OK, to start off with, I live in the USA, in New England. But anyway, I am going into my junior year of high school here and I need to start looking at a college. I already know that I want to major in a field Unix Security, though I will probably minor in programming for a fall back career and for fun and stuff.

For going into Unix Security field, I want to learn both protecting and tapping (my def: to tap-to hack in a post 1985 fasion, to crack into a computer system). I want to learn how to tap computers because of the fact that it is really good for security advancements, such as contests like PWN2OWN and others like such. And I know for a fact that a lot of businesses and banks are now highering well known hackers, both full time and freelance, to hack there system and help secure it better.

So with that in mind, I was wondering if any US people, in college or in the work field of Unix Security could help me out with finding the right courses to take. I have been looking around, but I don't find much on Unix security, but I don't know what courses to look for.

Any ideas would be helpful, and if you know of any good colleges closer, rather than farther, from New England that have these classes, please post on this thread, most apprechiated.

Kyle
#Texasone

Personally, I've never seen a university offer a UNIX security major. I'm not saying there aren't any, but it's just that UNIX security is typically just part of the core curriculum of an Information Security degree. University degrees tend to not be vendor-specific. You take courses which deal with different types of platforms (including Windows). You also take tons of math courses (algebra, statistics, trigonometry, calculus, etc), as they are prerequisites for the cryptography courses. By going to the website of any university with an InfoSec degree you should be able to see exactly which credits you would need to earn or transfer. If you really want to limit yourself to UNIX, you would probably have better luck looking at tech schools and the like. Make sure you pick one that is regionally accredited, though, so you don't run into problems if you ever want to transfer to a university. Another credential you might want to look for in the institution you choose is CAEIAE designation by the NSA.

NOTE: I'll be moving this to General soon, as it's not a GNU/Linux question.

I would suggest a computer science degree, and from there you focus on Unix Security/ Information Assurance/ Information Security, but a "Computer Science" major is definitely what you are looking for!

Here is the requirements and classes for a Computer Science Degree at my school.

http://www.cs.uidaho.edu/Fall2008BSC...uirements.html

Be sure that the college/university you are looking at is accredited, some of them are not, and most companies don't hire unless you went to an accredited university.

While there might not be a degree in Unix security, there is nothing to stop you from buying books on *nix from Amazon, installing *nix on VMWare to practice what you learn, and asking questions on forums like LQ. I'm sure many of the people on forums, mailing lists, and news groups are as smart if not smarter than your teacher would be.

OlRoy has a point, BUT the only problem is that most of the jobs you will find will not hire without some type of degree, BECAUSE of the basis education you get from college. Don't get me wrong, experience is good and required, but the chance of getting hired over someone who has an education is very slim.

Yeah I should of been more clear... I'm not saying don't get a degree, you definitely want that. I'm just saying you can supplement your college education with your own education. That way you can learn more about *nix security and the things that YOU feel are important rather than only what your school feels is important.

Well, I disagree that it's definitely what someone with this kind of interest is looking for. I am an Information Security major myself (currently in my junior year) and I can tell you that I've never even considered a Computer Science degree. But yeah, of course CS would be a natural degree choice for many InfoSec-oriented people. I'm not sure if that's the case here, though. We'll see when he posts back.

Thanx for all posts. and thanx for moving/going-to-be-moving this post, i couldn't tell were to put it on the site map.

