As the Internet increasingly enters all aspects of people's food, clothing, housing and transportation, network security has gradually become a point of concern to the public. In particular, major Internet companies that rely on the Internet to make their fortunes attach great importance to network security. Therefore, network security defense talents have become more sought-after products for enterprises, such as security service engineers and security operation and maintenance engineers. For these talents, the company is not stingy in salary, and the treatment is extremely generous. Therefore, it is inevitable for various industries to include network security engineers in the daily configuration of enterprises.
This also means that learning network security is very useful for your future employment development or enhancing your own competitiveness in the workplace. But what skills do professional network security engineers need to possess? What knowledge points do I need to learn?
1. Network Security
Network foundation
Network overview
(Industry background + employment direction + curriculum system structure)
Vmware
Overview and application of IP address
DOS commands and batch processing
Windows service security
User Management
Crack system user password
NTFS permissions
file server
DNS service
DHCP service
IIS service
Active Directory
Domain Control Management
Group Policy (1)
Group Policy (2)
security strategy
PKI and certificate services
windows security baseline
Windows server 2003 security configuration baseline
Phase 1 integrated project
Ethernet switching and routing technology
Review windows service
OSI protocol suite
Basic principles and configuration of switches
IP header analysis and static routing
Analyze ARP attacks and spoofing
Virtual Local Area Network VLAN
VTP
One-arm routing and DHCP
Subnetting VLSM
Advanced network technology
review
Layer 3 switching
ACL-1
ACL-2
Network address translation
Dynamic routing protocol RIP
ipsec VPN
VPN remote access
Cyber security baseline
Cisco basic network equipment security configuration baseline
Safety equipment protection
Firewall principle and deployment method
Advanced firewall configuration
IDS
WAF
Phase Integrated Project Two
2. Service security
Linux security operation and maintenance
Linux operating system introduction and installation and directory structure analysis
Basic operation and software installation of Linux system
User and permission management under Linux system
Network configuration and log server establishment emergency thinking
Establish php homepage analysis and homepage access control
Nginx services are established and tomcat load balancing
iptables packet filtering and network address translation
Practical script case
Phase 3 of the integrated project
Three, code security
Front-end code security
HTML language
CSS box model
JS overview and variables
JS data type
JS function
Program flow control
Conditional judgment and equivalent judgment structure
Cyclic structure
JS array
Database security
sqlserver
access
oracle
mysql
Background code security
PHP basics
PHP syntax
PHP flow control and array
Common functions in PHP code audit
PHP operating mysql database
PHP code audit (1)
PHP code audit (two)
Python security application
Getting to know python part 1
Getting to know python part 2
Basic advancement with objects and numbers
List of strings and ancestors
Dictionary conditional loop and standard input and output
Error exception function basics
Advanced applications and modules of functions
Object-oriented programming and composition and derivation
Regular expressions and crawlers
socket socket
Fourth, penetration testing
Introduction to penetration testing
Penetration testing methodology
Laws and ethics
Web working mechanism
HTTP protocol
Cookie 与session
Same Origin Strategy
Intelligence gathering
DNS
DNS resolution
IP query
Host probing and port scanning
Network vulnerability scanning
Web vulnerability scanning
Other tools
Password cracking
Password security threat
Cracking method
windows password cracking
Linux password cracking
Network service password cracking
Online password query website
Common vulnerabilities attack and defense
SQL injection basics
Four basic techniques
Other injection methods
Use of SQLmap
Overview of XSS vulnerabilities
XSS classification
XSS structure
XSS deformation
Shellcode call
XSS clearance challenge
Actual combat: Session hijacking
PHP code execution
OS command execution
Overview of the principle of file upload vulnerability
WebShell overview
The harm of file upload vulnerability
Common vulnerabilities attack and defense
PUT method to upload files
.htaccess attack
Picture Trojan Making
upload-labs upload challenge
Web container parsing vulnerability
Open source editor upload vulnerability
Open source CMS upload vulnerability
File include statements in PHP
File contains examples
Vulnerability principle and characteristics
Null character problem
The file contains the exploit
Business Security Overview
Business security testing process
Business data security
Password recovery security
CSRF
SSRF
Right escalation and post-penetration
Server privilege technology
Tunnel technology
Buffer overflow principle
Metasploit Framework
Preface
urllib2
SQL injection POC to EXP
Custom EXP
Case: Oracle Weblogic CVE2017-10271 RCE
Case: JBoss AS 6.X deserialization
Five, project actual combat
Vulnerability recurrence
Intranet drone combat
Intranet offensive and defensive confrontation
Security Service Specification
Security public test project combat
External network penetration test combat
6. Safety literacy
Introduction to the Cyber Security Industry
Analysis of job responsibilities in cyber security
Cybersecurity Law Cognition
Network security certification
Professional quality
This complete learning book can help you learn network security from zero to one.