In my first post, The Beginning, I wrote about the first book that really got me interested in Information Security. This post and others will hopefully give you some idea of what you can/should learn to help you in that field.
Information Security is a broad field with many specialty areas. Some subjects are common amongst most of them. Networking (architectures, protocols...) is one very important topic. For the sake of the bytes, I will narrow it to 2 reasons: Remote Attacks and Network Defense.
There are generally two types of attacks against a computer system, local and remote. Remote attacks come from other computers by way of networks. To truly understand the attack and ways to defend against them, you need to know how it move around. Some attacks are in the network protocols themselves (i.e. Smurf Attack) while other attack applications and use the network just for transport.
There are numerous protocols and you should be familiar with as many impossible. The most important would be IP,TCP,UDP,ICMP. Now the ones I listed are at different layers, but they are the most common. The best way to learn about these is to grab a book (see end of post for some recommendations) and using tcpdump and Wireshark to look at actual network traffic.
In the world of corporate information security, they are a big believer in separation of duties. So while we may manage the Intrusion Detection System's and firewalls, the network and all the routers belong to the Networking department. It is important that we be able to communicate effectively and knowledgeably with the networking guys. If you do not understand the basics of the networking, it will be tough to work with them.
More to come in the InfoSec Foundation series...
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment