I don't want to do anything illegal

I'm in my first semester of computer science. My school offers pretty much no classes on network/computer security. But I'm really interested in going into the security industry of computer science. How could I start learning about it on my own?

And can you suggest a few security topics to start with? I don't even really know enough about it to know where to start

I once used Backtrack to crack me own WEP wifi router, but that was years ago and I don't remember much at all

You could start by reading/implementing soem of this http://www.linuxtopia.org/online_boo...ity_index.html
See here for the Intl Security org https://www.isc2.org/ - especially see Education/training section.

You can setup a base Linux system, then add a few VMs and alternately protect/hack into those.
On your own machine that's perfectly fine - just make sure none of your attack tools leak out eg temp disconnect from the internet whilst doing this.
See also the Kali distro, which is specifically designed for this.

Thanks for the suggestions!


I always assumed that this was minimally helpful because, since you set up the machines yourself, it's pretty hard not to use what you know about how you set it up to give you an unfair advantage

It's like playing both sides of a chess game ... harder than it looks

OK. Thanks! I'm setting it up right now.

I happen to have a Pi setting around here maybe I'll use that instead of VMs

If you have the RAM and disk space in a computer, you can install multiple VMs in VirtualBox and set the networking to "Host Only." In "Host Only" mode, they can only see other VMs on the same host that are set to "Host Only" and cannot escape into the Big Wide World. Then you can hack away between the VMs to your heart's content without endangering anyone else or attracting the kind of attention you don't want to attract.

If you go this route, it might be wise to take frequent snapshots of the target VMs in case you hack one to pieces.

Many people immediately think of pen testing when they hear 'security'. But there is also monitoring, hardening, access controls, firewall development, encryption methods, best practices, understanding the system logs, postmortem forensic acquisition and analysis, data recovery, backing up, neat little tricks, honey pots, proper password practices, secure deletion, physical security, hardware security devices, phishing, scams, social engineering, digital espionage, incident response, malware, privacy, counter-intelligence, risk assessment, incident response, crisis recovery, business continuity, legal principles, and more.