• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Learning to become a network security analyst

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> General Security Discussion

View previous topic :: View next topic  
Author Message
alt.don
SF Boss
SF Boss


Joined: 04 Mar 2003
Posts: 16777079


Offline

PostPosted: Thu Mar 27, 2003 11:22 pm    Post subject: Learning to become a network security analyst Reply with quote

It struck me as funny a couple of weeks ago. We had some visitors from the UK in my shop who were looking at our network security setup. I had
a couple of analysts sitting with me who were inexperienced and were asking me questions as to how to increase their knowledge. Well I told them as I sat atop Mt. Olympus Smile you gotta learn the stack and how it works. This is absolutely crucial I tells em. I kept getting the same dull stares. They were in essense looking for a quick answer, and as we know they are none. Some of these guys had done their Track III at SANS as well! The advice I continually hammered into them is learn tcp/ip, and the bet way to learn it imho is to craft packets and see how they interact. By learning how to craft packets you are forced to learn what the various flags are as well as the other metrics. It is a wonderful learning tool. Heh,
my advice fell on deaf ears however. Oh well, I know what I am doing.
What do you guys see as critical skills to have to become a proficient network security monkey?
Cheers!
Don
Back to top
View user's profile Send private message Visit poster's website
GSecur
Trusted SF Member
Trusted SF Member


Joined: 30 Sep 2002
Posts: 16777215


Offline

PostPosted: Fri Mar 28, 2003 12:22 am    Post subject: Reply with quote

I don't really think you can train to become a security expert. Sure you can take classes and learn more about security. But, in essence a good security expert is actually a good sysadmin.

A good sysadmin should always have security concerns in his mind.

I am always leary about hiring so called security experts who have no system administration experience.

I don't think you set out to become a security expert, It just evolves from your growing skills as a sysadmin.

IMHO Smile
Back to top
View user's profile Send private message Send e-mail Visit poster's website
alt.don
SF Boss
SF Boss


Joined: 04 Mar 2003
Posts: 16777079


Offline

PostPosted: Fri Mar 28, 2003 12:35 am    Post subject: Reply with quote

You must certainly be able to administer the OS you are attempting to secure. No arguments there. There is however a differing mindset between the sys admin and the security side. The sys admin provides an efficient network that is transparent to the user. The security person provides security that is hopefully transparent to the sys admin. They are in my mind two distinctly separate roles. Rare is the person who can effectively do both.
Cheers!
Don
Back to top
View user's profile Send private message Visit poster's website
ShaolinTiger
Forum Fanatic
Forum Fanatic


Joined: 18 Apr 2002
Posts: 16777215
Location: Kuala Lumpur, Malaysia

Offline

PostPosted: Fri Mar 28, 2003 1:59 am    Post subject: Reply with quote

Yeh I think they are bound yet seperate..

To be good in security you have to have a bit of programmer in you, preferably to the old definition of hacker. Logical and devious, able to think like a hacker (as in the current media description), good understanding of TCP/IP and networking and tha intrawebnet Very Happy

And for what Gsecur says I agree, the only people who set out to be "security experts" are money grabbing salesmen who rarely know stateful from stateless.

This is what the blackhat pr0ject m4yhem is about.

You start off being into computers and drift off into security (hacking Twisted Evil ).

That's how it should be anyway, some people as above just evolve it from their sys admin job and having to do it.
Back to top
View user's profile Send private message Visit poster's website
alt.don
SF Boss
SF Boss


Joined: 04 Mar 2003
Posts: 16777079


Offline

PostPosted: Fri Mar 28, 2003 2:06 am    Post subject: Reply with quote

Agreed, you have to be able to code some, and have an inquisitive nature which is generally exemplified by the hacker side of the house. I find that most sys admins I know only wish to know how to effectively admin their networks and that is it.
I will regurgitate my old adage "to defend you must be able to successfully attack". It is imperative that one be able to understand what is happening at the most basic level ie: the packet. If you can't read and understand a dump trace then your in over your head an an analyst.
I come from a signals analyst background and found that the mindset paid huge dividends for me as an analyst. It is to me all centered around the way you approach the problem.
Cheers!
Don
Back to top
View user's profile Send private message Visit poster's website
GSecur
Trusted SF Member
Trusted SF Member


Joined: 30 Sep 2002
Posts: 16777215


Offline

PostPosted: Fri Mar 28, 2003 7:58 am    Post subject: Reply with quote

Quote:
The sys admin provides an efficient network that is transparent to the user. The security person provides security that is hopefully transparent to the sys admin.


I guess we also have to take in consideration what type of security expert we're talking about here.

The security manager is writing policy. The admin is actually in the trenches securing the system.
Back to top
View user's profile Send private message Send e-mail Visit poster's website
PhiBer
SF Mod
SF Mod


Joined: 11 Mar 2003
Posts: 20
Location: Your MBR

Offline

PostPosted: Fri Mar 28, 2003 10:42 am    Post subject: Reply with quote

Ya....i agree with you guys.
I cant stand when people ask me "Can you teach me how to hack?"
Hacking/being a security expert isnt about reading 1 book or having someone show you. Its about years of experience in the Information Technology field and years of troubleshooting/configuring/expirementing with differenet OSes, Software, Protocol Stacks, Routers, Switches, Servers, etc. Its also about Reading up on ALOT of thing too. Read Read Read Read!!!! Im out.
-PhiBer
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> General Security Discussion All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register