Follow Slashdot stories on Twitter


Forgot your password?

Required Knowledge for a Career in Network Security 73

mtgarden asks: "I am trying to decide if I want to make a career shift into network security. I enjoy learning about cutting edge technologies and find security interesting. I am not especially good at programing but would potentially enjoy the analysis side of security. Where would I start studying to learn whether this field is a good fit for me?"
This discussion has been archived. No new comments can be posted.

Required Knowledge for a Career in Network Security

Comments Filter:
  • Apparently, spelling is not required knowledge for a career in network securit :)
  • Career path (Score:2, Funny)

    by Kangburra ( 911213 )
    Can you install NIS with a straight face, and charge them? ;-)
  • Well... (Score:2, Funny)

    by TheAngryMob ( 49125 )
    Required Knowledge for a Career in Network Securit

    I'd say maybe some typing, spelling, and proofreading skills to start.
  • The first is obvious. Learn the threats that are out there. You can't protect against what you don't know. Granted new threats come about all too often, but it's definitely a plus to keep up to date with different security threats and risks that are prevalent in the computer world.

    Another is equipment. Know what equipment (routers, firewalls, etc) is used for what and how it works.

    Finally, software. Figure out how firewalls, spam filters, etc do their job and how to open and close ports.

    I'm sure the

    • by G)-(ostly ( 960826 ) on Wednesday March 22, 2006 @10:38AM (#14971336) Journal
      You clearly are a security professional, as you skipped all the actual initial steps, probably because you're so used to them :)

      The FIRST thing to do is learn the mechanics of the system(s) you are protecting. There are a lot of "generic" classes of threats out there, some relevant to certain systems, some to all. Before you can begin trying to protect against them, however, you need to completely understand:

      1. If/how they affect the systems you're protecting.
      2. What about your system makes the threat especially dangerous or nominal.
      3. What mechanisms your system has to wall off such threats, if any.

      You can't truly secure a system you don't inside and out, no matter how much security "theory" you know, so the FIRST step is making sure you understand the technology at your disposal, even before you try to understand what threatens to compromise it.
      • No.

        First you learn how systems work. OS, software design and development, network design, system stability, etc. After that you learn threat analysis and than you can call yourself a security professional.

        Unfortunately this is unfashionable in the industry nowdays. It is much more popular to dwell in the threat land without knowing the underlying hardware and software infrastructure. It is also easier.

        And as mediocracy is well known to be a selfsupporting mechanism, knowing the guts is actually a problem in
        • What do you mean "no"? We said the same thing, you just spelled out the individual topics where I clumped everything together under "mechanics".
          • As an ex-computer security professional I would not bang the fundamentals under a "mechanics" heading.

            In theory part of the job of a security engineer is to treat the work of the people around him with respect and ensure that it succeeds in its projected goals.

            Unfortunately, in practice, the majority of the industry follows the exact opposite. Either the security engineer comes at the end, dismisses the system design as "mechanics" and goes to jerk off in a threat FUDfest or signs off the system due to "bus
    • You can't protect against what you don't know

      You most certainly can!

      It's called a proof, and it's just as valuable in secure systems as it is in mathematics.

      Instead, you figure out what you want to protect against, and prove that your system is safe from that.

      For example: if you want to protect against evildoers getting the contents of /etc/shadow, then all you need to do is provide a guarantee by which no access to /etc/shadow is possible that can be manipulated by an evildoer.

      It's very often that the best
  • (Score:3, Informative)

    by Tool Man ( 9826 ) on Wednesday March 22, 2006 @10:13AM (#14971191)
    SANS has a wealth of in-depth courses, taught by experts in the field. They aren't inexpensive, but these aren't courses you will find at your local community college either. Some are taught on-line, in their "SANS@home" programs, where you have books, a CD of test data (in my case), and the Java client gives you an interactive environment with slides and audio.
  • Well... (Score:3, Funny)

    by chiskop ( 926270 ) <(moc.liamg) (ta) (poksihc)> on Wednesday March 22, 2006 @10:13AM (#14971195) Homepage
    Securit® - Information Management and Destruction [] seems like the obvious place to start, and they're hiring.
  • Cutting Edge.. (Score:5, Informative)

    by onion2k ( 203094 ) on Wednesday March 22, 2006 @10:17AM (#14971209) Homepage
    I enjoy learning about cutting edge technologies and find security interesting.

