what to get into the network/security field

I want to get into the networking/security field and just wondered if someone can give me some really good advice in how to do this?  Also what books are good and are there any good free weekly maqazines on network security.  Thanks
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.


I would recommend taking some type of networking class first. You will need to understand networking before you jump into the security field. Comptia certifications are a good place to start if you self-study, the Network+ test is a good start. Along the same lines as the Network+ test is the Cisco CCNA exam which is more widely accepted in the field than the Network+ exam, however both are a good start. I cannot stress hands on experience enough, you can buy alot of used networking equipment on E-bay to learn from.

http://www.securitymagazine.com/ - this is a great free magazine

Also, here are some books that may help you out on the networking side:

Network+ Study Guide
by David Groth

Network+ Certification, All-in-One Exam Guide
by Michael Meyers


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Hi :-)

First, I have to say that "network security" is often too general as a term. I know some security experts who know how to secure Windows systems and some who know web servers.

I would say that in order to "get into" network security, you would need the following "components":

1. Good technical background on the applications you secure.
That includes the workstations, servers and network applications (such as mail servers and web).
A short google yielded this
"iis securing microsoft" --> http://www.microsoft.com/technet/security/prodtech/iis/default.mspx&e=7370
"windows-xp security" --> http://labmice.techtarget.com/articles/winxpsecuritychecklist.htm
"windows-2003-server security" --> http://www.microsoft.com/technet/security/prodtech/win2003/default.mspx

2. A place where you can read security bulletins, such as "www.cert.org". There are security sites that focus on os/application-specific security. e.g. you can learn on Linux security on http://lwn.net

3. A GOOD network security scanning tool.
Get nessus from www.nessus.org, scan your local network and see what the security experts are talking about. Don't forget to update it's plugins and restart it before you scan.
This scanning tool will later be one of your primary working-tools as this is the only way to check yourself and see if your server/network may still be subjected to attacks.

Hope it's useful!
Apart from excellent advice from the 2 experts above, there are sites (imho only) where i find it useful in keeping updated.

As for security training, there are plenty. Those that are basic to intermediate...
CompTIA Network+ , networking fundamentals level (beginners)
CompTIA Security+ , security fundamentals level (beginners)
Cisco CCNA , networking intermediate level
From there, you may wish to embark on other training available, courses from Foundstone, EC-Council ...etc.
Good luck on your endeavours...;-)

Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

I think SheharyaarSaahil would probably be the best one to answer this.  With over 200,000 points in security here at EE, he should have a pretty good idea of the route to go.

In other words - look for experts in IT Security (preferrably locally) and sound them out.  OJT is prime learning and practical experience, and gives you a definite PLUS when it comes to writing a resume.  I think Insurance companies and Banks tend to have the best specialists (at least the ones I've met), and are generally willing to teach others or at least give advice.

If you want to TEACH YOURSELF you'll need to be able to set up a TEST area to practice or try out what you've learned.  If you have problems or questions regarding specific problems you can always post them here - maybe we can help there too.

Start small and work your way up:  Take a PC with either NT - W2K - XP and try to make it as secure as possible.  The different tools mentioned above will help determine if you're going in the right direction.  Next, set up a network of at least three PCs and try to make the NET secure.  Document for yourself everything you did and learned.

As for FREE books, magazines etc - use the Internet!  You'll find a flood of information absolutely free, be able to keep up with the changes in technology, and learn from others!
bbaoIT ConsultantCommented:
> As for FREE books, magazines etc - use the Internet!

hehe, it is true. if so, the portal is www.google.com or directory.google.com. ;)) the key is to choose right keywords.
Rich RumbleSecurity SamuraiCommented:
While I see some good suggestions and starting points above- these are my recommendations
ISC Squared

That is the organization globally recognized in certifying security professionals. Read the ciriculum that they test over- and you may get a better idea on what a true security professional (network or otherwise) should know.
This is a perfect example: https://www.isc2.org/cgi-bin/index.cgi Here's the list: (my comments are in quotes)
    *  Access Control Systems & Methodology   "CCNA/CCNP is perfect training for this"
    * Applications & Systems Development   "Best practices in coding, implementation"
    * Business Continuity Planning  "dunno"
    * Cryptography    "Applied Cryptography is where you'd start IMHO- any of Bruce's books will be great http://www.schneier.com/"
    * Law, Investigation & Ethics    "This WILL come into play- any security person must have rules they are trying to measure against in order to gauge what is and is not bad. Not only in reguard to packets on a network, but also things like Acceptable Usage policies- P2P software typically is against most corporate useage policies- Ethics WILL also come into play, there are going to be "gray" areas and or unspoken laws to abide by"
    * Operations Security
    * Physical Security   "This is the toughest one of all- in my experience, you might have the greatest firewall and IDS system in the world, but if someone can come in on a weekend, walk around to any cube/office and insert a cd-rom or floppy- those PC's are owned- or if the HD is removed- cloned, and then replaced- Owned."
    * Security Architecture & Models   "As much as this sounds like a buzz word, it has real practical applications"
    * Security Management Practices    "This is another "gotcha"-    practice what you preach, and be able to assess the strenghts and weakness' of the network/company and make everyone conform to them"
    * Telecommunications, Network & Internet Security   "this is the part where you'd be doing some nmap'ing nessus'ing etc."

I'm all for most of the suggestions above, but this is the internet, and as I have to tell my wife all the time, it's the figgin internet- you can't believe everything you see on there.
My personal suggestions, Read the "Hacking Exposed" Series of books all of them are great, not free but cheap and up2date. Bruce Schneier is one of the leading security thinkers/writers of this generation http://www.schneier.com/books.html I suggest  reading anything he writes- but again, you have to check somethings out  on your own- don't believe everything you see/hear/read.
After I read the hacking exposed books, I understood the  "script-kiddie" tools I was using, like nmap, GFI LanGuard Network security scanner, and nessus tools. Then I found out that I didn't have to use them every time, and that simpiler is always better, in both penetration and prevention. For example, windows has most of the hacking ability builtin to it that you need. The managment console is a great hacking device. Right-click my computer, go to manage, then right-click computer managment (local) and click "connect to remote computer" and place an IP or name on the connect to line, and bam! you'll get a lot more info than in my opinion you should about someones PC.

Anyway...  I hope that helps.

Security is a Process- NOT a Program.

Rich RumbleSecurity SamuraiCommented:
Sorry the link above doesn't work right... here is the page https://www.isc2.org/cgi/content.cgi?category=19
I would also suggest investigating local groups such as ISSA, and infragaurd.  <removed per http:help.jsp#hi123>


<advertizing removed by CetusMOD per http:help.jsp#hi106>

You need to either award points to somebody (accept answer) or request this be closed and ask for a refund of points.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.