hack tools presented in this series. And, all you need to do is to help me to continue this great service to wannabe hackers like you by donating me a small amount of 100 dollars ...
;-) ... just kidding, I am not going to do any of what's mentioned above. Just to entertain you (a pathetic attempt, I admit) and sort of pun on some webpages with somewhat similar claims. My purpose in this post is to provide students and people who want to learn about computer security (with more than a passing interest), a somewhat helpful plan to do so. So let's get started.
Well, we can make a vague and not so accurate (but practical for learning purposes) partitioning of this field. That is (a) OS+Network Security (b) Web Application Security (c) Cryptography. This definitely leaves out some areas since security is a huge field. Another thing is that these categories are not disjoint sets, that is there is stuff which cannot be said to fall in any one of the categories. However, this partitioning will do, as you are embarking on the journey. Let me explain briefly what these categories mean.
(a) OS+Network Security - This covers the exploits that are targeted against the weaknesses, critical flaws in an operating system's code (like Windows or Linux or Mac) as well as network protocol implementations. So the major work here is to understand how these exploits work, finding new areas of OS, Networking code that are vulnerable and solutions to prevent the exploits.
(b) Web Application Security - This covers the exploits targeted against the web applications like browsers, mail servers, web servers. Usually, the exploits use vulnerabilities in such software to gain access to system, or to retrieve confidential data from the databases behind the servers.
(c) Cryptography - Cryptography is the science of secret storage and secure transmission of information. Various cryptosystems are used to enable the secure transmission of data over insecure channels like Internet. Now, cryptography is used both in OS and Web Security. So what I mean here is the study of cryptosystems, protocols, security of these systems, attacks on these systems etc.
Well, so that was a crap intro to the three categories. You can get much better descriptions on Wikipedia. Let's move on to a plan for study. Let me remind you, I am not giving you any methods for cracking or breaking into other people's systems. Another very important thing is the fact that you are not going to be good in this field within couple of weeks, or months. It takes lot of hard work, patience, perseverance and you would better set a time frame of a couple of years at least. Well, that doesn't mean you will be an expert in couple of years, but you will be much ahead of the crowd if you put in real effort.
Avoiding Crap Sites on the Net: Yes, there are so many of them. They will provide you with text files, webpages with hack descriptions and lots of them. The problem is that these are mostly the "script-kiddie" stuff. That is, they give you tools or methods used for hacking which have been developed by other crackers(yes, not hackers, there's a difference) and spread on the net. The problem is that you never learn why they work and you are a dead duck when they fail and maybe get you tracked down. Study good books to get your fundamentals right first.
Understanding Networking: This is really important. You got to have your networking concepts really solid to understand the field of security. Unless you know how networking works, how the protocols work, in depth, you are going to be always on the surface of this ocean. So, try to get an account at your institute's lab and practice what you learn from books. For those who are out of institute, if you can build a small LAN with your friends maybe, you can still learn most of the stuff. You could also subscribe to lots of Unix/*nix accounts (some free) out there on Internet. Yes, books:
(1) TCP/IP Illustrated Vol 1, Vol 3 - W. Richard Stevens, this is such a joy to read, the best thing being that it's not filled with only theory but also shows you all the details with tcpdump, read an practice this book thoroughly, it will enable you to understand the security issues and explore on your own. Vol 2 has a coverage of whole TCP/IP implementation, and is recommended if you want to take a really deep dive. You can manage without it usually while understanding the exploits but to design your own exploits or to tackle exploits you will need to get down to these gory details.
(2) Computer Networking by Tanenbaum is also nice but is a lot of theory, you could read it to clarify some portions and more general coverage than Stevens
(3) Internetworking with TCP/IP - Comer, haven't read it but I hear this one's also good
Understanding Operating Systems: This is really important if you want to get more into OS security. Even if you don't, it's very advisable to have a good idea of how an OS works in general. You will benefit from the knowledge in many other areas as well. The books are:
(1) OS Concepts - Silberschatz, Galvin ... this is the standard OS textbook of general nature and you would do well to read it as much as you can. It's a very clearly written book that will provide you the concepts you will need to understand more specific texts.
