?
Solved

what to get into the network/security field

Posted on 2004-11-19
11
Medium Priority
?
716 Views
Last Modified: 2013-11-16
I want to get into the networking/security field and just wondered if someone can give me some really good advice in how to do this?  Also what books are good and are there any good free weekly maqazines on network security.  Thanks
0
Comment
Question by:pspurs
9 Comments
 
LVL 7

Accepted Solution

by:
improveyourpc earned 500 total points
ID: 12632321
pspurs,

I would recommend taking some type of networking class first. You will need to understand networking before you jump into the security field. Comptia certifications are a good place to start if you self-study, the Network+ test is a good start. Along the same lines as the Network+ test is the Cisco CCNA exam which is more widely accepted in the field than the Network+ exam, however both are a good start. I cannot stress hands on experience enough, you can buy alot of used networking equipment on E-bay to learn from.


http://www.securitymagazine.com/ - this is a great free magazine

Also, here are some books that may help you out on the networking side:

Network+ Study Guide
by David Groth
http://www.amazon.com/exec/obidos/ASIN/0782140149/visualsoftukli08/103-7091272-5395852

Network+ Certification, All-in-One Exam Guide
by Michael Meyers
http://www.amazon.com/exec/obidos/tg/detail/-/0072222743/103-7091272-5395852?v=glance






0
 
LVL 9

Assisted Solution

by:e-tsik
e-tsik earned 500 total points
ID: 12632327
Hi :-)

First, I have to say that "network security" is often too general as a term. I know some security experts who know how to secure Windows systems and some who know web servers.

I would say that in order to "get into" network security, you would need the following "components":

1. Good technical background on the applications you secure.
That includes the workstations, servers and network applications (such as mail servers and web).
A short google yielded this
"iis securing microsoft" --> http://www.microsoft.com/technet/security/prodtech/iis/default.mspx&e=7370
"windows-xp security" --> http://labmice.techtarget.com/articles/winxpsecuritychecklist.htm
                                       http://www.microsoft.com/technet/security/prodtech/winclnt/secwinxp/default.mspx
"windows-2003-server security" --> http://www.microsoft.com/technet/security/prodtech/win2003/default.mspx

2. A place where you can read security bulletins, such as "www.cert.org". There are security sites that focus on os/application-specific security. e.g. you can learn on Linux security on http://lwn.net

3. A GOOD network security scanning tool.
Get nessus from www.nessus.org, scan your local network and see what the security experts are talking about. Don't forget to update it's plugins and restart it before you scan.
This scanning tool will later be one of your primary working-tools as this is the only way to check yourself and see if your server/network may still be subjected to attacks.

Hope it's useful!
0
 
LVL 7

Assisted Solution

by:shahrial
shahrial earned 500 total points
ID: 12633326
Apart from excellent advice from the 2 experts above, there are sites (imho only) where i find it useful in keeping updated.
http://www.securityfocus.com 
http://www.sans.org

As for security training, there are plenty. Those that are basic to intermediate...
CompTIA Network+ , networking fundamentals level (beginners)
CompTIA Security+ , security fundamentals level (beginners)
Cisco CCNA , networking intermediate level
From there, you may wish to embark on other training available, courses from Foundstone, EC-Council ...etc.
Good luck on your endeavours...;-)
 


0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
LVL 11

Expert Comment

by:huntersvcs
ID: 12635713
I think SheharyaarSaahil would probably be the best one to answer this.  With over 200,000 points in security here at EE, he should have a pretty good idea of the route to go.

In other words - look for experts in IT Security (preferrably locally) and sound them out.  OJT is prime learning and practical experience, and gives you a definite PLUS when it comes to writing a resume.  I think Insurance companies and Banks tend to have the best specialists (at least the ones I've met), and are generally willing to teach others or at least give advice.

If you want to TEACH YOURSELF you'll need to be able to set up a TEST area to practice or try out what you've learned.  If you have problems or questions regarding specific problems you can always post them here - maybe we can help there too.

