Network Security guide for the home or small business network – Part 16 – Learn about the enemy



I remember I had a geography teacher once that was a former Marine and he said when he was growing up it was the height of the cold war and geography was interesting to him from a “know your enemy” point of view. That’s a good concept to apply to computer security and network security. This doesn’t mean you have to visit a bunch of blackhat sites (although I’ve known those that do) to monitor their activities.


What it does mean is learn the hows and whys of people breaking into computers. In my case, one of the books that was most instructive was Hacking Linux Exposed. It’s not a how-to hack manual mind you, but it does give some pretty clear analysis of the different ways that a system can be attacked either over the wire or through a social engineering attack. It also gives ideas of how effective, how common and how the attack can be mitigated (marginialized/prevented or protected against.)

There is a whole series of Hacking * exposed books. (Hacking Exposed Computer Forensics (Hacking Exposed), Hacking Exposed 5th Edition (Hacking Exposed), Windows Server 2003 (Hacking Exposed), Windows 2000 (Hacking Exposed)) I haven’t read the rest, but if it holds up to the Hacking Linux exposed book any of them should be instructive.

Another idea if you’re a budding security investigator is to setup a test environment on your own network (A network YOU control and OWN all equipment on) for the purposes of security auditing, using scanning tools and learning the tools of the “enemy”.

Do NOT use networks that are out of your control or permission to test on. Examples…. my home network I own and control all the machines on it, the cable, the switch, etc. I’m free to do whatever I desire with regards to network scanning, penetration testing, etc. In some cases I’ve set up a virtual network segment walled off from the outside world for purposes of seeing what a virus does. Another example… I commonly use a network scanner to identify services running on a network that I do computer service for. That’s with the authorization of those owning the network/machines.

   Send article as PDF   

Similar Posts