View previous topic :: View next topic |
Author |
Message |
alt.don SF Boss
Joined: 04 Mar 2003 Posts: 16777079
|
Posted: Thu Mar 27, 2003 11:22 pm Post subject: Learning to become a network security analyst |
|
|
It struck me as funny a couple of weeks ago. We had some visitors from the UK in my shop who were looking at our network security setup. I had
a couple of analysts sitting with me who were inexperienced and were asking me questions as to how to increase their knowledge. Well I told them as I sat atop Mt. Olympus you gotta learn the stack and how it works. This is absolutely crucial I tells em. I kept getting the same dull stares. They were in essense looking for a quick answer, and as we know they are none. Some of these guys had done their Track III at SANS as well! The advice I continually hammered into them is learn tcp/ip, and the bet way to learn it imho is to craft packets and see how they interact. By learning how to craft packets you are forced to learn what the various flags are as well as the other metrics. It is a wonderful learning tool. Heh,
my advice fell on deaf ears however. Oh well, I know what I am doing.
What do you guys see as critical skills to have to become a proficient network security monkey?
Cheers!
Don
|
|
Back to top |
|
|
GSecur Trusted SF Member
Joined: 30 Sep 2002 Posts: 16777215
|
Posted: Fri Mar 28, 2003 12:22 am Post subject: |
|
|
I don't really think you can train to become a security expert. Sure you can take classes and learn more about security. But, in essence a good security expert is actually a good sysadmin.
A good sysadmin should always have security concerns in his mind.
I am always leary about hiring so called security experts who have no system administration experience.
I don't think you set out to become a security expert, It just evolves from your growing skills as a sysadmin.
IMHO
|
|
Back to top |
|
|
alt.don SF Boss
Joined: 04 Mar 2003 Posts: 16777079
|
Posted: Fri Mar 28, 2003 12:35 am Post subject: |
|
|
You must certainly be able to administer the OS you are attempting to secure. No arguments there. There is however a differing mindset between the sys admin and the security side. The sys admin provides an efficient network that is transparent to the user. The security person provides security that is hopefully transparent to the sys admin. They are in my mind two distinctly separate roles. Rare is the person who can effectively do both.
Cheers!
Don
|
|
Back to top |
|
|
ShaolinTiger Forum Fanatic
Joined: 18 Apr 2002 Posts: 16777215 Location: Kuala Lumpur, Malaysia
|
Posted: Fri Mar 28, 2003 1:59 am Post subject: |
|
|
Yeh I think they are bound yet seperate..
To be good in security you have to have a bit of programmer in you, preferably to the old definition of hacker. Logical and devious, able to think like a hacker (as in the current media description), good understanding of TCP/IP and networking and tha intrawebnet
And for what Gsecur says I agree, the only people who set out to be "security experts" are money grabbing salesmen who rarely know stateful from stateless.
This is what the blackhat pr0ject m4yhem is about.
You start off being into computers and drift off into security (hacking ).
That's how it should be anyway, some people as above just evolve it from their sys admin job and having to do it.
|
|
Back to top |
|
|
alt.don SF Boss
Joined: 04 Mar 2003 Posts: 16777079
|
Posted: Fri Mar 28, 2003 2:06 am Post subject: |
|
|
Agreed, you have to be able to code some, and have an inquisitive nature which is generally exemplified by the hacker side of the house. I find that most sys admins I know only wish to know how to effectively admin their networks and that is it.
I will regurgitate my old adage "to defend you must be able to successfully attack". It is imperative that one be able to understand what is happening at the most basic level ie: the packet. If you can't read and understand a dump trace then your in over your head an an analyst.
I come from a signals analyst background and found that the mindset paid huge dividends for me as an analyst. It is to me all centered around the way you approach the problem.
Cheers!
Don
|
|
Back to top |
|
|
GSecur Trusted SF Member
Joined: 30 Sep 2002 Posts: 16777215
|
Posted: Fri Mar 28, 2003 7:58 am Post subject: |
|
|
Quote: |
The sys admin provides an efficient network that is transparent to the user. The security person provides security that is hopefully transparent to the sys admin. |
I guess we also have to take in consideration what type of security expert we're talking about here.
The security manager is writing policy. The admin is actually in the trenches securing the system.
|
|
Back to top |
|
|
PhiBer SF Mod
Joined: 11 Mar 2003 Posts: 20 Location: Your MBR
|
Posted: Fri Mar 28, 2003 10:42 am Post subject: |
|
|
Ya....i agree with you guys.
I cant stand when people ask me "Can you teach me how to hack?"
Hacking/being a security expert isnt about reading 1 book or having someone show you. Its about years of experience in the Information Technology field and years of troubleshooting/configuring/expirementing with differenet OSes, Software, Protocol Stacks, Routers, Switches, Servers, etc. Its also about Reading up on ALOT of thing too. Read Read Read Read!!!! Im out.
-PhiBer
|
|
Back to top |
|
|
|