    You can forget dealing with the cutting edge. Security work is all about currently deployed applications. For example, doing an audit at the moment is much more likely to require a good knowledge of Windows 2000 than XP or Vista.
  • by slackaddict ( 950042 ) <rmorgan&openaddict,com> on Wednesday March 22, 2006 @10:21AM (#14971236) Homepage Journal
    At least have a working knowledge of C or C++, since most of the OSS tools you could be using were written in that. Then study networking-related technologies - Set up your own network at home with a variety of operating systems and experiment with tools and different network protocols. Read everything you can get your hands on. Convince a security company or ISP to allow you to intern which would give you some real-world experience. Get certified in some security areas to beef up your resume.

    Those are a few things I can think of. HTH.

    • Don't forget Perl, easier to maintain scripts to alter configuration if you know that as well.

      To the author: you should have some expertise in creating and enforcing policy so that the people that use you network will understand what is allowed and what is not. You'll probably need to handle alterations to your policy as the technology of the applications on the network change. Remember defense in layers. A big firewall is not the end-all of network security.
  • ...and an extremely good way of getting your head around the latest threats, particularly in terms of the latest spy/mal/adware out there. The info is reliable and free, and you might learn something too. A lot of these sites are used by industry professionals, and you can gain a great network of contacts with a little hard work. A list of around 50+ forums to get you started, on everything from Malware analysis to building testboxes: []
  • by Rob T Firefly ( 844560 ) on Wednesday March 22, 2006 @10:23AM (#14971246) Homepage Journal
    You must be able to quote at least 75% of the movie "Hackers," 85% of "War Games," and for extra credit about 10-20% of either "Swordfish" or "The Lawnmower Man."
  • by Malor ( 3658 ) on Wednesday March 22, 2006 @10:38AM (#14971341) Journal
    As a system and network admin, security is something I think about quite a bit. As far as I can determine, truly good security people are the best of the best in the computer world. There is _nothing_ in computers as difficult.

    As an admin/architect, you need a prodigious memory; you have to know all the software you're deploying, with all its various warts. You have to know your operating systems, and their interactions with your chosen hardware, both system and network. And you have to understand your network layout and be able to troubleshoot.

    As a programmer, you need less knowledge and more raw brainpower. You still need to know how other people do things, but a great deal of the job is raw invention on the spot. Knowledge in the programming field tends to be narrow, specialized, and very deep.

    As a security person, at least to be a GOOD one, you need all the skills of both fields, plus more besides. You have to be able to audit source code and find weaknesses; you have to be able to probe a network remotely and understand its layout and where its holes are likely to be. Defensively, you have to understand all the possible ramifications and interactions with combinations of software. Offensively, you have to be able to find the holes that nobody else has seen before.

    Both programming and sysadminning can lead into security, but if you want to be GOOD, I'd strongly suggest trying to be both. You might want to program first; that's usually harder to break into, and it can be easier to get a job out of college. Admins tend to like experience as much or more than education, so once you have a good degree of programming skill, you can probably branch out and pick up what you need in terms of system administration. You don't necessarily need the day-to-day details, but you do need a very, very deep understanding of _exactly_ what the operating system and programs are _actually_ doing... not just the cruder models most of us tend to use.

    It is a very interesting field, but it'll take everything you have and then some just to keep up.
  • by Spazmania ( 174582 ) on Wednesday March 22, 2006 @10:38AM (#14971348) Homepage
    As with most things involving deep technical expertise, you don't choose the career so much as the career chooses you. Here's how it goes for network security:

    You work as a junior network administrator.
    You get interested in the security aspects.
    You find you have a knack for it and tend to spend any unassigned manhours scanning logs for connection attempts and looking up the ports to see what the originator was attempting.
    Your boss notices that you have a knack for it and lets you spend more time working on it.
    You start reading the available literature to gain more insight.
    A job comes along where they're looking for a network security specialist instead of a general network admin. You apply and get the job.
    With all of your work-hours spent on network security your rate of learning increases.
    You run in to a few unusual situations and start to consult with experts on the 'net.
    At some point you cross a line. Now you are one the experts and folks consult with you.

