thecollage
Registered Senior Member
I am interested in learning more about network security and cyber investigations. Does anyone have a good place to start?
Network Security
- Thread starter thecollage
- Start date
- Status
river-wind
Valued Senior Member
I learned by hacking my own computer for a few years, then by reading books like the Happy Hacker (now woefully outdated), followed by more advanced books about computer security. Check out the rainbow series on UNIX design and security - more than likely you local library has copies.
There are also many college level classes on computer security these days - a new college opened up on the far side of town from me offering graduate degrees in computer security and intelligence work.
Don't be selfish, always be a white hat.
There are also many college level classes on computer security these days - a new college opened up on the far side of town from me offering graduate degrees in computer security and intelligence work.
Don't be selfish, always be a white hat.
thecollage
Registered Senior Member
let me rephrase that; what skills and knowledge do you need to become an IT professional? in addition to that; what skills and knowledge do you need to become a security professional?
If you want to become an IT Professional then it's not so much about 'Which books do I read?' but more 'What should I be learning in school?', 'What courses should I apply for at college?' and 'What courses should I pay for?'.
'IT Professionals' are rarely hired by firms if they haven't any academic background. Self tuition is great if you want to get by, however it doesn't give you the credentials or portfolio to provide a prospective employer a reason to give you a job.
Also 'IT Professionals' is a very Generic term since the IT industry itself is huge and no individual could ever know everything, which is why people usually specialise and/or become 'IT Practitioners'.
Simply put get High grades in English, Mathematics and Sciences.
Mathematics is important since computer courses now really do utilise applied mathematics, so if you haven't the brain or the stomach for mathematics such things as programming, cypher analysis, data salvage will be way out of scope.
As you might of heard said in the 'Industry':
So simply, get trained up, build a portfolio up and gain Experience in the field you are interested in, just make sure what you do accounts for something so that some corporate beancounter see's you as a black integer as apposed to a red minus one.
'IT Professionals' are rarely hired by firms if they haven't any academic background. Self tuition is great if you want to get by, however it doesn't give you the credentials or portfolio to provide a prospective employer a reason to give you a job.
Also 'IT Professionals' is a very Generic term since the IT industry itself is huge and no individual could ever know everything, which is why people usually specialise and/or become 'IT Practitioners'.
Simply put get High grades in English, Mathematics and Sciences.
Mathematics is important since computer courses now really do utilise applied mathematics, so if you haven't the brain or the stomach for mathematics such things as programming, cypher analysis, data salvage will be way out of scope.
As you might of heard said in the 'Industry':
So simply, get trained up, build a portfolio up and gain Experience in the field you are interested in, just make sure what you do accounts for something so that some corporate beancounter see's you as a black integer as apposed to a red minus one.
Get trained in The Hardware and Software solutions used in networking.
a very broad area indeed.
since there are so many encryption algorithms used for internet porposes i can only give you broad guidelines.
the very first thing you need to do is to thoroughly understand the intrernet protocol and how the net transmits the info from one computer to another. http://www.google.com/search?hl=en&q=understanding+internet+protocol&btnG=Search
next you need to learn the various ecryption algorithms used on the net.
http://www.google.com/search?hl=en&q=internet+encryption+algorithms&btnG=Search
finally you need to understand the various methods for encrypting the programs themselves.
http://csrc.nist.gov/CryptoToolkit/aes/
good luck buddy. let us know how it turns out for you.
oh. what makes a person a professional as a opposed to one that is competent?
talent. and that is something you are born with. you cannot "learn" talent.
talent is that which allows people with no HS diploma to compete with collage grads. people with talent "instinctively know" what they are doing.
thecollage
Registered Senior Member
do you recommend learning in that order leopold99?
thanks.
thanks.
thecollage
Registered Senior Member
What is a datagram and how does its construction play into network security?
If you are truly going to try and do this outside of a Scholarship then you are going to have to learn the main tools of the trade.
Search Engines
Bug trackers
Open Source projects (OS, server program's etc)
You'll need to get hold of an old PC and run a different flavour of Operating System (Unless of course you are willing to try and learn Microsoft's OS's, however for the majority they are to bloatware, I know someone's going to say NT4/Server 2003 but it's still bloated IMHO, however it's 'easier to configure')
If you pick a linux install, by all means you could try running one of the usual OS's that people mention here. However the majority of server related OS's are Freebsd, Slackware, Fedora core to name a few. In the most part if you are wanting to create a server environment for testing things you are going to need to forget about using a GUI, you'll need to setup a SSH daemon on the system and get yourself an SSH client like PuTTY. You could use straight forwards telnet, however unless you are running that secure, you aren't going to learn much about security.
The same can be said about FTP, that's another security problem that people usually have. For the most part most security exploits are just misconfiguration's that the server administrator has done and this is usually down to the nature of how difficult the server is to configure.
This is why you'd need to read an awful lot of information on various configurations for every server package you install on your box. Some packages will require pre-requisites, some will require to be reconfigured on install others still will require a complete rebuild of the boxes Kernel and that itself is a task many people (including myself) usually find a pain in the a$z3.
