Want to get into a security career but have no experience hacking into systems?  Head on over to De-ICE.net and download the penetration testing livecds.  They are preconfigured environments that you'll fire up on a machine in your network (has to be a 192.168.1.0 subnet) and attack with your favorite penetration testing tools (Backtrack 2 Final is recommended).  I just finished the first disk and I gotta say, while its a bit simple, its pretty fun.  Its also a great starting point for anyone who has no experience penetrating linux systems.

There are two cds for level one and one cd so far for level 2, its still under development.  You will need a fairly advanced understanding of linux commands and tools to successfully complete any of these disks, but there is good help on the De-ICE forums.  These disks are great fun and very educational if you're interested in Linux security.

If you plan on being any sort of security professional, you need to know about more than just Windows machines.  Linux is a powerhouse in the network environment and its use will continue to grow.  There are plenty of ways to learn Linux.  For one, you can just go download any distribution and use it for a while.  Keep in mind though that the ones used in production environments tend to be the Redhat/Fedora, SuSE, and Debian distributions or derivatives.

HP has had this website up for a while but their TestDrive service lets you get an account and use one of multiple Linux and UNIX systems, open source AND commercial,  over the internet so you don't even have to do anything to your PC.  The good thing about this is you can jump right in and start using a *nix system and learning about it.  The bad part is you don't get the experience of installing it.  Which could be very easy with the mainstream distributions or very tricky with the less well-known things.  Regardless, you should take steps to learn these systems inside and out.

Defensive and Offensive security go hand in hand.  If you're defending a network, you better know your systems and how to secure and properly configure them.  If you're conducting penetration tests on a network, you better know how to exploit flaws in anything you can get your hands on, including the more obscure OSes like OpenVMS and HP-UX.

There is more than enough information in online forums, IRC channels, and mailing lists to give you the knowledge you need to learn these systems so get going.  If you're like me, you'll appreciate the challenge of any new operating system anyway.

There are some really crappy SQL injection tutorials out on the net that don't really tell you what you need to know nor how to fix vulnerabilities. The main thing to remember when preventing SQL injections is to cleanse HTML tags and quotes from untrusted user input. And of course, depending on which language you're using there will be a different method for doing that.

Most tutorials show you the basic method of finding if a site or form is vulnerable, the old ' or 1=1-- trick which should return the first record in the database. This is fine and dandy but quite useless if you don't know what to do after that. The most important part of SQL injection is SQL, obviously, and if you don't know SQL you're not going to get very far. I'm not going to teach you SQL here, but I will tell you that the Uncommon SQL Injection whitepaper by N3T D3VIL is a good place to start learning about SQL queries you might find useful.

Now I'll tell you how to sanitize your inputs with PHP. Anywhere your users can enter data should be sanitized, including login forms, registration forms, and comment forms. Basically any form that talks to a database should be sanitized.

PHP comes standard with functions to do this, htmlentities(), and addslashes(). htmlentities() changes and special characters to the html equivalent. Say if someone entered a <SCRIPT> tag into a comment form, your sanitization code would turn it into &lt;SCRIPT&gt;. addslashes() adds slashes behind any quotes to escape those quotes before they can be used to hijack your SQL queries on the backend. These are good basic practices when using forms on a public website that can accept untrusted user data that speaks to a database.

While this is enough for some people, some people like to go a step further and limit the characters used to a specific set and feed any user input through a function to strip any characters that are not part of that set. This tutorial over at Nucleotide shows you how to use Regular Expressions to do just that. This would be perfect for login and registration forms and if you didn't care about letting users create anchor links on comments, it'd work there too.

If you DO want to allow users to create links on comments, you should think about implementing a WYSIWYG editor into your comment forms. The industry standard at this point is TinyMCE and it works really well. It is the default on many content management systems and blog platforms. If for some reason you don't like TinyMCE, there are several other solutions that a quick Google search with turn up.

Whether you're coding for yourself or a client, you should always use safe coding practices. If not for financial liability reasons, then just for not having the headache of restoring everything when a hacker destroys your data.

This is a great whitepaper published by my good friend Steve Mallard that outlines the security concerns that face corporations in today's internet environment and ways they can mitigate threats. This is a very good read for anyone curious about security in the corporate environment.