    You'll notice there is no coursework listed anywhere in there. It wasn't an oversight. Coursework provides a decent overview for folks who don't have the knack. It lets them get by without being completely ignorant. Someone with the knack, someone who should consider network security as a career path, will get the same results by spending an evening with a book.
    • Ok, so what are some of the books?
      Stupid time since reply :-(
      • what are some of the books?

        Pretty much anything on the subject will do. Stuff published by O'Reilly is generally good or at least ok. The point is not to gain deep insight -- that's a moving target that comes from experience. The point is get a quick overview of the breadth of the field.

      • Network Intrusion Detection by Northcutt and Novak
        Counter Hack (Reloaded) by Skoudis
        The Hacking Exposed series by Joel Scambray and other authors are fairly informative as to techniques and defenses, but not necessarily at explaining the topic at a packet level.
        Hacker's Challenge 2 by Mike Schiffman is a decent introduction at applying analysis skills

        There's a ton of useful mailing lists and websites that have similar information, but the above books (particularly the first two) provide a lot of it in well
  • Documentation (Score:4, Insightful)

    by John the Kiwi ( 653757 ) <{kiwi} {at} {}> on Wednesday March 22, 2006 @10:54AM (#14971469) Homepage
    You must be able to write very long reports that management and the board of directors will be reading. You will use terms like "Due Care and Diligence", "Disaster Recovery" and "Business Continuity Planning". Security professionals don't provide anything tangible to a business so to prove your value you must consider every potantial problem and document it in advance even if management doesn't even read your reports. This is the only way to cover your ass.

    So many people consider Network Security to be about running sploits and such, but really its about risk management. Have a good look at certifications such as CISSP, read some of the self training books and if you don't get bored to tears reading them then think about what it would take to write them because thats what you'll be doing 90% of your time.

    • Obviously a security professional. 100% correct.
    • It's kinda sad how true this is. I've been a networking and security consultant for several years and most admins don't give a rats ass about "Disaster Recovery" (let alone backups) or "Business Continuity Planning" even though their jobs may depend on it. That is why people, like myself, are brought in to run audits and tell people how much it will cost them to keep (or get back) their network when a plane crashes into their building. I live in the NYC area, so everyone is acutely aware of the businesses t
  • by Anonymous Coward
    Information security is a pretty large field, with different professionnals who may have very different backgrounds and expertises. The OP talks about network security, which is a subset of information security, but it is far from the only "kind" of security job out there.

    Traditionnally, the easiest way to get into network security is by first being a network engineer/sysadmin. As you learn the ins and outs of networks administration, you'll have to tackle the related security issues at one point or another
  • by Anonymous Coward
    Am I the only person here who gets a bit..., no actually, really... irritated by these questions ?

    "I enjoy learning about cutting edge technologies and find security interesting."
    Well obviously not interesting enough to find out what the field is about. Spend some time on the net looking at forums, security related sites, etc. I can't believe that if you take a couple of hours to do this you wouldn't have a rough idea of what the field of computer/network security is about and wether the field is potent
    • I agree, but.... Security has been hot since 9/11. Questions like those sound like the asker doesn't really care about the subject, just wants on the latest bandwagon. In the 90's that was more generally IT with an emphasis on the Internet, now it's security. But let's give the benefit of the doubt. The asker may not have any idea where to start asking questions or what to start reading, and thought this would be one good place to begin. Should've read a bit more before asking? Maybe. Does the world
  • by martin ( 1336 )
    Look at the things you need to cover to get CISSP certified - that'll give a good idea..
  • You also need to think about and decide what sort of longevity and upward mobility you want in that (or any) field. You certainly need to understand the mechanics - how to install security software, etc. But, if you want to rise up, you need to understand the foundation. If it's network security, you need to understand network protocols and statistics. Get Stevens Vol I and Ethereal and start capturing packets and looking at real network traffic. Also, get a book on statistics that includes distributions. T
  • by Anonymous Coward
    Not trying to dissuade you. It's good to want to learn about security. Just don't romanticize the field. I'm a network security consultant. What does my day consist of? Meetings mostly. I have to go to pre-sales meetings with our sales people, I have to go to project meetings with our customers, I have to go to wrap-up meetings after the projects are done.

