What is Internet Security
Network security means that the hardware and software of the network system and the data in the system are protected from being damaged, changed, or leaked due to accidental or malicious reasons, the system runs continuously and reliably, and the network service is not interrupted. It has the characteristics of confidentiality, integrity, availability, controllability, and reviewability.
The definition of a network security engineer
First, let’s take a look at the definition of a network security engineer: it refers to working in accordance with the information security management system and standards, preventing hacker intrusions, analyzing and preventing them, and setting up firewalls and anti-viruses through the use of various security products and technologies. , IDS, PKI, offensive and defensive technologies, etc. At the same time, personnel who carry out security system construction and security technology planning, daily maintenance management, information security inspection and audit system account management and system log inspection.
From this definition, we can clearly see the skills needed to work in network security. These knowledge and skills cannot be cultivated overnight. It should be noted that computer knowledge is closely related to network security. The basic computer knowledge learned in school is the cornerstone of advanced network security learning, because network security engineers are one of the many branches of network security. The foundation is laid firmly, so that later in the study or application, you can switch freely among the many branches of network security. Therefore, first of all, we must combat the mentality of eagerness for success, abandon those books or tutorials that advertise "treasures", "tricks", and "XX days from entry to mastery", and systematically study every theory and skill in a down-to-earth manner. right way.
Network security industry classification and skill requirements
According to different security specifications, application scenarios, technical implementations, etc., security can be classified in many ways. Here we simply divide it into network security, web security, cloud security, mobile security (mobile phone), and desktop security. (computer), host security (server), industrial control security, wireless security, data security and other fields. The following will focus on the security directions of network/web/cloud based on the industry and focus of the individual.
① Network Security
[Network security] is the most classic and basic field in the security industry, and it is also the field where domestic security companies make their fortunes, such as Venustech, NSFOCUS, and Tianrongxin (the "big three"). The technical scope of research in this field mainly revolves around firewall/NGFW/UTM, gatekeeper, intrusion detection/defense, VPN gateway (IPsec/SSL), anti-DDOS, Internet behavior management, load balancing/application delivery, traffic analysis, vulnerability scanning, etc. Through the above network security products and technologies, we can design and provide a safe and reliable network architecture to protect the network infrastructure of government/state-owned enterprises, Internet, banks, hospitals, schools and other industries.
Large security projects (fat meat...) are mainly concentrated in the government affairs network/tax network/social security network/electricity network that meet the needs of the government/state-owned enterprises, and the telecommunications network/city area network that meets the needs of operators (mobile/telecom/China Unicom), and banks The financial network based on the Internet, the data center network based on the needs of Internet companies, etc. The above-mentioned networks carry the core infrastructure and sensitive data of citizens. Once leaked or illegally invaded, the scope of influence is not just a matter of a company/company/organization, such as government or military confidential data, national social security identities Information, backbone network infrastructure, financial transaction account information, etc.
Of course, in addition to the above, there are other enterprise networks and education networks that also require a large number of security products and services. Network security projects are generally provided by network security companies, system integrators, network and security agents, IT service providers and other technical units with nationally recognized computer system integration qualifications, security and other industry qualifications.
[Skill Requirements]
Network protocol: TCP/IP, VLAN/Trunk/MSTP/VRRP/QoS/802.1x, OSPF/BGP/MPLS/IPv6, SDN/Vxlan/Openflow…
Mainstream network and security equipment deployment: Cisco/Huawei/H3C/Ruijie/Juniper/Fortinet, router/switch, firewall, IDS/IPS, VPN, AC/AD…
Network security architecture and design: enterprise network/telecom network/government network/education network/data center network design and deployment...
Information security and other protection standards, gold land/golden tax projects... …
[Supplementary explanation]
Don't be distracted by the rhythm of movies and news. There are many security engineers fighting in this field. They are not called security engineers who attack others and write attack codes and viruses every day;
In addition to defense (defense) and security (security), the research content of this security field includes related Hacking (attack) technologies including protocol security (arp man-in-the-middle attack, dhcp flooding spoofing, STP spoofing, DNS hijacking attack, HTTP/VPN weak version or Man-in-the-middle attack...), access security (MAC flooding and spoofing, 802.1x, WiFi brute force cracking...), hardware security (using NSA leak toolkit to attack well-known firewalls, device remote code execution vulnerability getshell, network device weak password cracking...) , Configure security (unsafe protocols are enabled, port services that do not need to be enabled...)...
