Today and yesterday i attended this 2-day seminar by Marcus Murray. We were told Marcus is a security guru, famous outside of the Netherlands. I was glad to attend his session. He's a nice guy, and as far as i am concerned he is definitely good in his field. He was able to free-form fill 2 days, answering a lot of questions and using his experience as a penetration tester. In this seminar he used day 1 to show the things hackers do, how they can get in. At the end of day 1 your 'awareness-level is raised' (;-)), so you're ready for info on how to solve it. There are recordings of some of Marcus' presentations online.

I have logged some sites and info he mentioned in my Delicious-tagcloud. One of my current favorites is this penetration testing framework: it mentions the steps when doing this kind of security testing, and tools and sites to use. Marcus' own list of global steps is nice too: Marcus was enthousiastic about the new security options in the new Windows operating systems (both client and upcoming server platforms).

Marcus also mentioned he hardly ever buys books anymore: he just daily checks with Microsoft on what nice new whitepapers are published. He asked whether anybody knows of a similar website/service for open source: nobody in the audience was able to to react, so i did some Googling and found this great collection of tutorials on all kinds of open source like Linux flavors etc: HowToForge.

Marcus was also enthousiastic about the Network Access Protection-features in the new Microsoft operating systems, and he was heavily promoting ipsec, also for use on the LAN, as Ipsec is so much easier to implement with the new operating systems.

My overall feeling after 2 days: wow, security is complex, but we definitely have to be more aware of it, and it needs attention. You don't want your systems to be compromised...

Update 12/7/07: someone pointed me to this great list of top security-tools. My source also said i should have a look at blackhat.com. And try ifconfig X mode promisc,
ifconfig X up, airodump-ng X when i was ready :-).