I was thinking along the lines of compsci, but I wasn't sure. because during our sophomore year at my high school, we have to meet with our guidence counselers to discuss career options and college and when i said Unix and Unix-like security to her, she asked me if Unix was an up and coming computer OS (just like Windows in 1983) so i just figured there wasn't a course for it.

as for using vmware for a unix, thats done. I have been using linux for about 4-5 months now and I'm getting, basically, down and dirty with the OS/Kernel when i get the chances to. I have downloaded solaris 10 and opensolaris to try, thou still no luck (i always have problems with the GUI on solaris, but thats for a differnt thread). I am redoing my computer and adding unicies and linux OS's to it (plan is for: Debian Lenny, Ubuntu hardy, ubuntu ibex, solaris 10/opensolaris, slackware, gentoo, and maybe a bsd if i get a second hard drive) so i would be getting an all around knowledge of linux and unix.

as for the books, i have programming books (c and python), shell scripting(one book for tcsh, ksh, zsh, and bash), and linux kernel. I do go to online books for some stuff and probably when i get enough cash, I will get some security books on unix to read. And I will be looking through posts soon to find how to make a really secure system( besides taking it offline) and i might be getting another pc (t40) inwhich i would make into a security pc to learn the inner workings of unix security.

Does any one know of any college courses to do with white-hat cracking, for like i said in my first post?
I was thinking of the government thing, but that might take some thinking as i know some full paid scholar ships by the gov. mean you have to work for them for like 10 years afterwards. but i am considering it.

and if any of you are going to or went to a good compsci college in new england, please let me know, i might be able to put some money together and take a few day vacation with my parents to look at the college before school starts this year
Thanx

Kyle
#Texasone

Information security is a four year degree program? That surprises me rather greatly.

The reason it surprises me is that, while the concept and goals of security are not vendor specific, the details are vendor specific. I would expect to be able to teach all the concepts, goals, and approaches in just a couple of well-organized classes on security.

And, in this environment, the vendors and the vendors' products change so rapidly it is impossible to keep up with all of it.

So, it just strikes me that there isn't enough there to provide a 4 year degree program in it.

And, to Texasone, I think that choosing Linux security as a career is not a good choice. The focus is too narrow and mastering it doesn't demonstrate any real degree of education. Instead, you will have mastered a trade - and one that could (and probably will) wind up being obsolete due to changes in technology well before your career would be over.

Rather, you should use the university for what a university is best at, and that is providing a broad education. You then can choose which aspects of that education to focus on in order to make a living, and as time passes you can refocus to deal with changing needs and conditions.

If you want to do security work with computers, you definitely need to study operating system concepts and networking concepts, and you need to study programming - particularly things like C and assembler. You also would benefit from some psychology because many of the security holes that are exploited are exploits against humans, taking advantage of their foibles (writing passwords into plain text files in the root of C:\) and fears (phishing). Any security mechanism that will be effective HAS TO take the human factor into account.

No, at least not at my school. I'm studying Business Administration and my major is Information Security. So no, it's not four years of InfoSec. Heh, I actually haven't even started any of the InfoSec-specific stuff yet (I'm still working on the prerequisites for the InfoSec courses). Sorry for the confusion.

Texasone. I'm going to make an observation here, and it leans a bit towards psychology and characterizing human traits in general.

I will generalize and state that someone who is compelled to ask how to hack, tap, whatever you want to call it, doesn't have the disposition or traits required to be successful in such a pursuit.

It is my experience that those people interested in figuring out how things work, disassembling things, and learning everything they can about the gory guts just for the sake of figuring it out, generally do so entirely on their own initiative, outside the rules, boundaries and limits. They are self-starters, and constantly endeavor to discover the inner secrets. Their reward comes from having accomplished it, solo. They are not financially focused.

I'm not trying to say that you can't be successful. Rather, hoping you will ask yourself if you feel you can compete with, and feel competent amongst, those who literally eat, live and breath these pursuits, and have an utter, unstoppable, unquenchable passion, night and day.

I actually read his second post to say that he is just getting started in it, and he is stocking up with information at the best speed he can manage. So, perhaps he does have the passion - or the beginnings of it - and is at the very beginning of the learning curve.

I mean, face it. Computer internals is a formidable subject just because of the huge amount of detail and concepts that have to be mastered before you can do anything. And you have to start somewhere.

If you're just interested in System Security, just take a training course in System Security from Chubb. It's relatively cheap and to the point:

http://www.chubbinstitute.edu/progra...security/info/