IDS mailing list archives
RE: what is required for an engineer to become an SECURITY engineer
From: "Randy Golly" <randy.golly () comcast net>
Date: Fri, 24 Dec 2004 11:02:49 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I would do some research on the SANS reading room, specifically the Security Basics section at http://www.sans.org/rr/whitepapers/basics/ There are several papers written there on setting up an infosec program within an existing environment that have tech savvy (engineer) types. Also check out the security modeling and policies sections. Get familiar with the CIA, Confidentiality, Integrity, and Authentication, model so that it is applied in every aspect of you daily practices. Look at everything on your network from a security point of view. Engineers mostly are trying to connect devices and not so much worried about what "else" is open. Security folks are checking that open connection and seeing what else is open, and how it can be exploited. Reverse the thought process, close everything and only open the bare minimum to make the connectivity do its thing. Then when it is talking, make sure that nothing else can get through your hole. Hiring an engineer into the security field is good as they have the protocol/IP experience. A lot of the work we are doing now includes firewall reviews, network architecture design & reviews. They need to know not just how to setup firewalls and connect network devices, but what are the vulnerabilities of each firewall rule, connection, protocol, port and such. It isn't just about connectivity, but what could possibly be wrong with the configuration from a security point of view. IP stack experience is good to have. Run Ethereal off your desktop and be able to look at the output with knowledge. I've gotten several 100mb log files that we needed to sift through to find an attackers footprints, where, when, what did they access type of stuff. The training for security is ongoing, just like everything else in IT. It evolves daily, you will always find something that you did not know, someone will always know more than you. Good luck to you and your group! Randy Golly Sr. Security Consultant VeriSign Global Security Consulting Group Grapevine, Texas - -----Original Message----- From: Ravi Kumar [mailto:ravivsn () rocsys com] Sent: Thursday, December 23, 2004 12:43 AM To: focus-ids Subject: what is required for an engineer to become an SECURITY engineer Hi, I was asked to prepare syllabus for security management,incident handling,forensics analysis, intrusion detection etc., Th intention is train an engineer to become a SECURITY engineer. -snip- -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBQcxLuB3mdvPQn8MfEQJo1wCdG6FQUJnbLKTuam9/j2AEEYiQ73cAmwXU 1xoato5T/Y7POqYulR/xMl/q =PSZi -----END PGP SIGNATURE----- -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- what is required for an engineer to become an SECURITY engineer Ravi Kumar (Dec 23)
- RE: what is required for an engineer to become an SECURITY engineer Randy Golly (Dec 27)
- RE: [in] what is required for an engineer to become an SECURITY engineer Curt Purdy (Dec 27)
- RE: [in] what is required for an engineer to become an SECURITY engineer skill2die4 (Dec 30)
- Re: what is required for an engineer to become an SECURITY engineer Jose Maria Lopez (Dec 30)
- <Possible follow-ups>
- Re: what is required for an engineer to become an SECURITY engineer Richard Bejtlich (Dec 27)