Re: just starting as Traffic Analyst

[John Kellerman <kmj1268 () comcast net>]

G.F.Samuel....

I would agree with Steve.
Start with the books he recommends and get acclimated to your job first.
It's always good to be very motivated, but the best place to focus is to become very good at what you are doing to do 
on a day to day basis.
Studying for the CISSP can be very intense and be somewhat a distraction at first.  I personally remembering studying 
for it intensely for about 3 months.

The title, Traffic Analyst, sounds a little broad, so I am not sure exactly what your specific roles and 
responsibilities are but with that aside...
I would recommend the following...

Set up a security lab and get familiar with VMWare or if you want a free alternative, Virtual Box.
Know the Linux/Unix OS as well as Windows of course... although it's an inferior operating system... LOL. Get very 
familiar with Wireshark.
Understand how to use tcpdump to do packet inspection.  Also being knowledgeable with nmap will be very helpful when 
troubleshooting problems.
Know routing inside and out and how do differentiate layer 2 (ARP) problems for layer3 problems.
Understand TCP/IP inside and out and know the difference in TCP and UDP.
Specifically know TCP and how the TCP protocol works with different applications and protocols.
Know how to troubleshoot client-server connections.  Know the following inside and out.  DNS, ICMP, ARP, LDAP, IPSEC, 
SSH, FTP, SMTP, SNMP, RADIUS, SSL, etc
Know how to initiate a TCP connection on a specific port with telnet.... or better yet how to use a tool like hping
Know how to identify a 3 way handshake and use the virtual environment to setup different applications and know exactly 
how they behave in Wireshark or whatever sniffer tool you are using.


Congratulations on your new job and always strive to learn more than you know.
Once, you are comfortable at your current job, then pursue the CISSP cert as long as you have enough experience in the 
domains to sit for it.
I have had mine for about 8 years and I know when I set for it, you had to have 3 years of experience in 3 or more 
domains.... or something like that.  Dont quote me on it.

just my 0.02


Anyways...
Best of luck to you....
Hope this is helpful

J. Mark Kellerman, CISSP, CCSA, CCSE
Snr Security Engineer



> ________________________________________
> From: listbounce () securityfocus com [listbounce () securityfocus com] On Behalf Of Stephen Mullins 
> [steve.mullins.work () gmail com]
> Sent: Friday, March 26, 2010 12:55 PM
> To: s garcia
> Cc: security-basics () securityfocus com
> Subject: Re: just starting as Traffic Analyst
>
> I recommend you ditch the CISSP book until after you learn to do your
> current job, unless it is a requirement to keep said job.
>
> I suggest the following books to learn the basics of network security
> monitoring:
>
> The Tao of Network Security Monitoring: Beyond Intrusion Detection
> ~ Richard Bejtlich
>
> This should be required reading and I strongly recommend you pick it up.
>
> Internet Core Protocols: The Definitive Guide: Help for Network Administrators
> ~ Eric Hall
>
> This is a good reference manual even if you are already well versed in
> the protocols covered.
>
> Is your position more focused on monitoring for security or ensuring up time?
>
> Finally, with no offense intended, is English your second language?
>
> Steve Mullins
>
> On Wed, Mar 24, 2010 at 2:58 PM, s garcia <g.f.samuel () gmail com> wrote:
> > Hello guys!
> >
> > I have good news to share with all you guys, I'm going to start a new
> > phase where I am currently working. I'm going to start to work as
> > Traffic Analyst and another duty is doing an proactive monitoring for
> > status about too many services, including web services. Do you want to
> > share with me any tips? in the past (ago a year) I worked with Sniffer
> > Pro and is awesome to see how a network is under fire... wow! so,
> > after few months working with Legato Networker (pfff!) doing backup
> > job, meanwhile reading the book AllInOne CISSP exam guide, written by
> > Shon Harris for preparing the way for CISSP certification, finally
> > after been in the wrong place I will be in the right place doing the
> > right job... wiiiiiiiiiiiii!!!!!!
> >
> > thank you all!!!
> >
> > ------------------------------------------------------------------------
> > Securing Apache Web Server with thawte Digital Certificate
> > In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
> > how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
> > purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
> > set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
> > certificates.
> >
> > http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> > ------------------------------------------------------------------------
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
> how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
> purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
> set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
> certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------