RE: [in] what is required for an engineer to become an SECURITY engineer

[skill2die4 () secguru com]

Curt Purdy Wrote:
> IMHO, I don't believe you can actually teach infosec.  The field is so
> broad


I totally agree on what Curt said about teaching infosec. Some time back
on Techtarget.com there was an article regarding top10 things that a
n/w_system engineer should know.

http://searchnetworking.techtarget.com/tip/0,289483,sid7_gci996066,00.html?track=NL-86&ad=488198

I wrote some more details in http://forum.secguru.com .. maybe this will
give you a start ;-)__ hth

--som--

1. The OSI model - Can't enter n/w domain without having a thorough
knowledge of the seven layers and clear understanding of roles and
responsibilities of each layer. Since this is taught in every
data-communication class, I hope this shouldn't be an issue. IMHO, one of
the best books written on this topic is: "Computer Networks" by
A.S.Tanenbaum.

2. TCP/IP concepts: It amazes me that some n/w admin even after year of
experience have trouble doing accurate subnetting and shocking when they
give that puzzled look when you debate on UDP/TCP/ICMP/IP packets. In
general, one should know the differences between the basic protocols and
their uses, benefits etc. For this, I believe there is nothing that can
remove the combination of - RFC's, Ethereal and patience  In books,
"TCP/IP Illustrated" from Stevens comes handy. Also the SANS tcpdump ref.
sheet is awesome.

3. Stacks: Since we know that all OS'es differ from the RFC
specifications, hence it's always good to know the n/w related registry
settings (windows) or the files (linux). This automatically comes with
experience, RTF' how-to's and googling. As the author mentions this is
indeed very necessary if you handle troubleshooting.

4. Layer 2: If you have to google for what is layer 2, than probably you
should go to #1. It is not strange to bump into people who don't know
difference between a switch and router. One should also know the various
types of switching method, terms like collision domains, broadcast domains
etc.. From security perspective also, this is important especially when
you are testing a switched network. Tanenbaum's book mentioned in #1 has
very nice explanation about layer 2.


5. Routing: Basic Cisco commands and basics of routing should be known by
default. One can download Cisco emulators to practice, and for reading -
nothing beats the RFC and Cisco Documents. Path Determination, Switching,
Routing Algorithms, Routing Loops are some of the keywords that are
used in everyday work.

6. Services: Web-server, DNS, DHCP, SMTP, SNMP, NFS.. yada yada yada ..
The more you know the better  .. One again for profound understanding
nothing beats the "RFC + Ethereal + google".

7. Good networking reference material: One can find various lecture slides
on the topic of interest (and in your language) just by googl'ing with
"site:edu". RFC, How-to, IBM Redbooks are some popular sources of
information that no one should miss.

8. Security: if you are member of this then you already know its importance.

9. Output handling: Syslog messages, ms-events, router-logs,
firewall-logs, IDS etc.its always beneficial learning how to dissect and
analyze this piece of information.

10. It's very important to get under the hood and learn how things
actually work.

--eom--

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------