(2) The Design of the Unix Operating System - Maurice J. Bach ... this is a classic. It is outdated in some places but most of it is still relevant and gives you the idea underlying UNIX OS and most of its existing derivatives today (like Linux).
(3) The Design and Implementation of 4.4 BSD Unix OS - McKusick, Bostic, Karels, Quarterman ... another classic, describes the Berkeley Unix, the other major stream of Unix kernel besides the AT&T Unix.
(4) Understanding Linux Kernel, 3rd Ed. - Bovet, Cesati ... the definitive book for details of Linux kernel. Best if you read this one along with (1), covers the 2.6 kernel that is the latest major kernel version of Linux.
In fact, anyone whether he intends to get more into OS security or not should read (1), and if you want to move into details pick up (2), (3) or (4). (3) and (4) are more up-to-date. (4) has the unique advantage in that it contains some real kernel code as well as pointers in the kernel tree to where you would find the code to the topic being discussed. Another important point to note is that if you want to do security stuff, Windows or Mac isn't a very good idea, as you have limits on how much you can peek into the internals (which frankly is very less). Linux provides you complete freedom to look at everything in it, you can go through code for every part of the kernel, device drivers and do changes at fundamental levels which are not possible on Windows or Mac.
Shell Programming: You need to be good at shell programming, scripting, to carry out the tasks efficiently in Unix/Linux. Many exploits are written as shell scripts. Also they take a lot of burden by simplifying the task compared to what you would have to do if you were to write them in languages like C, C++. Books are:
(1) The Unix Programming Environment - Kernighan, Pike ... the classic and much recommended book, will give you an idea of how the good Unix programmers use the shell for their work and the power of shell. You really need to absorb this book as much as you can.
(2) Classic Shell Scripting - Robbins ... another very good and current book that will strengthen your shell programming skills.
Firewalls: For those who were waiting for more related to Web Security, this one is a really important topic. However, please note that you need good networking concepts to move into this part. Firewalls are essential to security on web today. There are so many exploits and so many firewall-building/firewall-design strategies, that it is a very demanding and enjoyable area of study in itself.
(1) Firewalls and Internet Security: Repelling the Wily Hacker - Cheswick, Bellovin ... this one's the only one I have looked at and it's probably the best book out there on the subject.
Web Application Security: I haven't read much here and most of what I know is from a few good websites. I will be lisiting a collection of websites that have good content on security in the next part of this topic. Though, I can see from reviews that following books might be good:
(1) Hacking Web Applications Exposed - Scambray, Shema, Sima ... another one from the trustworthy Hacking Exposed series.
(2) Apache Security - Ristic ... I happened to glance through the book, looks pretty good to me, reviewers seem to agree.
Cryptography: Well, this is something I am most interested about from all the three categories I mentioned. As I said earlier that what I mean by this section is the study of cryptosystems used today, the analysis of their security, attacks on them and mitigation strategies. Moreover, this part of security turns out to be heavily mathematical and algorithms-based. So if you are more hooked on to programming, OS's, networking etc. you might just want to know some basic ideas from this field and that would be fine. That does not mean that cryptography doesn't involve programming, there's programming here too, as these mathematical cryptosystems need to be implemented, that too correctly and efficiently. A very good, general, not too technical, introduction would be Simon Singh's The Codebook. For those of you who want to get into it a bit deeper, let me remind you that you need to be comfortable with some elementary algebra and number theory. The books are:
(1) Introduction to Cryptography - J. Buchmann ... good material, with examples to get you working, gives you required maths background to understand the topics.
(2) Cryptography, Theory and Practice - Douglas Stinson, 3rd Edn. ... a classic, really good textbook. Maths background is there but you need to be comfortable with some elementary algebra and number theory.
