How to get into Network Security Field?

[maddogchen]

I'm a recent college grad, working in databases right now. But I want to get into the Network Security field. Seems interesting and looks like a job that many companies would need. Does anyone have tips or advice on how to get into that field? None of the courses I took in college had anything to do with Network Security and all the jobs I've looked at need experience in the field. So how would I go about learning and getting experience?

Appreciate any help.

 

[GprophetB]

Take security classes, and get a student tech job at that school

(exactly what im doing now, extremely good exp.)

 

[maddogchen]

Where are you taking security classes at? They didn't offer it at my college or a few state ones nearby.

 

[Ameesh]

Are you sure you want to do that? I worked in the Network Secuirty Field for more then 2 years and i finally left it cause the people who work in the field and the work itself require you to be completely neurotic. Unless you enjoy a lot of low level C code your are not gonna be happy with it. Most of time working on it was with VPN technologies, IPSec in specific, and Encryptiona dn Authentication protocols. I spent many a day picking apart assembly code hunting down bugs and such.

to really get anywhere in the field be prepared to spend a lot of time in it and not much else.

 

[Jzero]

Originally posted by: Ameesh
Are you sure you want to do that? I worked in the Network Secuirty Field for more then 2 years and i finally left it cause the people who work in the field and the work itself require you to be completely neurotic. Unless you enjoy a lot of low level C code your are not gonna be happy with it. Most of time working on it was with VPN technologies, IPSec in specific, and Encryptiona dn Authentication protocols. I spent many a day picking apart assembly code hunting down bugs and such.

to really get anywhere in the field be prepared to spend a lot of time in it and not much else.

There's two sides to security.
I work in information security, but on the operational side of things. I am constantly auditing our systems to make sure patches are up to date. I handle access control, antivirus technologies, disaster recovery planning, auditing other departments, etc.

Basically go to www.isc2.org and look up the SSCP Common Body of Knowledge and that's me in a nutshell.

It doesn't involve any picking apart of code looking for bugs....just correcting the bugs as they come known.

 

[cquark]

GIAC certification offered by the SANS institute would help you learn security and get a job. It's a good certification program, unlike most computer certifications. The SANS conferences are excellent, but very expensive. I don't know as much about the CISSP certification.

As for teaching yourself, I'd recommend reading the following books:

Hacking Exposed, 4th edition, McGraw-Hill
Practical UNIX and Internet Security, 3rd edition, O'Reilly
Building Internet Firewalls, 2nd edition, O'Reilly
Network Intrusion Detection, 3rd edition, New Riders
Security Engineering, Wiley
TCP/IP Illustrated, Vol 1, Addison-Wesley
Exploiting Software : How to Break Code, Addison-Wesley

along with many free Internet resources like Robert Graham's network security FAQs, the SANS reading room, and so forth. While you're reading the material, practice it. Set up and use the various security tools. Run scanners like nmap and Nessus, sniff their packets with Ethereal and see if you can automatically discover the attempted attacks with a NIDS like snort. If you can do that on your home network, test your wits against the Honeynet Scan of the Month Challenge Archive.

 

[Ameesh]

Originally posted by: Jzero

Originally posted by: Ameesh
Are you sure you want to do that? I worked in the Network Secuirty Field for more then 2 years and i finally left it cause the people who work in the field and the work itself require you to be completely neurotic. Unless you enjoy a lot of low level C code your are not gonna be happy with it. Most of time working on it was with VPN technologies, IPSec in specific, and Encryptiona dn Authentication protocols. I spent many a day picking apart assembly code hunting down bugs and such.

to really get anywhere in the field be prepared to spend a lot of time in it and not much else.

There's two sides to security.
I work in information security, but on the operational side of things. I am constantly auditing our systems to make sure patches are up to date. I handle access control, antivirus technologies, disaster recovery planning, auditing other departments, etc.

Basically go to www.isc2.org and look up the SSCP Common Body of Knowledge and that's me in a nutshell.

It doesn't involve any picking apart of code looking for bugs....just correcting the bugs as they come known.

do you like what you do? or do you do it cause its a job?

 

[Jzero]

Originally posted by: cquark
I don't know as much about the CISSP certification

The CISSP is a good and well-respected cert. It's also hard to get these days, as you have to have 4 years experience (or 3 + college degree).

The "lower" SSCP cert requires only 1 year of experience regardless of degree.

 

[Jzero]

Originally posted by: Ameesh

Originally posted by: Jzero

Originally posted by: Ameesh
Are you sure you want to do that? I worked in the Network Secuirty Field for more then 2 years and i finally left it cause the people who work in the field and the work itself require you to be completely neurotic. Unless you enjoy a lot of low level C code your are not gonna be happy with it. Most of time working on it was with VPN technologies, IPSec in specific, and Encryptiona dn Authentication protocols. I spent many a day picking apart assembly code hunting down bugs and such.

to really get anywhere in the field be prepared to spend a lot of time in it and not much else.

There's two sides to security.
I work in information security, but on the operational side of things. I am constantly auditing our systems to make sure patches are up to date. I handle access control, antivirus technologies, disaster recovery planning, auditing other departments, etc.

Basically go to www.isc2.org and look up the SSCP Common Body of Knowledge and that's me in a nutshell.

It doesn't involve any picking apart of code looking for bugs....just correcting the bugs as they come known.

do you like what you do? or do you do it cause its a job?

I love it. Disaster recovery planning is boring as hell, but otherwise it's fast-paced and fun.

 

[dquan97]

easiest is to hack into a company, then write a book and get a consulting job.

 

[maddogchen]

Originally posted by: cquark
GIAC certification offered by the SANS institute would help you learn security and get a job. It's a good certification program, unlike most computer certifications. The SANS conferences are excellent, but very expensive. I don't know as much about the CISSP certification.

