Penetration Testing mailing list archives
RE: TCP/IP skills
From: "Dave Dyer" <ddyer () ciber com>
Date: Thu, 8 Jul 2004 13:31:09 -0600
I agree for the most part, Don. However, I think that differing levels of knowledge of the network layer are needed for specific job-duties. I see security specialists as normally falling into one of the following categories: 1. Network Security - Absolutely should understand TCP/IP in and out and not rely solely on tools. 2. Non-Tech Security - Should focus more on ISO/HIPPA/GLB/ etc and non-technical controls than on anything having to do with TCP/IP 3. Application Security - Need to understand how code interacts with the network and memory, so should at least understand TCP/IP from a packet level. 4. The Well-Rounded Security Professional - Has a little knowledge of all areas and can perform assessments, but isn't necessarily specialized in one area. This is more often than not the consultant, in my opinion, that is forced to rely on tool feedback rather than base understanding of any core component of the assessment (TCP/IP for example). I agree that it's an alarming trend. I believe the major cause for this trend has to do with major growth in the amount of knowledge any security professional "should" maintain. With the growth of wireless, IPv6, Linux changes/versions/releases, vulnerability tracking, web applications, etc, it's a full time job just to keep up on one specific area. If you happen to be one of the bastions of the security world who's been around (and understood TCP/IP through and through) for years, then that's great. However, I have NOT seen many suggestions for either highly specialized security folks, or for people who are new to the industry, on just how to go about learning the basics (or, for that matter, what basics should be important). I'm not going to list everything but as I see it, in order to be a good security consultant, you need at least some of the following skills: 1. Network skills a. TCP/IP b. OSI Model (including UDP/ICMP/ARP/RARP, etc) c. Router/Switch/Hub hardware experience d. DNS understanding e. Secure Architecture understanding (This should be logical) f. Wireless g. VPN 2. Communication Skills a. Interview/Due Diligence skills b. Technical and Non-technical documentation skills c. The ability to communicate verbally from CEO to Coder d. Presentation skills (sometimes for large audiences, including visual aids) 3. Application Skills a. Firewall b. IDS c. Honeypot d. OS (*nix, win, cisco) e. Web Apps (too many to list) f. Client/Server apps Anyway, the list can go on and on (encryption, standards, vulnerabilities...), and is probably much better organized through the CISSP CBK than I have put it here, but that's just a demonstration a portion of the stuff that we have to be knowledgeable about on a daily basis as security consultants. Now... my challenge to you would be to come up with a list of PRIORITIZED items to be (or become) intimately familiar with in order to evolve into an exceptional security professional. -----Original Message----- From: Don Parker [mailto:dparker () rigelksecurity com] Sent: Tuesday, July 06, 2004 7:21 PM To: pen-test () securityfocus com; vuln-dev () securityfocus com Subject: TCP/IP skills Hello all, I just wanted to comment on what I see as a rather alarming trend in the security industry today. More and more many are becoming reliant upon tools to do their job whilst they ignore core components of their skillset. Specifically in this case an in-depth knowledge of TCP/IP. Knowing TCP/IP at a granular level in my opinion is very much a core skill that must be attained by anyone who wishes to have a successful career in the network security industry today. One cannot become adept by simply using tools, and never knowing how to interpret the output by verifying the packets themselves. It constantly amazes me when I teach a TCP/IP Analysis course that people who are presently in the industy do not know of such basic TCP/IP concepts as the 3 way handshake and how ICMP works. That or being able to wholly dissect a packet and explain the relationships between various metrics. I would be curious to hear of your opinions on this? Cheers, Don ------------------------------------------- Don Parker, GCIA Intrusion Detection Specialist Rigel Kent Security & Advisory Services Inc www.rigelksecurity.com ph :613.233.HACK fax:613.233.1788 toll: 1-877-777-H8CK --------------------------------------------
Current thread:
- TCP/IP skills Don Parker (Jul 07)
- Re: TCP/IP skills Nigel Stepp (Jul 08)
- Re: TCP/IP skills Nelson Santos (Jul 08)
- RE: TCP/IP skills Naveed (Jul 08)
- Re: TCP/IP skills Mark W. Webb (Jul 08)
- Re: TCP/IP skills Vlad (Jul 08)
- Re: TCP/IP skills Jordan Cole (stilist) (Jul 08)
- RE: TCP/IP skills Rocky Heckman (Jul 13)
- Re: TCP/IP skills Chris Byrd (Jul 13)
- Re: TCP/IP skills vulnerable (Jul 13)
- RE: TCP/IP skills Dave Dyer (Jul 13)
- <Possible follow-ups>
- FW: TCP/IP skills drbitbucket (Jul 08)
- Re: TCP/IP skills captgoodnight (Jul 08)
- Re: TCP/IP skills R. DuFresne (Jul 13)
- Re: TCP/IP skills Allan (Jul 08)
- re: TCP/IP skills Scott Schappert 6270, QA (Jul 08)
- Re: TCP/IP skills M. D. (Jul 09)
- RE: TCP/IP skills Vaccare, Anthony (Jul 13)
- RE: TCP/IP skills Strand, John (Jul 13)
- RE: TCP/IP skills Eric McCarty (Jul 13)
- Re: TCP/IP skills drbitbucket (Jul 13)
(Thread continues...)