This of course is only part of the overall problem, since you want to learn about the 'Network Security' this means you have to learn how to configure your LAN adapter for the particular OS and not only configure it to connect to the network but also communication on many of the layers that exist over the TCP/IP protocol.
In essence go out and get some books, either buy them online or try to find a second hand bookstore (For the most part current OS/programming books are gold dust in such places.) you could try a library so you can try the books out to see if you find them a good reference source.
You'll want to learn about Unix/Linux, you could also learn about SQL and Database languages as well as a number of languages that are useful for batch processing. Perl, PHP, Python, C, SH, ASP, VBScript etc.
In all honesty, if you are stuck with finding out about a datagram perhaps you might think of something not so ..... well immense
Search Engines
Bug trackers
Open Source projects (OS, server program's etc)
You'll need to get hold of an old PC and run a different flavour of Operating System (Unless of course you are willing to try and learn Microsoft's OS's, however for the majority they are to bloatware, I know someone's going to say NT4/Server 2003 but it's still bloated IMHO, however it's 'easier to configure')
If you pick a linux install, by all means you could try running one of the usual OS's that people mention here. However the majority of server related OS's are Freebsd, Slackware, Fedora core to name a few. In the most part if you are wanting to create a server environment for testing things you are going to need to forget about using a GUI, you'll need to setup a SSH daemon on the system and get yourself an SSH client like PuTTY. You could use straight forwards telnet, however unless you are running that secure, you aren't going to learn much about security.
The same can be said about FTP, that's another security problem that people usually have. For the most part most security exploits are just misconfiguration's that the server administrator has done and this is usually down to the nature of how difficult the server is to configure.
This is why you'd need to read an awful lot of information on various configurations for every server package you install on your box. Some packages will require pre-requisites, some will require to be reconfigured on install others still will require a complete rebuild of the boxes Kernel and that itself is a task many people (including myself) usually find a pain in the a$z3.
This of course is only part of the overall problem, since you want to learn about the 'Network Security' this means you have to learn how to configure your LAN adapter for the particular OS and not only configure it to connect to the network but also communication on many of the layers that exist over the TCP/IP protocol.
In essence go out and get some books, either buy them online or try to find a second hand bookstore (For the most part current OS/programming books are gold dust in such places.) you could try a library so you can try the books out to see if you find them a good reference source.
You'll want to learn about Unix/Linux, you could also learn about SQL and Database languages as well as a number of languages that are useful for batch processing. Perl, PHP, Python, C, SH, ASP, VBScript etc.
In all honesty, if you are stuck with finding out about a datagram perhaps you might think of something not so ..... well immense
thecollage
Registered Senior Member
so do i need to learn code too then?
Let me put it like this, if you are interested in 'Network Security' it's not just about making sure you have the right IP address, subnet mask or MAC address.
You need to know your OS's, various server programs and their configurations, various scripting/programming languages, transit protocols (TCP/IP) and Datagrams as previously mentioned. As mentioned also you need to also know how to utilise various methods of research, asking questions helps however sometimes those questions have been asked before and various people have written answers you can find online.
It's not exactly something you're going to learn in a week, but something that will take many years of experience to build up to learn. If you want to be able to do it next week, good luck...
However a point I was trying to make about the academic method of learning this area is the fact that you learn industrial standards, you interface with other people on the same subject rather than attempting to go it alone and you get accredited for your work. (It is possible to get accredited without qualifications however you'd have to learn how to find bugs and report them, you aren't of course going to be able to do that unless you can 'Reverse Engineer' and that is no singular field of study.)
Yup. Get enough courses to get your foot in the door with a good company that pays for courses/certs. Certs are so expensive these days, it does NOT pay to go for them. I.T does not pay like it once did and will only get worse. I recommend young people do not purse a career unless they possess a real interest or a real aptitude or both.
thecollage
Registered Senior Member
oh i am smart. thanks guys for the information on this. how much does this pay on average?
I apologise that I had to remove the URL. While it can be suggested that it's important for people in the industry to learn the exploits for better protection it's also a problem because if the exploits are recorded and made to easy to reproduce the Script Kiddies attempt to dominate.
The last thing I want is to encourage "Lamerz" to start hacking, following an academic path is advisable because you don't just learn about what goes on inside a computer or how to program, you also learn to respect one another, which is something that just isn't learnt through video tutorials.
The last thing I want is to encourage "Lamerz" to start hacking, following an academic path is advisable because you don't just learn about what goes on inside a computer or how to program, you also learn to respect one another, which is something that just isn't learnt through video tutorials.
kmguru
Staff member
To practice as a security professional, you need to be licensed as a private detective in a state you are in (for U.S. Professionals) which can be done by passing a state exam.
As to skills and knowledge - you need to have a deeper understanding of hardware, software, network and programming. Computer forensics would be a good start. Then think like a crook so as to catch a crook...or protect from a crook.
- Status