    What's my second biggest time slice? Writing reports and policy papers. My girlfriend gets asked what I do, and she answers "He mostly writes rep
  • by jschottm ( 317343 ) on Wednesday March 22, 2006 @02:15PM (#14973371)
    Where would I start studying to learn whether this field is a good fit for me?

    I'd recommend the Northcutt/Novak book "Network Intrusion Detection" as a good one to start with. If you come out with a knowledge of IP packets, how to read them in hex format and TCPdump (yes, TCPdump, not Ethereal) then continue on in the field. If it's not of interest or is too hard, don't.

    (Good) Network security isn't often all that interesting or that sexy. You have to do a good deal of ongoing research to stay on top of what the bad guys are developing. Chances are that you'll deal with a lot of bots, spam, script kiddies, and worms rather than some 'leet hacker who will challenge you to an international manhunt. You have to read lots of packets and system logs. You don't have to be an expert programmer, but being able to write $SCRIPT_LANGUAGE well enough to write quick custom log parsers and analyzers is a big plus.

    Of course, there's plenty of hacks (in the old, pre-computer meaning of the term) who'll run Nessus against a client and bill them a couple thousand dollars. But I'm assuming you don't want to be one of those.

    You can look at the CISSP prep books, but (IMO) their program is less technically oriented than the SANS type ones, and will show you more about how to interact with management as a security analyst than the technical aspects that you would have to know.
  • by DaPh00z ( 840056 ) *
    If you're not familiar with the security field, then you might want to take a step back and look at a bigger picture. Information Assurance is the broader category.

    IA can be divided into 7 categories:
    • Physical
    • Computer
    • Information
    • Operations
    • Communications
    • Network
    • Emanations

    There are also several dimensions of each category:

    • Confidentiality
    • Integrity
    • Availability
    • Accountability

    I would recommend that you investigate each one to see where your personal strengths might make the best fit. If you en

  • Many of the other posters in this discussion have talked about the security side of network security, so I thought I'd address the networking side. In my opinion, you must understand the basics of networking at an expert level if you want to be a good network security professional. At the very least, you should:
    • understand IP (packet formats, TCP, UDP, ICMP) extremely well.
    • be able to deal with packet data in many forms.
    • be able to work with numbers in binary, hex and decimal. (octal wouldn't hurt either
  • There are a lot of fields in the security area, some deal with networks, but many do not. You need to spend some time researching what "specialties" there are in the broader field.

    For example, computer forensics is a specialty within the security field, and it can mean a lot of things. It could mean examining network logs to trace the source of a DDoS attack, or to determine the full scope of an attack. Ex. We know we were hacked, but did they get access to accounting or our development systems? Deter
  • Since you're talking about career choices, you might want to approach the topic from the broader sense - not just Network Security but Information Security.

    InfoSec is a broad, fascinating field. And as with the field of medicine in the early 1800's, everyone is an expert, but no-one really knows enough.

    There seem to be six main "practitioner" fields, right now:

    1) Documentation (certification and compliance)
    2) Network / Systems Administr
  • I'd recommend 'Secrets and Lies' and 'Beyond Fear' from Bruce Schneier for a no bullshit look at security and reality. Be aware that to do it right you're looking at quite a lonely career, and your main effort in any company is to make yourself redundant..

    Which is why it's better to be a consultant in this field - you get to do the interesting stuff. What I enjoy best is resolving calamities and helping companies with invoking DR strategies - I'm personally not very good at handle turning but very much at
  • Learn TCP/IP backwards, pick up a scripting language, analyse and understand the threats to an organisation from within.
    Don't waste any time "learning how to think like a hacker". Everyone says it and its utterley pointless. For a start most of your time will be spent satisfying audit points and closing loop holes for internal fraud. Which "hackers" do that?
    Also, unless you work for a clueless outfit in the first place you will not be dealing with effective malicious attacks on even a 6 monthly basis.
    Pick t
  • Security is largely about keeping information secret from those who shouldn't have it. Yea, it's great if you can set up a firewall, you and 100 million other people. Frankly, I wouldn't hire a so called security expert if they couldn't explain to me what a Feistel round [] is or why RSA is hard [] to break. These are just a couple of examples of questions you might ask a security "professional," but they tend to distinguish people who claim to know about security from those who actually have a little bit of back

The last thing one knows in constructing a work is what to put first. -- Blaise Pascal