Monday, April 30, 2007

Open Source Training

I'd like to mention a few notes on training for open source software that appeared on my radar recently. The first is Wireshark University, the result of collaboration among Laura Chappell and her Protocol Analysis Institute, Gerald Combs (Wireshark author), and CACE Technologies, maintainers/developers of WinPcap and AirPcap. WiresharkU is offering a certification and four DVD-based courses, along with live training delivered through another vendor.

WiresharkU's content looks pretty simple, but I guess beginners need to start somewhere. If you want to understand more advanced security-related network traffic, I recommend one of my TCP/IP Weapons School classes, offered at Techno Security in Myrtle Beach, SC in June; USENIX 2007 in Santa Clara, CA in June; and Black Hat Training in Las Vegas, NV in July.

On a related Wireshark note, a client recently asked why Lua was required on a sensor he built. He had heard about Lua and Snort 3.0 but was running Snort 2.6.x. I just realized Wireshark uses Lua. Here is one example. If you're attending BSDCan, consider taking the BSD Certification Exam Beta. It's free but won't convey certification if passed. Registration opened last week. I will again miss BSDCan due to conflicting engagements, namely AusCERT 2007. In addition to speaking at AusCERT, I'm teaching Network Security Monitoring and talking to the Sydney Snort Users Group on 25 May 2007.

5 comments:

Chris Buechler said...

It's too bad you'll miss BSDCan again, it's always a great conference. It was good meeting you there in 2005.

I signed up for the BSDA exam, should be interesting. I'm glad to see the group making excellent progress.

I think it should count towards a valid certification if passed, though. Microsoft, Cisco, and most if not all of the other big name certification providers give certification for passed beta exams. Not that they have flawless certification programs worthy of mimicking, but it seems to be an industry standard. Though they also charge (a reduced rate) for said beta exams and only accept applicants with prior approval generally.

evden eve nakliye said...

thank you very nice topic very good thanks :)

cmlh said...

@Richard,

I received confirmation that the announcement was posted on http://www.snort.org/news/ for the AU Snort User Group

Anonymous said...

Hi Richard,

I think Lua will be the must-learn scripting language for security geeks in 2007

because snort, wireshark and nmap use it.

FYI, Nmap Scripting Engine use lua

http://insecure.org/nmap/nse/nse-language.html

BemoX

Saturn said...

I wish if i can share my list of open source portals here.
Jay