Getting Started in Network Security?

pixelgeek asks: "Security has not only become an important topic but also a critical issue for admins and even the average user in their home. To someone new to the topic the wealth of material can be a bit daunting and, you can imagine, a little confusing. Does anyone have any suggestions on where to start getting a handle on the concept of network/computer security and what are the most important and useful applications (CLI primarily) that a person should examine and learn?" We've touched on these issues before, but it was a while ago. Taking a network security class, could help, but which classes are really worth the money and might there be enough information on the web to make such a choice, unnecessary?

Its not an easy job

[rxed]

In security you have to have a well rounded education and experience simply because the job demands it. A good start would be probably 5 years in network administration with large user group enviroments, fluent programming skills (java, c, c++, perl), some experience in web server farm administration etc. I don't know any security or computer fornesic who worked for our company who is under 35 yo.

Re:Its not an easy job

[MoreBeer]

Agreed. We try to 'greenhorn' in good network admins/engineers. Start them off in basic fw administration, show them the ropes of the IDS (Snort!), and teach them why it's important to ride their former coworkers like zorro to ensure thier stuff is up to date patchwise.

The basic fact of the matter is, Network Security _requires_ a seasoned network admin/engineer/programmer who has the potential to analyze systems on all levels of the OSI model (when analyzing a production payroll server - is it plugged into a hub all the way up to transmitting passwords in cleartext or non-aged accounts?). I'd say it's damn near impossible for a hair stylist to come into a company as a Network Security Administrator, but a hungry NT admin or Network Engineer has great potential.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Nasty Catch-22

[acceleriter]

The corporate/law enforcement security community is fairly tight-knit, and suspicious of newcomers. Attempting to "break in" (no pun intended) to that community will be met with suspicion.

And, interestingly, getting a job in network security requires a knowledge of network security, but having knowledge of network security without previous employment in the field can make you suspect.

Worst of all is to admit knowledge of security in a corporate environment by pointing out flaws--then you're an easy mark for those "in charge" of security, whom you've made look bad. Like a bad "in Soviet Russia" joke, security problem report you.

Fortunately, I haven't learned any of this by experience, only by obeservation.

Re:Oh, what the fuck

[Kadin2048]

The Coward does have one good point--just keeping your system up to date can do wonders for network security. And turning on the built-in security options in your home network (especially wireless) will make a big difference. It won't keep out a determined individual, but it will make your average script kiddie move on to the next joe on your street.

Everything depends on what your security concerns are. The expertise needed to secure a small home LAN against high-schoolers with too much free time is a lot different then the experience needed to secure a gigantic corporate WAN against determined crackers, and the training you need to do one is nothing like what you need to do the other.

Computer Security

[friscolr]

Secrets and Lies, by Bruce Schneier, will give you a good overview of computer security (other books exist for this general overview too,but ihappen to have just finished this one). From there you can delve into more in depth overviews or specific topics.

More in depth overviews:
any CISSP/GISC/Security+ certification book (plus, after reading it go get certified!).

Topic Specific:
Firewalls (contrary to what others may tell you, there is more to security than firewalls). Some good books: the O'Reilly Firewall book, Building Linux and OpenBSD Firewalls (a bit dated but still on topic).
Do a search for all O'Reilly books with 'security' in the title/description, flip through it, decide if it suits your need (e.g. Web Security, Computer Security Basics, OpenSSL security, etc).

Learning the topic *really*well* is very important - e.g. really understand TCP/IP (something beyond "i plug in the cable, run dhclient, and i get internet!") andlook at it with an eye for security. Same goes for web server, general sysadmin tasks, programming, etc.

Remember: security is a process. and a moving target. and impossible to fix %100 but try anyways.

Experience is essential too. Get yourself an experimental network and try attacks, network sniffing, securing, MiTM'ing, getting around firewalls, DoS'ing, snort'ing, arpspoofing, etc. Once you've run some attacks then you'll have a working idea of what is going on and will hopefully be able to see when a line of thought would lead you in the same direction in setting up your network. Plus it helps to know you could set up a quick demo to show how easy it is to sniff someone's password, even on a switched network.

Become a keen observer of people. The users are your number one enemy in terms of security. They'll give their password away to anyone, try to thwart your attempts to secure the network, print out and take confidential docs to the cafe, etc. Not on purpose, but b/c their priority is getting work done. Understand them so as to best work with them.

And there's a whole lot more, but most importantly remember that security requires a very robust approach. Not just a firewall, not just encrypting everything, not just checking all code, but a well thought out approach that is followed, revised, updated, explained to all employees, etc etc

Re:Teach yourself iptables

[delta407]

Set up your own Linux firewall with iptables and create your own rules.<sigh>

Network security is slightly more complicated than simply using iptables. Packet filtering is important, but recognizing possibile vulnerabilities in exposed services is also important. (For instance, did you know that -- by default -- most SSHDs allow any authenticated users to establish TCP connections to arbitrary remote machines? This can easily let users, regardless of how much you trust them, punch holes through your firewall.)

Furthermore, another large part of network security is network design. I've seen networks that have two or three DMZs, each guarded by independent machines with different configuartions: authentication systems, CPU architecture, and operating system (i.e. one OpenBSD, one Solaris, one <ack> Windows).

Continuing, most good network security folks can work on either side of the line between attacker and defender. Network security can only be built when you have learned to think like an attacker. (If I expose this port, what can that reveal about my configuration? What happens if this particular protection fails? What could happen if there was a root exploit on server 834?)

Sadly, there are many "security experts" that agree with you.

Re:Teach yourself iptables

[SpaceLifeForm]

I would never suggest only *one* tool.
But that is besides the point. Learning iptables is much more *fundamental* than user-land tools. When you understand what is going on at the packet level, then, and only then, does it make sense to deploy higher-level tools. If you don't have your firewall properly configured, you are going to be looking at all kinds of crap with other tools, which may lead to confusion and mis-configuration problems, actually opening up your network to security exploits.

Re:Need solid networking background first

[Phroggy]

"Can you teach me how to hack?"
"Do you know what IP subnetting is?"
"Uhh, no. I don't care about that, I just want to break into people's computers!"
"Go away."

I hear this all the time, and it probably applies to the other side of the fence as well. Learn how stuff works and the theory behind it. If you don't know the difference between TCP and UDP, don't try to learn how to do system administration and network security - learn how networking works first. Learn the protocols. If you don't know how to check your POP3 e-mail and retrieve a web page with nothing more than a telnet client, learn how to do that and more. Then you can decide whether security is even where you want to go, or if another path presents itself.