adric.net

PokeScience
Login

How to Learn About $SYSTEM Security

General techniques for developing better understanding about security functions and asserting confidence in them

Get one

Get a copy and install it. A few times. Better not to use a real one, a production one, or the one your homework is on.

Take notes each time you install. Develop patterns that make sense to you and still take notes about your install choices for things like accounts, network settings, disk and database layouts, project schemes, etc.

Cage it

Build a lab around it (or put it in one). Think about snapshots and resets as you design the test environment. Also consider safety.

Read

Poke

Try some things. Note anything odd or interesting.

Record

Record data and any findings for experiments and publishing, and also so you don't forget.

Experiment

Do science on it! Don't trust, test. If you can't test it, how much should you trust it?

Publish

Share what you've found (when you can)

Written with StackEdit.