what to get into the network/security field

Posted on 2004-11-19
Last Modified: 2013-11-16
I want to get into the networking/security field and just wondered if someone can give me some really good advice in how to do this?  Also what books are good and are there any good free weekly maqazines on network security.  Thanks
Question by:pspurs
    LVL 7

    Accepted Solution


    I would recommend taking some type of networking class first. You will need to understand networking before you jump into the security field. Comptia certifications are a good place to start if you self-study, the Network+ test is a good start. Along the same lines as the Network+ test is the Cisco CCNA exam which is more widely accepted in the field than the Network+ exam, however both are a good start. I cannot stress hands on experience enough, you can buy alot of used networking equipment on E-bay to learn from. - this is a great free magazine

    Also, here are some books that may help you out on the networking side:

    Network+ Study Guide
    by David Groth

    Network+ Certification, All-in-One Exam Guide
    by Michael Meyers

    LVL 9

    Assisted Solution

    Hi :-)

    First, I have to say that "network security" is often too general as a term. I know some security experts who know how to secure Windows systems and some who know web servers.

    I would say that in order to "get into" network security, you would need the following "components":

    1. Good technical background on the applications you secure.
    That includes the workstations, servers and network applications (such as mail servers and web).
    A short google yielded this
    "iis securing microsoft" -->
    "windows-xp security" -->
    "windows-2003-server security" -->

    2. A place where you can read security bulletins, such as "". There are security sites that focus on os/application-specific security. e.g. you can learn on Linux security on

    3. A GOOD network security scanning tool.
    Get nessus from, scan your local network and see what the security experts are talking about. Don't forget to update it's plugins and restart it before you scan.
    This scanning tool will later be one of your primary working-tools as this is the only way to check yourself and see if your server/network may still be subjected to attacks.

    Hope it's useful!
    LVL 7

    Assisted Solution

    Apart from excellent advice from the 2 experts above, there are sites (imho only) where i find it useful in keeping updated.

    As for security training, there are plenty. Those that are basic to intermediate...
    CompTIA Network+ , networking fundamentals level (beginners)
    CompTIA Security+ , security fundamentals level (beginners)
    Cisco CCNA , networking intermediate level
    From there, you may wish to embark on other training available, courses from Foundstone, EC-Council ...etc.
    Good luck on your endeavours...;-)

    LVL 11

    Expert Comment

    I think SheharyaarSaahil would probably be the best one to answer this.  With over 200,000 points in security here at EE, he should have a pretty good idea of the route to go.

    In other words - look for experts in IT Security (preferrably locally) and sound them out.  OJT is prime learning and practical experience, and gives you a definite PLUS when it comes to writing a resume.  I think Insurance companies and Banks tend to have the best specialists (at least the ones I've met), and are generally willing to teach others or at least give advice.

    If you want to TEACH YOURSELF you'll need to be able to set up a TEST area to practice or try out what you've learned.  If you have problems or questions regarding specific problems you can always post them here - maybe we can help there too.

    Start small and work your way up:  Take a PC with either NT - W2K - XP and try to make it as secure as possible.  The different tools mentioned above will help determine if you're going in the right direction.  Next, set up a network of at least three PCs and try to make the NET secure.  Document for yourself everything you did and learned.

    As for FREE books, magazines etc - use the Internet!  You'll find a flood of information absolutely free, be able to keep up with the changes in technology, and learn from others!
    LVL 36

    Expert Comment

    by:Bing CISM / CISSP
    > As for FREE books, magazines etc - use the Internet!

    hehe, it is true. if so, the portal is or ;)) the key is to choose right keywords.
    LVL 38

    Assisted Solution

    by:Rich Rumble
    While I see some good suggestions and starting points above- these are my recommendations
    ISC Squared

    That is the organization globally recognized in certifying security professionals. Read the ciriculum that they test over- and you may get a better idea on what a true security professional (network or otherwise) should know.
    This is a perfect example: Here's the list: (my comments are in quotes)
        *  Access Control Systems & Methodology   "CCNA/CCNP is perfect training for this"
        * Applications & Systems Development   "Best practices in coding, implementation"
        * Business Continuity Planning  "dunno"
        * Cryptography    "Applied Cryptography is where you'd start IMHO- any of Bruce's books will be great"
        * Law, Investigation & Ethics    "This WILL come into play- any security person must have rules they are trying to measure against in order to gauge what is and is not bad. Not only in reguard to packets on a network, but also things like Acceptable Usage policies- P2P software typically is against most corporate useage policies- Ethics WILL also come into play, there are going to be "gray" areas and or unspoken laws to abide by"
        * Operations Security
        * Physical Security   "This is the toughest one of all- in my experience, you might have the greatest firewall and IDS system in the world, but if someone can come in on a weekend, walk around to any cube/office and insert a cd-rom or floppy- those PC's are owned- or if the HD is removed- cloned, and then replaced- Owned."
        * Security Architecture & Models   "As much as this sounds like a buzz word, it has real practical applications"
        * Security Management Practices    "This is another "gotcha"-    practice what you preach, and be able to assess the strenghts and weakness' of the network/company and make everyone conform to them"
        * Telecommunications, Network & Internet Security   "this is the part where you'd be doing some nmap'ing nessus'ing etc."

    I'm all for most of the suggestions above, but this is the internet, and as I have to tell my wife all the time, it's the figgin internet- you can't believe everything you see on there.
    My personal suggestions, Read the "Hacking Exposed" Series of books all of them are great, not free but cheap and up2date. Bruce Schneier is one of the leading security thinkers/writers of this generation I suggest  reading anything he writes- but again, you have to check somethings out  on your own- don't believe everything you see/hear/read.
    After I read the hacking exposed books, I understood the  "script-kiddie" tools I was using, like nmap, GFI LanGuard Network security scanner, and nessus tools. Then I found out that I didn't have to use them every time, and that simpiler is always better, in both penetration and prevention. For example, windows has most of the hacking ability builtin to it that you need. The managment console is a great hacking device. Right-click my computer, go to manage, then right-click computer managment (local) and click "connect to remote computer" and place an IP or name on the connect to line, and bam! you'll get a lot more info than in my opinion you should about someones PC.

    Anyway...  I hope that helps.

    Security is a Process- NOT a Program.

    LVL 38

    Expert Comment

    by:Rich Rumble
    Sorry the link above doesn't work right... here is the page
    LVL 1

    Expert Comment

    I would also suggest investigating local groups such as ISSA, and infragaurd.  <removed per http:help.jsp#hi123>


    <advertizing removed by CetusMOD per http:help.jsp#hi106>

    LVL 11

    Expert Comment

    You need to either award points to somebody (accept answer) or request this be closed and ask for a refund of points.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Better Security Awareness With Threat Intelligence

    See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

    Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
    This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
    how to add IIS SMTP to handle application/Scanner relays into office 365.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    758 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now