(3) Handbook of Applied Cryptography - Oorschot, Menezes, Vanstone ... a very good textbook, with current material, lots of references to help you, good presentation. Best thing is that the whole book is downloadable freely.
(4) An Introduction to Theory of Numbers - Niven, Zuckerman, Montgomery ... one of the best number theory books out there, very accessible and sufficient depth in topics too.
(5) Contemporary Abstract Algebra - J. Gallian ... a very accessible introduction to Algebra. It is a really good book to start learning algebra, gives you a lot of examples and also gives applications of algebra.
I could write a lot here but I plan to put more information in posts in the Cryptography category (to be added soon).
Other Important Books: This section lists some books that are essential to your knowledge but I could not put them in one of the above categories. One reason being that they are different from the above books as they are meant to guide you in securing your systems, not to prepare you for an in-depth understanding of the exploits and vulnerabilities.
(1) Practical Unix and Internet Security, 3rd Edn. - Garfinkel, Spafford, Schwartz ... a classic of its kind, you got to have this book on your shelf. Lots of information, with very clearly written material on system administration, intrusion detection, break-in forensics, and log analysis.
(2) Hacking Linux Exposed - Hatch, Lee ... a very good read, it contains current material and exposes lots of security problems, provides you an understanding of various tools for keeping your systems secure and monitoring their security.
Books to develop your thinking style about security: These are the sort of books that will give you an insight to the patterns of hacking exploits, how people have thought about these exploits.
(1) Exploiting Software - Hoglund, McGraw ... does a Design Patterns thing for security exploits, gives you an insight as to how to look for vulnerabilties in software. Highly recommended.
(2) Silence on The Wire - Michal Zalewski ... another thoroughly entertaining and insightful book on computer security. Highly recommended.
Yes, this looks quite lengthy and I am feeling sleepy now. I wanted to add some sites you should look for to learn and be in touch with current security threats but, I will do that some other day as next part of this topic. Till then, best of luck in case you decided to get into this wonderful field :-)
;-) ... just kidding, I am not going to do any of what's mentioned above. Just to entertain you (a pathetic attempt, I admit) and sort of pun on some webpages with somewhat similar claims. My purpose in this post is to provide students and people who want to learn about computer security (with more than a passing interest), a somewhat helpful plan to do so. So let's get started.
Well, we can make a vague and not so accurate (but practical for learning purposes) partitioning of this field. That is (a) OS+Network Security (b) Web Application Security (c) Cryptography. This definitely leaves out some areas since security is a huge field. Another thing is that these categories are not disjoint sets, that is there is stuff which cannot be said to fall in any one of the categories. However, this partitioning will do, as you are embarking on the journey. Let me explain briefly what these categories mean.
(a) OS+Network Security - This covers the exploits that are targeted against the weaknesses, critical flaws in an operating system's code (like Windows or Linux or Mac) as well as network protocol implementations. So the major work here is to understand how these exploits work, finding new areas of OS, Networking code that are vulnerable and solutions to prevent the exploits.
(b) Web Application Security - This covers the exploits targeted against the web applications like browsers, mail servers, web servers. Usually, the exploits use vulnerabilities in such software to gain access to system, or to retrieve confidential data from the databases behind the servers.
(c) Cryptography - Cryptography is the science of secret storage and secure transmission of information. Various cryptosystems are used to enable the secure transmission of data over insecure channels like Internet. Now, cryptography is used both in OS and Web Security. So what I mean here is the study of cryptosystems, protocols, security of these systems, attacks on these systems etc.
Well, so that was a crap intro to the three categories. You can get much better descriptions on Wikipedia. Let's move on to a plan for study. Let me remind you, I am not giving you any methods for cracking or breaking into other people's systems. Another very important thing is the fact that you are not going to be good in this field within couple of weeks, or months. It takes lot of hard work, patience, perseverance and you would better set a time frame of a couple of years at least. Well, that doesn't mean you will be an expert in couple of years, but you will be much ahead of the crowd if you put in real effort.
