I want have a carrier on Security?

Hi...
I like networking and all issuse related. And I really like to get a carrier on security, but i don't know how to start and from where? wich subjects i should read and understand? please help me to know how to start.

Thanx

hi there,
if you want to build a career in network security try your hands at the following subjects in that order:

Security weaknesses and vulnerabilities in TCP/IP (TCP; IP; ARP; DNS; ICMP; SMTP; Telnet; FTP; TFTP; Routing and Routers); Web Traffic - CGI; Penetration testing Introduction to Packet Sniffing.

Intruders and Malicious code - viruses; worms; Trojans; Back doors; Denial of Service attacks and how to prevent them; introduction to currently available tools.

Footprinting and Intelligence gathering introduction to currently available tools.

VPNs, Intruder Detection Systems; Firewalls: Packet-filters, Circuit-level, Application-Level, DMZ's. Cisco Configmaker- Configuring a firewall.

Encryption techniques - substitution, transposition, blocking.

Public Key Infrastructure: Trusted Third Parties, Certificates and C.A's.

Digital Signatures and message digests, MD5, SHA, HMAC; SET (Secure Electronic Transactions) standards; SSL, IPSec, PGP, Kerberos.

Legal issues: Regulation of Investigatory Powers Act, E-commerce Bill, key escrow.

Legal issues : Computer Misuse Act, forensic data, Police & Criminal Evidence Act.

Audit trails, logs, tamper-proofing

Thanx alot Arani.
I know there is alot of sites about security issuse, but may you know better than me, can you recommend me some good sites...???

www.securityfocus.com - articles etc
sans.org - reading room
www.packetstormsecurity.org - the whole site pretty much
www.firewall.cx



Subscribe to the security-basics list if you're completely new. Other lists such as the pen-test list are handy places to ask a question.

Get yourself a Linux live CD such as Auditor and start playing around with the tools. Install virtual machines of different operating systems and learn their security features, exploit vulnerabilities in them.


And more important than all the others -- learn how to program. You should be a capable C/C++ coder at the very least. Assembly language is a must for reverse-engineering, vulnerability development and exploit creation. You'll also want to learn Perl or Ruby as a scripting language for quick little tools and output parsing.

The worst thing you can do is put yourself in a situation where you are not capable of building automation into your own work. If you spend alot of your time saying 'I wish there was a program to do X', then you will not be effective in a proper security job.

Of course there is stuff like compliance / sarbanes-oxley and all that other rubbish that so-called consultants keep spitting out as 'security'. It's a load of hogwash. Computer security is about bits and bytes... the better you understand those, the better you'll be

--S.


Ps. I forgot to mention, this process can take a long time -- it helps to have a mentor or someone significantly more skilled than you to guide you.

Loads of useful information there, i am also trying to move into a more security focused job role so thanks for the post

I am thinking of doing the CISSP, can what do you all think about this accreditation ?

I suppose i should try and find time to get back into some programming then, hehe