IDS mailing list archives
RE: [in] what is required for an engineer to become an SECURITY engineer
From: skill2die4 () secguru com
Date: Tue, 28 Dec 2004 15:29:00 -0600 (CST)
Curt Purdy Wrote:
IMHO, I don't believe you can actually teach infosec. The field is so broad
I totally agree on what Curt said about teaching infosec. Some time back on Techtarget.com there was an article regarding top10 things that a n/w_system engineer should know. http://searchnetworking.techtarget.com/tip/0,289483,sid7_gci996066,00.html?track=NL-86&ad=488198 I wrote some more details in http://forum.secguru.com .. maybe this will give you a start ;-)__ hth --som-- 1. The OSI model - Can't enter n/w domain without having a thorough knowledge of the seven layers and clear understanding of roles and responsibilities of each layer. Since this is taught in every data-communication class, I hope this shouldn't be an issue. IMHO, one of the best books written on this topic is: "Computer Networks" by A.S.Tanenbaum. 2. TCP/IP concepts: It amazes me that some n/w admin even after year of experience have trouble doing accurate subnetting and shocking when they give that puzzled look when you debate on UDP/TCP/ICMP/IP packets. In general, one should know the differences between the basic protocols and their uses, benefits etc. For this, I believe there is nothing that can remove the combination of - RFC's, Ethereal and patience In books, "TCP/IP Illustrated" from Stevens comes handy. Also the SANS tcpdump ref. sheet is awesome. 3. Stacks: Since we know that all OS'es differ from the RFC specifications, hence it's always good to know the n/w related registry settings (windows) or the files (linux). This automatically comes with experience, RTF' how-to's and googling. As the author mentions this is indeed very necessary if you handle troubleshooting. 4. Layer 2: If you have to google for what is layer 2, than probably you should go to #1. It is not strange to bump into people who don't know difference between a switch and router. One should also know the various types of switching method, terms like collision domains, broadcast domains etc.. From security perspective also, this is important especially when you are testing a switched network. Tanenbaum's book mentioned in #1 has very nice explanation about layer 2. 5. Routing: Basic Cisco commands and basics of routing should be known by default. One can download Cisco emulators to practice, and for reading - nothing beats the RFC and Cisco Documents. Path Determination, Switching, Routing Algorithms, Routing Loops are some of the keywords that are used in everyday work. 6. Services: Web-server, DNS, DHCP, SMTP, SNMP, NFS.. yada yada yada .. The more you know the better .. One again for profound understanding nothing beats the "RFC + Ethereal + google". 7. Good networking reference material: One can find various lecture slides on the topic of interest (and in your language) just by googl'ing with "site:edu". RFC, How-to, IBM Redbooks are some popular sources of information that no one should miss. 8. Security: if you are member of this then you already know its importance. 9. Output handling: Syslog messages, ms-events, router-logs, firewall-logs, IDS etc.its always beneficial learning how to dissect and analyze this piece of information. 10. It's very important to get under the hood and learn how things actually work. --eom-- -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- what is required for an engineer to become an SECURITY engineer Ravi Kumar (Dec 23)
- RE: what is required for an engineer to become an SECURITY engineer Randy Golly (Dec 27)
- RE: [in] what is required for an engineer to become an SECURITY engineer Curt Purdy (Dec 27)
- RE: [in] what is required for an engineer to become an SECURITY engineer skill2die4 (Dec 30)
- Re: what is required for an engineer to become an SECURITY engineer Jose Maria Lopez (Dec 30)
- <Possible follow-ups>
- Re: what is required for an engineer to become an SECURITY engineer Richard Bejtlich (Dec 27)