Every class I get students asking me how they can get into the security field. I tell them what I know but I think this post sums it all up pretty well. Also it helps that its coming from someone that "does" security rather then someone who "teaches" security.
So, You Wanna Be in InfoSec?
Here is another post about a career in Ethical Hacking. I highly suggest checking out this mp3/pdf presentation.
DIY Career in Ethical Hacking: The R-Rated Version
If your a security professional and want to share your story I would like to hear it in the comments. If you have a website where you have already shared your story post a link and I'll add it to this post.
Wednesday, February 25, 2009
Friday, February 20, 2009
Server migration almost complete.
I wanted to let my readers know that I’m almost done migrating my blog to a new host. I still need to check to see that everything made it over but for the most part I think its done.
The Wiki is offline for now but I hope to get it back online tomorrow. I have added support for iPhone/Touch devices. I will be making some other enhancements to the site as I now have more resources to work with on my new server.
Sorry for anyone who has experienced trouble with the site the last 24 hours. My attempt to make the cut transparent was a failure. Once this is all done I hope to get back to blogging and produce more videos soon.
Thanks for visiting and come back to see whats new.
The Wiki is offline for now but I hope to get it back online tomorrow. I have added support for iPhone/Touch devices. I will be making some other enhancements to the site as I now have more resources to work with on my new server.
Sorry for anyone who has experienced trouble with the site the last 24 hours. My attempt to make the cut transparent was a failure. Once this is all done I hope to get back to blogging and produce more videos soon.
Thanks for visiting and come back to see whats new.
Tuesday, February 10, 2009
Getting Nessus running on your home network FREE
Getting Nessus running on your home network FREE from Thomas Nicholson on Vimeo. See it in HD.
Nessus is one of the most commonly used network vulnerability scanners on the market. Anyone that does network assessments has used Nessus or one of the many other alternatives like Immunity, Core or even OpenVAS. I wanted to share with those that might be new to Nessus how you can get the "Home Feed" for FREE for personal use. Please be sure to read the ToS in its entirety before you download Nessus.
Nessus has two components a client interface and a server process/manager. Nessus supports Windows, Linux and Mac OSX. You can mix and match the client software and server software. For example I have the Nessus server software installed on one of my Linux servers and the Nessus client installed on my Windows netbook.
You can download Nessus from the Tenable website. If your just installing the client you don't need to enter a registration number. But you will need a registration key to install theNessus server. If you wanted you could install the Nessus clients on all the computers on your home network. When you install the Nessus server it will ask for a registration key. You can get the key for the Home Feed free on the Tenable website. Tenable will send you and email with the key. Once the enter the key and its validated it will ask you if you want to run the update. After that if you leave the server running it will update every 24 hours. Once the server is updated and the client software is installed your ready to go. (I'm working on a short video walk through but Tenable has a few video demos on their website.)
The the Home Feed has some major limitations with respect to functionality. The first being the updates you get with the Home Feed are not the current ones you would get with the paid Professional Feed. I'm not sure how "current" the home feed is but I would not expectNessus to find anything less than a month old. It could be longer or shorter I don't know for sure.
In addition to the delayed updates for the Home Feed doesn't have all the policies that come with the Professional Feed and your are limited to two a generic scan policy and a Windows Patches policy by default. You can create as many new custom policies as you would like but they won't come already built for you. You can also read more details on the difference between the Home and Professional feeds at the Tenablewebsite's comparison matrix.
Bottom line of you want to get a basic feel for Nessus and an idea of how it works the Home Feed is great. But I wouldn't make an assumption that you understand the "full capability" ofNessus without the Professional Feed.
I hope this information is useful and if you're using Nessus on your home network. Also check out my post about OpenVAS which is a fork of Nessus that is free and Open Source.