Start small and work your way up:  Take a PC with either NT - W2K - XP and try to make it as secure as possible.  The different tools mentioned above will help determine if you're going in the right direction.  Next, set up a network of at least three PCs and try to make the NET secure.  Document for yourself everything you did and learned.

As for FREE books, magazines etc - use the Internet!  You'll find a flood of information absolutely free, be able to keep up with the changes in technology, and learn from others!
0
 
LVL 37

Expert Comment

by:bbao
ID: 12637408
> As for FREE books, magazines etc - use the Internet!

hehe, it is true. if so, the portal is www.google.com or directory.google.com. ;)) the key is to choose right keywords.
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 500 total points
ID: 12640174
While I see some good suggestions and starting points above- these are my recommendations
ISC Squared
https://www.isc2.org/cgi-bin/index.cgi

That is the organization globally recognized in certifying security professionals. Read the ciriculum that they test over- and you may get a better idea on what a true security professional (network or otherwise) should know.
This is a perfect example: https://www.isc2.org/cgi-bin/index.cgi Here's the list: (my comments are in quotes)
    *  Access Control Systems & Methodology   "CCNA/CCNP is perfect training for this"
    * Applications & Systems Development   "Best practices in coding, implementation"
    * Business Continuity Planning  "dunno"
    * Cryptography    "Applied Cryptography is where you'd start IMHO- any of Bruce's books will be great http://www.schneier.com/"
    * Law, Investigation & Ethics    "This WILL come into play- any security person must have rules they are trying to measure against in order to gauge what is and is not bad. Not only in reguard to packets on a network, but also things like Acceptable Usage policies- P2P software typically is against most corporate useage policies- Ethics WILL also come into play, there are going to be "gray" areas and or unspoken laws to abide by"
    * Operations Security
    * Physical Security   "This is the toughest one of all- in my experience, you might have the greatest firewall and IDS system in the world, but if someone can come in on a weekend, walk around to any cube/office and insert a cd-rom or floppy- those PC's are owned- or if the HD is removed- cloned, and then replaced- Owned."
    * Security Architecture & Models   "As much as this sounds like a buzz word, it has real practical applications"
    * Security Management Practices    "This is another "gotcha"-    practice what you preach, and be able to assess the strenghts and weakness' of the network/company and make everyone conform to them"
    * Telecommunications, Network & Internet Security   "this is the part where you'd be doing some nmap'ing nessus'ing etc."

I'm all for most of the suggestions above, but this is the internet, and as I have to tell my wife all the time, it's the figgin internet- you can't believe everything you see on there.
My personal suggestions, Read the "Hacking Exposed" Series of books all of them are great, not free but cheap and up2date. Bruce Schneier is one of the leading security thinkers/writers of this generation http://www.schneier.com/books.html I suggest  reading anything he writes- but again, you have to check somethings out  on your own- don't believe everything you see/hear/read.
After I read the hacking exposed books, I understood the  "script-kiddie" tools I was using, like nmap, GFI LanGuard Network security scanner, and nessus tools. Then I found out that I didn't have to use them every time, and that simpiler is always better, in both penetration and prevention. For example, windows has most of the hacking ability builtin to it that you need. The managment console is a great hacking device. Right-click my computer, go to manage, then right-click computer managment (local) and click "connect to remote computer" and place an IP or name on the connect to line, and bam! you'll get a lot more info than in my opinion you should about someones PC.

Anyway...  I hope that helps.

Security is a Process- NOT a Program.
-rich

0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 12640182
Sorry the link above doesn't work right... here is the page https://www.isc2.org/cgi/content.cgi?category=19
-rich
0
 
LVL 1

Expert Comment

by:Robnhood
ID: 12644580
I would also suggest investigating local groups such as ISSA, and infragaurd.  <removed per http:help.jsp#hi123>

Craig.

<advertizing removed by CetusMOD per http:help.jsp#hi106>

0
 
LVL 11

Expert Comment

by:huntersvcs
ID: 14968804
You need to either award points to somebody (accept answer) or request this be closed and ask for a refund of points.
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like me and like multiple layers of protection, read on!
In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Suggested Courses

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question