Avoiding Crap Sites on the Net: Yes, there are so many of them. They will provide you with text files, webpages with hack descriptions and lots of them. The problem is that these are mostly the "script-kiddie" stuff. That is, they give you tools or methods used for hacking which have been developed by other crackers(yes, not hackers, there's a difference) and spread on the net. The problem is that you never learn why they work and you are a dead duck when they fail and maybe get you tracked down. Study good books to get your fundamentals right first.
Understanding Networking: This is really important. You got to have your networking concepts really solid to understand the field of security. Unless you know how networking works, how the protocols work, in depth, you are going to be always on the surface of this ocean. So, try to get an account at your institute's lab and practice what you learn from books. For those who are out of institute, if you can build a small LAN with your friends maybe, you can still learn most of the stuff. You could also subscribe to lots of Unix/*nix accounts (some free) out there on Internet. Yes, books:
(1) TCP/IP Illustrated Vol 1, Vol 3 - W. Richard Stevens, this is such a joy to read, the best thing being that it's not filled with only theory but also shows you all the details with tcpdump, read an practice this book thoroughly, it will enable you to understand the security issues and explore on your own. Vol 2 has a coverage of whole TCP/IP implementation, and is recommended if you want to take a really deep dive. You can manage without it usually while understanding the exploits but to design your own exploits or to tackle exploits you will need to get down to these gory details.
(2) Computer Networking by Tanenbaum is also nice but is a lot of theory, you could read it to clarify some portions and more general coverage than Stevens
(3) Internetworking with TCP/IP - Comer, haven't read it but I hear this one's also good
Understanding Operating Systems: This is really important if you want to get more into OS security. Even if you don't, it's very advisable to have a good idea of how an OS works in general. You will benefit from the knowledge in many other areas as well. The books are:
(1) OS Concepts - Silberschatz, Galvin ... this is the standard OS textbook of general nature and you would do well to read it as much as you can. It's a very clearly written book that will provide you the concepts you will need to understand more specific texts.
(2) The Design of the Unix Operating System - Maurice J. Bach ... this is a classic. It is outdated in some places but most of it is still relevant and gives you the idea underlying UNIX OS and most of its existing derivatives today (like Linux).
(3) The Design and Implementation of 4.4 BSD Unix OS - McKusick, Bostic, Karels, Quarterman ... another classic, describes the Berkeley Unix, the other major stream of Unix kernel besides the AT&T Unix.
(4) Understanding Linux Kernel, 3rd Ed. - Bovet, Cesati ... the definitive book for details of Linux kernel. Best if you read this one along with (1), covers the 2.6 kernel that is the latest major kernel version of Linux.
In fact, anyone whether he intends to get more into OS security or not should read (1), and if you want to move into details pick up (2), (3) or (4). (3) and (4) are more up-to-date. (4) has the unique advantage in that it contains some real kernel code as well as pointers in the kernel tree to where you would find the code to the topic being discussed. Another important point to note is that if you want to do security stuff, Windows or Mac isn't a very good idea, as you have limits on how much you can peek into the internals (which frankly is very less). Linux provides you complete freedom to look at everything in it, you can go through code for every part of the kernel, device drivers and do changes at fundamental levels which are not possible on Windows or Mac.
Shell Programming: You need to be good at shell programming, scripting, to carry out the tasks efficiently in Unix/Linux. Many exploits are written as shell scripts. Also they take a lot of burden by simplifying the task compared to what you would have to do if you were to write them in languages like C, C++. Books are:
(1) The Unix Programming Environment - Kernighan, Pike ... the classic and much recommended book, will give you an idea of how the good Unix programmers use the shell for their work and the power of shell. You really need to absorb this book as much as you can.
(2) Classic Shell Scripting - Robbins ... another very good and current book that will strengthen your shell programming skills.
Firewalls: For those who were waiting for more related to Web Security, this one is a really important topic. However, please note that you need good networking concepts to move into this part. Firewalls are essential to security on web today. There are so many exploits and so many firewall-building/firewall-design strategies, that it is a very demanding and enjoyable area of study in itself.
