The purpose of this text is to start you down the road to learning the art of information security. It is the first in a series of papers written to help educate people about system administration and information security. Many of the topics in this paper are not new, but I felt that the available information was either outdated or needing to be revisited. I hope that this is useful information for both beginning and intermediate system administrators.

First things first- build your own computer security lab.

First thing you need to get started is your own lab. I must advise you not to try to practice the things taught here on a school or work network. Your administrator will not be pleased.

Build a small network with two or more machines, some old 386/486 boxes will do fine for this project. You can get them cheap at garage sales or swap meets, or even from friends and relatives who are no longer using them. After you have the boxes, all you need is a couple of cheap network cards and cables to get yourself wired.

I recommend that your lab consist mainly of Unix systems. Unix is still the operating system of choice for large businesses and comprises almost the entire backbone of the Internet. Once you master Unix, add a Windows box or even a Mac to learn more about networking in a mixed environment.

You can get a free copy of one of the many flavors of the UNIX operating systems. Redhat, Linux, and FreeBSD are among the most popular. They are available for free and downloadable from many FTP and HTTP sites worldwide. Load your computers with these operating systems. To make it more interesting, you can put a different flavor of UNIX on each of your new machines.

Learning system administration.

Now you need to spend a few weeks learning the basic operations and file structures of the different operating systems in your lab. Start by reading every HOW-TO that you can find; most are included with the full installations of Unix systems, others can be found on the Internet.

Setup several user accounts on each machine. Learn how to control the access of users within your system. Understand the importance of proper password procedures. Learn how to monitor accounts and read log files to see what is being done within a user’s account.

You must understand how to administer and secure a single machine before you can begin to tackle administering and securing a network.

Understanding networking.

To understand computer security on a network, you must understand the processes that make up the network. These processes (often called daemons) include FTP, HTTP, NNTP, TELNET, and SMTP. There are many others. These are just some of the most common. Next read all the information you can find on networking subjects such as TCP/IP, IPX, and UDP.

Tools of the trade.

Once you understand the fundamentals of system administration and networking. You can start to implement many of the tools that are available to assist administrators in securing networks.

Firewalls have become a must within any network connected to the Internet. A firewall is defined as any device that is designed to prevent outsiders from accessing your network. It serves as a single entry point to your network and evaluates each connection it receives. IT then allows entry only under set conditions that the administrator configures.

Another popular tool for system administrators is a scanner. A scanner is a special program that scans TCP/IP ports and records the target’s response. They include such popular programs as SATAN and Ogre.

Another tool is a password cracker, such as John the Ripper or Hades. They are used to crack the password files and to assure administrators that good passwords are being used within their system. This is an important part of good security on any network.

One of the newest tools is intrusion detection software. These programs monitor ports and look for activities that show that a possible intrusion is occurring. They then send administrators a notice and take defensive measures. Some programs are now being written to launch a counter attack once an intrusion is detected.

Advanced Security.

Once you have taken the time to learn how to administer your systems and understand the fundamentals of networking and security you're ready to move on to advanced security.

Your next step is to learn at least the basics of several programming languages. Some useful languages include C/C++, Perl, and Assembly. As you read through the security mailing list you will encounter exploit codes. Take the time to compile and execute these exploits on your system and record the results. Understanding how the exploits work and what they do to your computer system will help you identify when your system is being attacked.

Mailing Lists- A system administrator’s best friend.

Since new exploits and patches for systems come out daily, it’s very important that a system administrator keep up with what is going on in the world of security. There are many groups such as BugTraq, CERT, and CIAC that are dedicated to getting the newest information out to the administrators that need it. Pay attention to these. Many crackers monitor mailing lists to find the newest holes to compromise your system.

Keeping up on the knowledge curve.

Computers, and especially network security, move at the speed of light. To keep up with what is going on you must constantly be updating your skills and learning new facets of the ever-growing world of computers and security. You should always be reading a new book or technical paper on computers, operating systems, languages, or security. There are hundreds of books and thousands of white papers available to help you learn the art of Information security.

I hope this paper starts you down the road to knowledge. Whether you’re an aspiring administrator or just a hobbyist, this paper should contain something helpful for you. The rest of this series will build where this primer left off, with more specifics and lists of resources to help continue your education.