Learning this security direction does not require much computer programming skills (not the route of R&D but the route of security service engineers), and more needs to master common security network architectures, be able to capture and analyze network protocols and faults, and be able to network and security devices. Familiar with the configuration;
[One by one to help safe learning, all resources are obtained one by one]
② Web Security
From a narrow perspective, the field of web security is a technology that studies [website security]. Compared with the field of [network security], ordinary users can perceive it more intuitively. For example, the website cannot be accessed, the website pages have been maliciously tampered with, the website has been hacked and leaked core data (for example, Sina Weibo or Taobao user account leaks, this will cause panic and successively change passwords, etc.). Of course, in a large security project, web security is only a branch, and it needs to complement [network security], but web security focuses on upper-layer applications and data, and network security focuses on underlying network security.
With the rapid development of Web technology, from the original [Isn't the Web just a few static web pages? ] Up to the present [Web is the Internet], more and more services and applications are directly based on Web applications, not just a corporate website or forum. Today, almost all applications that can be connected to the Internet, such as social networking, e-commerce, games, online banking, email, OA, etc., can be directly provided based on Web technology.
As the significance of the Web is increasing, attack methods and defense technologies corresponding to Web security emerge in endlessly, such as WAF (Web Firewall), Web vulnerability scanning, web page anti-tampering, website intrusion prevention, etc. More subdivided vertical Web security Products also appeared.
[Skill requirements] There are also too many skill points for web security, because it is necessary to engage in web security, which means that beginners must have some understanding of web development technology, such as being able to create a web site through front-end and back-end technologies, for example, To engage in [network security], one must first understand how to build a network. Then, Web technology involves the following:
Communication protocol: TCP, HTTP, HTTPs
Operating system: Linux, Windows
Service setup: Apache, Nginx, LAMP, LNMP, MVC architecture
Database: MySQL, SQL Server, Oracle
Programming language: front-end language (HTML/CSS/JavaScript), back-end language (PHP/Java/ASP/Python)
③ Terminal security (mobile security/desktop security)
Mobile security mainly studies the security of mobile terminal products such as mobile phones, tablets, and smart hardware, such as iOS and Android security. The "jailbreak" we often refer to is actually the category of mobile security. And the Windows computer worm virus that broke out in the world recently-"WannerCry ransomware virus", or the longer-term "Panda Burning Incense" is the category of desktop security.
The technical aspects of desktop security and mobile security research are both in the field of terminal security. To put it simply, one studies computers and the other studies mobile phones. As our work and life migrate from the PC side to the mobile side, terminal security also migrates from desktop security to mobile security. The most familiar terminal security products are 360, Tencent, Kingsoft Internet Security, Rising, Symantec, McAfee, Norton and other family barrels...
From a business point of view, terminal security (mobile security plus desktop security) is a to C business, which is more oriented to end individuals and users; while network security, web security, and cloud security are more of a to B business. For government and enterprise units. For example: 360 is a typical company that extends from to C security business to to B security business. For example, 360 Enterprise Security provides security products and services for government and enterprise units, while the familiar 360 security guard and antivirus are mainly For individual users.
④ Cloud Security
[Cloud Security] is another security field based on cloud computing technology. Cloud security research topics include: software-defined security, hyper-converged security, virtualization security, machine learning + big data + security... At present, based on cloud computing There are already a lot of security products launched, covering the original network security, web security, mobile security and other directions, including cloud firewall, cloud anti-DDOS, cloud scan, cloud desktop, etc. Domestic Tencent Cloud and Alibaba Cloud have already established relative Mature commercial solutions emerge.
In terms of product form and commercial delivery, cloud security has realized the transformation of security from hardware to software to cloud, which greatly reduces the threshold for traditional small and medium-sized enterprises to use security products. In the past, a security project cost millions of dollars, but based on cloud security, it realizes Realize the real flexible purchase on demand, greatly reducing the purchase cost. In addition, security in the cloud era has also brought more challenges and changes to the norms and implementation of the original industry. For example, how to distinguish the security construction responsibilities and boundaries of cloud service providers and customers for commercial services hosted on the cloud? How to conduct information security and other protection assessments for cloud security projects?