Security Tools and Training

10 11 2011

by Matthew Collins

My original intent for this blog post was an educational piece on Nmap. The program was briefly covered in lecture and, if used improperly, can get you banned from CMU’s network.* While researching relevant documentation and training for Nmap, I decided to change my post to open source documentation and education. Due to the diverse educational experience and backgrounds of the people in this course, I have wanted to use this post to cover multiple resources that can improve one’s knowledge of computer, science, or business related topics. All of these resources are available for free online.

Training for Specific Tools:

Nmap is a great open source tool that is very popular. Popular open source software generally has a large community of developers who create training documents for the tool. The Nmap website provides the official guide to the Nmap Security Scanner called “Nmap Network Scanning”. The first half of the book is freely available and the rest of the book can be purchased at Amazon or other online retailers. There is much more to Nmap than what can be covered in a blog post, so I recommend that you check out the guide for more information on the tool.

The Social Engineering Toolkit, mentioned in an earlier blog post, has a guide at this website. The site walks users through setting up attacks and contains multiple examples. Nearly all open source software has extensive documentation that can be downloaded for free and used to learn an open source tool. Documentation is generally widespread and can usually be found with a simple search.

Training for General Topics:

There are multiple resources available for online training. A popular website,  Khan Academy, links to YouTube videos that cover topics from linear algebra to basic computer science. For more formal instruction, iTunes U (Found in the iTunes Store) and OpenCourseWare, offer college courses in nearly every subject available from multiple universities. While some courses only offer lecture notes and previous assignments, others offer audio or video recordings of full semester courses. These serve as great resources for students who need to refresh their knowledge of a certain topic, or to learn a new programming language. For programming languages, Bruce Eckel has released textbooks for Java and C++ at his website. Resources for learning Python include Learn Python the Hard Way and the Python Tutorial.

The trend is now moving toward offering courses for free online. Currently, a course in artificial intelligence is being offered online from two professors at Stanford. Students who take the course online are able to take the exams and complete assignments along with students from Stanford.

Security Specific Education:

One resource that few people have heard of is the site Open Security Training. Started by CMU alumni, the site aims to provide training focused on information security. Topics are limited now but include forensics, introduction to software exploits, and rootkits. All are formatted as two-day courses and are useful resources for security professionals.

Many open source security applications are designed to run on Linux, so a working knowledge of the operating system is important for security professionals. I would recommend downloading either Linux Mint or Ubuntu and using Virtual Box to run the operating system as a virtual machine. This will allow you to use and learn Linux in a safe environment. Lifehacker has a guide to getting started with Linux and two free textbooks can be downloaded here (Intro to Linux) and here (Open Source Security Tools).

I hope that this post has given you a good set of free resources to use in your time at CMU and throughout your professional career.


*A full scan on CMU’s network using Nmap can be considered attacking others on the network.  Only do a ping scan of the local subnet (“nmap -sP –PE HostIPaddress/24) when on CMU’s network.  It is much safer to try it at home.