(1) Firewalls and Internet Security: Repelling the Wily Hacker - Cheswick, Bellovin ... this one's the only one I have looked at and it's probably the best book out there on the subject.
Web Application Security: I haven't read much here and most of what I know is from a few good websites. I will be lisiting a collection of websites that have good content on security in the next part of this topic. Though, I can see from reviews that following books might be good:
(1) Hacking Web Applications Exposed - Scambray, Shema, Sima ... another one from the trustworthy Hacking Exposed series.
(2) Apache Security - Ristic ... I happened to glance through the book, looks pretty good to me, reviewers seem to agree.
Cryptography: Well, this is something I am most interested about from all the three categories I mentioned. As I said earlier that what I mean by this section is the study of cryptosystems used today, the analysis of their security, attacks on them and mitigation strategies. Moreover, this part of security turns out to be heavily mathematical and algorithms-based. So if you are more hooked on to programming, OS's, networking etc. you might just want to know some basic ideas from this field and that would be fine. That does not mean that cryptography doesn't involve programming, there's programming here too, as these mathematical cryptosystems need to be implemented, that too correctly and efficiently. A very good, general, not too technical, introduction would be Simon Singh's The Codebook. For those of you who want to get into it a bit deeper, let me remind you that you need to be comfortable with some elementary algebra and number theory. The books are:
(1) Introduction to Cryptography - J. Buchmann ... good material, with examples to get you working, gives you required maths background to understand the topics.
(2) Cryptography, Theory and Practice - Douglas Stinson, 3rd Edn. ... a classic, really good textbook. Maths background is there but you need to be comfortable with some elementary algebra and number theory.
(3) Handbook of Applied Cryptography - Oorschot, Menezes, Vanstone ... a very good textbook, with current material, lots of references to help you, good presentation. Best thing is that the whole book is downloadable freely.
(4) An Introduction to Theory of Numbers - Niven, Zuckerman, Montgomery ... one of the best number theory books out there, very accessible and sufficient depth in topics too.
(5) Contemporary Abstract Algebra - J. Gallian ... a very accessible introduction to Algebra. It is a really good book to start learning algebra, gives you a lot of examples and also gives applications of algebra.
I could write a lot here but I plan to put more information in posts in the Cryptography category (to be added soon).
Other Important Books: This section lists some books that are essential to your knowledge but I could not put them in one of the above categories. One reason being that they are different from the above books as they are meant to guide you in securing your systems, not to prepare you for an in-depth understanding of the exploits and vulnerabilities.
(1) Practical Unix and Internet Security, 3rd Edn. - Garfinkel, Spafford, Schwartz ... a classic of its kind, you got to have this book on your shelf. Lots of information, with very clearly written material on system administration, intrusion detection, break-in forensics, and log analysis.
(2) Hacking Linux Exposed - Hatch, Lee ... a very good read, it contains current material and exposes lots of security problems, provides you an understanding of various tools for keeping your systems secure and monitoring their security.
Books to develop your thinking style about security: These are the sort of books that will give you an insight to the patterns of hacking exploits, how people have thought about these exploits.
(1) Exploiting Software - Hoglund, McGraw ... does a Design Patterns thing for security exploits, gives you an insight as to how to look for vulnerabilties in software. Highly recommended.
(2) Silence on The Wire - Michal Zalewski ... another thoroughly entertaining and insightful book on computer security. Highly recommended.
Yes, this looks quite lengthy and I am feeling sleepy now. I wanted to add some sites you should look for to learn and be in touch with current security threats but, I will do that some other day as next part of this topic. Till then, best of luck in case you decided to get into this wonderful field :-)
2 comments:
I wish I read this article while I was still at college :-). But this article does go with your purpose of blog.
I too wish I could have had some sort of clear road map like this one, or better than this one, compared to the random, unguided efforts we made in college days. Still, there's a lot of time ahead and we can still enjoy this subject if we keep learning at some steady pace ;-)
Post a Comment