As for teaching yourself, I'd recommend reading the following books:

Hacking Exposed, 4th edition, McGraw-Hill
Practical UNIX and Internet Security, 3rd edition, O'Reilly
Building Internet Firewalls, 2nd edition, O'Reilly
Network Intrusion Detection, 3rd edition, New Riders
Security Engineering, Wiley
TCP/IP Illustrated, Vol 1, Addison-Wesley
Exploiting Software : How to Break Code, Addison-Wesley

along with many free Internet resources like Robert Graham's network security FAQs, the SANS reading room, and so forth. While you're reading the material, practice it. Set up and use the various security tools. Run scanners like nmap and Nessus, sniff their packets with Ethereal and see if you can automatically discover the attempted attacks with a NIDS like snort. If you can do that on your home network, test your wits against the Honeynet Scan of the Month Challenge Archive.

Thanks, I'll look into getting one of the certificates.

 

[Anghang]

Originally posted by: Jzero

Originally posted by: cquark
I don't know as much about the CISSP certification

The CISSP is a good and well-respected cert. It's also hard to get these days, as you have to have 4 years experience (or 3 + college degree).

The "lower" SSCP cert requires only 1 year of experience regardless of degree.

plus you need to complete 120 continuing education credit every 3 years in order to maintain your certification in good standing....I think I have like 5 credits with about a year to make up the rest...hahaa...DOH!

 

[maddogchen]

Originally posted by: Ameesh
Are you sure you want to do that? I worked in the Network Secuirty Field for more then 2 years and i finally left it cause the people who work in the field and the work itself require you to be completely neurotic. Unless you enjoy a lot of low level C code your are not gonna be happy with it. Most of time working on it was with VPN technologies, IPSec in specific, and Encryptiona dn Authentication protocols. I spent many a day picking apart assembly code hunting down bugs and such.

to really get anywhere in the field be prepared to spend a lot of time in it and not much else.

I'm not sure, but I want to take a few classes to see what its like. I don't like Databases that much anymore. Half the time they don't have anything for me to do. So I wanted to check out a new field, and with all the news and worries about viruses and security, it seems like an interesting field to check out. Plus I think network security and databases would be two good skills to have.

 

[Ameesh]

Originally posted by: Jzero

Originally posted by: Ameesh

Originally posted by: Jzero

Originally posted by: Ameesh
Are you sure you want to do that? I worked in the Network Secuirty Field for more then 2 years and i finally left it cause the people who work in the field and the work itself require you to be completely neurotic. Unless you enjoy a lot of low level C code your are not gonna be happy with it. Most of time working on it was with VPN technologies, IPSec in specific, and Encryptiona dn Authentication protocols. I spent many a day picking apart assembly code hunting down bugs and such.

to really get anywhere in the field be prepared to spend a lot of time in it and not much else.

There's two sides to security.
I work in information security, but on the operational side of things. I am constantly auditing our systems to make sure patches are up to date. I handle access control, antivirus technologies, disaster recovery planning, auditing other departments, etc.

Basically go to www.isc2.org and look up the SSCP Common Body of Knowledge and that's me in a nutshell.

It doesn't involve any picking apart of code looking for bugs....just correcting the bugs as they come known.

do you like what you do? or do you do it cause its a job?

I love it. Disaster recovery planning is boring as hell, but otherwise it's fast-paced and fun.

dont you find it boring, installing patches all day, every day?

 

[spidey07]

I got into it because it was part of my job. Being a network geek for a while and doing a bunch of internet and firewall work (installed my first one back in 1996

How to get into the field? You need experience...it is not something you can just do. Read the books above and see if you can get into a shop where you'll be playing with firewalls, VPNs, etc.

 

[Jzero]

Originally posted by: Ameesh
dont you find it boring, installing patches all day, every day?

I rarely install patches. I have automated tools to do that for me.

 

[Ameesh]

Originally posted by: Jzero

Originally posted by: Ameesh
dont you find it boring, installing patches all day, every day?

I rarely install patches. I have automated tools to do that for me.

then what do you do all day? tell your tools which patches to push out?

 

[Jzero]

Originally posted by: Ameesh

Originally posted by: Jzero

Originally posted by: Ameesh
dont you find it boring, installing patches all day, every day?

I rarely install patches. I have automated tools to do that for me.

then what do you do all day? tell your tools which patches to push out?

No, in between posts on ATOT, I flip burgers and take out the garbage, too.

Let's see...
Today my team:
-Wrote an automated script to analyze our production system and make sure that all the systems are configured properly, patched, and antivirused.
-Drafted a proposal to modify the AD structure of the domain and implement new GPOs to give us better control over international offices.
-Drafted responses to three different clients and prospects requesting information on my company's security, backup and disaster recovery practices.
-Continued remediation activities on a comprehensive 3rd-party audit that was recently conducted.
-Met with in-house counsel to ensure that proposed new security policy documents are legally sound.
-Began piloting a remote access solution that ensures that VPN/Dialup users have firewall and AV software running BEFORE they connect
-Checked IDS logs for signs of suspicious activity.
-Reviewed parts of the year-old disaster recovery plan and updated as necessary.
-Executed a monthly audit of user accounts

Oh, yes. And at some point someone clicked a few checkboxes on the SUS server.

As I said - take a look at the SSCP CBK at www.isc2.org and you'll pretty much know what I'm up to:
Access Controls
Administration
Audit and Monitoring
Risk, Response and Recovery
Cryptography
Data Communications
Malicious Code/Malware

 

[spidey07]

Began piloting a remote access solution that ensures that VPN/Dialup users have firewall and AV software running BEFORE they connect

good man.

PS - we've been very successful with cisco's client and zonelabs firewall. works like a champ and provides all the logging needed.