I sounds like you're already heading in the right direction for eventually
moving into this field. Unfortunately I don't know of any companies that
would be willing to let a high school student poke around on their network
in order to learn stuff, but if you have skills to offer them and are
willing to work for free (or very very cheaply) you might find a company
willing to take a chance on you in order to avoid having to pay a
full-time admin/security person.
My first advice as far as learning security goes is to put a server out on
the net from your home. This is a great sink-or-swim way of learning, and
it has pretty minimal risk since you're not going to kill your company's
profits if your home server gets hacked. setup a server with a real
ip address, load up linux, do your best to secure it, and then install
some services, like a webserver and sendmail. Register a domain name and
setup your box as a DNS server, things like that.. its not all that hard
to secure a box on the net that doesn't do anything besides sit there, but
it becomes increasingly difficult to have a secure box that actually
serves a purpose.
Good luck!
-Ryan
On Fri, 4 Jan 2002, Douglas Pichardo wrote:
> Revered security professionals:
> Hi, my name is Douglas Pichardo and I am 16 years old. I live in Virginia
> Beach, Virginia (USA), and I am in the 10th grade. I have been a member of
> this discussion list for several months, trying to learn all I can about the
> world of security, which I have a strong interest in. This last summer, when
> my interest popped up, I spent several hours almost every day reading
> webpages about every security topic that I could read about and understand,
> but at that time I was using Windows 98 and was unable to really get into and
> play around with any of the information I learned, and decided to get an OS
> that would allow me to - either Linux or Windows 2000, and Windows 2000 is
> too expensive. For Christmas, I got SuSE Linux 7.3 Professional, <u>Hacking
> Linux Exposed</u>, and <u>Linux System Administration</u>, as these all had
> good reviews in various places and I did not like Mandrake 8.1 which I had
> burned on CD and previously installed.
> Well, to the point: I would like to try out security things like firewalls
> and such and be exposed to the internet (I'm behind a Linksys Cable/DSL
> router with NAT), but I don't feel anywhere near knowledgeable enough. What
> I'm looking for is a internship of sorts, and I was wondering if either: (a)
> by some chance some of you know companies in Virginia Beach, VA, that would
> take me "under their wing", or (b) any of you know of any websites or
> companies that might have information about local internship programs in the
> security/administration field. I am looking for a learning opportunity - a
> free one - where I could gain experience (the SANS and other conferences are
> too much money and travel for me at age 16). I would greatly appreciate any
> help that you would give me as an aspiring security professional. Thank you
> in advance, and also thank you for reading all of this - I can get wordy :-) .
>
> Sincerely,
> Douglas Pichardo
>
> P.S. I'm not some teenage wanna-be hacker; I truly only want to get into the
> security field, not the "counter"-security field. And just in case the fact
> that I'm writing this at 10:30 AM might contribute to the stereotype, I have
> no school today; we have about 3 inches of snow and the whole area has shut
> down as if it were 3 feet.
>
> P.P.S. Are there any other books on Linux administration or local/network
> security that you recommend?
>