Steve Mallard is an accomplished IT manager and has several published works. You should check out his blog for some more great reading.

With all the dangers out there on the web, one must be conscious of malicious code on the websites they visit. Even if you're visiting a reputable website that would never plant malicious code, their users could in comments, forum posts, etc., without anyone's knowledge. Webmasters should both implement measures to prevent malicious users from doing this and check their comments and 3rd party posts regularly for malicious code. Sometimes it doesn't even look malicious at first glance but it could be. For some people though, that just isn't enough assurance that they're safe, and they're right.

Firekeeper is a proactive solution for end-users to prevent themselves from being duped by malicious code such as cross site scripting attacks. Its basically Snort for your web browser and its quite impressive. I've been using it for a few days now and its alerted me to several possible malicious scripts on various websites and allowed me to put them on a blacklist. It uses the a similar rule format that Snort does but its much simpler and anyone can write rules (if you know how). Give this plugin a try, it can't hurt.

A new plague of malicious emails are making their rounds offering nude or erotic pics or videos of Shakira, Scarlett Johanssen, Rihanna, and Britney Spears. Of course, you should NEVER trust an email offering nude pics, ever. The emails include a link to the pics but instead of giving you all the naked celeb goodness, it gives you the Agent.IMB trojan.

The trojan installs a service called CbEvtSvc.exe that runs in the background and starts every time you boot your computer. I'm not sure if a tailored removal tool is necessary to remove it or if a standard antivirus will work, but for God's sakes, don't trust your inbox! If you se this email, ignore it, or even better, delete it altogether.

The good folks over at TAO Security have launched OpenPacket.org 1.0 that allows security professionals to share packet captures of various types of network traffic so people can learn what they look like and be able to identify it if it happens on their network. The dumps are divided up into three categories, Normal, Suspicious, and Malicious so you can quickly find what you're looking for whether you're evaluating some traffic you've captured on your network or if you're just looking around out of curiosity. You can view the files in Ethereal/Wireshark, tcpdump, snort, etc.

This is the first time a website has served this purpose and it was sorely needed. Now more people can learn how to look at traffic dumps efficiently than ever before. The best thing about it is that anyone can submit new traffic dumps so the variety of available information will be expanding rapidly.

I found this great post over on Pantz and I have NO idea who the author is. Its a really handy init script for setting up iptables for a laptop. There are a couple lines there that you can uncomment if you want to open up ports 22 for SSH or 21 for FTP. Of course, you could just copy those lines and substitute the port number for anything else if you want to run something else.

What you need to do with this script is copy/paste it as root in /etc/init.d somewhere, I named mine firewall.sh and chmod 755'd it.

Get it here.

BTW, if you wrote this or know who did, let me know and I'll credit and thank you.

There is a great class over at Hacker High School that will teach you the basics of networking and security. If you're curious about how hackers do what they do and how computer security works, you should definitely check out this free course. It is provided in thirteen PDFs free for download.

Keep in mind that this really isn't meant for anyone who has security experience, but anyone that craves information like I do might be interested in reading the lessons.

This is primarily meant for high school students that want to learn more about computer security for purposes of a career in IT. Not only does it teach about hacking but it teaches about ethics as well. Its cooler to be an ethical hacker than a malicious one, kids. Then you're subverting the subverters.

A recent Ubuntu convert asked me how to block IPs in Linux. He wanted something that was compatible with the PeerGuardian format (description:xxx.xxx.xxx.xxx-yyy-yyy-yyy-yyy). I didn't know of one off the top of my head so Googled it and found linblock. This is a handy little script that parses those IP blocklists you can get at sites like Bluetack. These blocklists can keep you safe from various types of hosts on the net like ad agencies, IPs that are under investigation by the authorities, and lists created from firewall and IDS logs that indicate that they are known for portscanning or other activities.

All you have to do with this script is extract it, open a terminal and type
perl -u blocklist -c chainname
Where blocklist is the name of the text file and chainname is just a name for that chain. If you want to use more than one blocklist file, you'll have to use a different chain name for each one of them.

If you want to roll your own blacklist, you can block ip addresses or networks manually with

iptables -A INPUT -s <iprange> -j DROP

You can substitute <iprange> with a single ip, or a range of ips such as 192.168.0.1-192.168.3.254