How many years can the dividends of network security last?

News 2023-06-11 20:10:01 views: null

In my opinion, this is a false proposition, because the core and essence of network security is continuous confrontation. As long as threats persist, the dividends of network security will continue to exist!

For students who are new to the network security industry, this is the worst era, because you can only reproduce the loopholes in those big names and textbooks by setting up your own environment.

At the same time, for students who are new to the network security industry, this is the best time, because the country's cyberspace power policy is blowing up, and there are many more job opportunities than 10 years ago.

No longer have to worry about whether to do illegal work to make money and worry about being caught. Study hard, a position with an annual salary of one million is waiting for you, and earn money standing up.

The above words may seem a bit fake, big, and empty, so let me tell you something practical, hoping to help you:

Into the title

First of all, before we are ready to enter this industry, we have to ask our hearts, why do we want to enter this industry if we have thousands of jobs?

I believe that everyone's answer is different. Some people will say that this industry as a whole makes more money than other industries, and some people will say that they like technology and want to study it. Some people will say that this industry is at the forefront, and they will accumulate contacts and start businesses in the future. No matter what your answer is, whether you are for money or technology, we must have an accurate positioning for ourselves, and we must be clear about what results you want to achieve in the next few years. With this goal, we will continue to strive. If you want to make money in this industry without any savings, no industry allows this, let alone the network security industry is still a new industry.

Only when you have a goal can you have the motivation to learn. Next, let's find out what jobs are available in the cyber security industry? Which positions are you suitable for

We do not list emerging technologies, even traditional security positions: security product engineer (or after-sales engineer), security consultant (pre-sales engineer), penetration test engineer, sales, security development engineer, security operation and maintenance engineer, emergency response engineer , Level protection assessor, safety service engineer. In general, there are so many positions, and other niche positions will not be listed one by one.

General job content or responsibilities of security positions

After-sales engineer: after-sales service of safety products, including delivery and implementation of safety products, after-sales support, product debugging and putting on shelves. For example, if a customer buys our firewall, we need to send someone to install and debug it. We can't let the customer install it by himself. This is the main job content of product engineers or after-sales engineers.

Pre-sales engineer: Mainly to assist the sales to complete the documentary. To put it plainly, it is to cooperate with the sales. One will do business relations (eat, drink, give gifts and treat guests) and the other will do technical solutions (solve customers’ pain points). Two people cooperate to win the project .

Penetration test engineer : This position is the dream of most people, and it's time to show your personal skills. It is mainly to simulate hackers to attack the target business system, so stop.

Sales: No more details, I guess you young people don’t care too much, but when you grow up, you will find out how nonsense your previous understanding of sales is.

Security development engineer: Well, if you are engaged in development, you must also understand security. For example, if you develop a web application firewall, you don’t even understand web attacks, so why do you develop it behind closed doors? Can it prevent it?

Security operation and maintenance engineer : An organization has purchased so many security products, and someone must do operation and maintenance, analyze the logs, and update the strategy. Regularly check the security of the business system and check whether there are any threats in the intranet. This is what the security operation and maintenance engineer should do.

Emergency Response Engineer: When a customer's business system is attacked, it is necessary to quickly locate the security problem, quickly restore the business system, and some even need to collect evidence and report to the police. (If the value of something stolen at home is too high, why don’t you call the police? Why are you so worried)

Graded protection assessor: According to the national requirements, important business systems need to be protected according to the security level. At present, the country has released the graded protection 2.0 standard, and the construction should be carried out according to this standard. The job of the graded protection assessor is to assist customers to check whether the business system meets the requirements of graded protection, and rectify immediately if they do not meet the requirements.

Security service engineer: Many companies include penetration test engineers as security service engineers, which is harmless. Waiters who don’t know security services and don’t know how to eat are to help customers do security work. The specific content includes common vulnerability scanning, baseline detection, penetration testing, network architecture sorting, risk assessment and other work content. The scope of security services is very large, covering almost all the above-mentioned positions.

Having said so many positions, kick out sales and development (most teenagers don't care about these two positions), let's divide other positions, in fact, there are three directions: safety product direction, safety operation and data analysis direction, safety Offensive and defensive and emergency direction. In addition to this direction, there is another direction that is not listed - the direction of safety management. Don't worry, young man, you won't be able to use this direction for a while. Which company foolishly asks a newbie to do safety management?

Throughout all industries, there has never been a manager recruited directly from graduates. If so, please remember to contact me, I have several cousins ​​who will graduate from college soon, let them apply for the job.

So here comes the question? Is the learning content of these three directions the same?

It's obviously different, otherwise, what direction should I divide, and I'm full. This is the same as the division of Chinese and science in high school back then. Ask what to divide, because there are too many contents, and different people are good at different points. There are so many learning contents and so little time. Either compress the content or lengthen the time. Closer to home, what skills are needed for these three directions in actual work?

Security product direction: understand products, such as firewall, online behavior management, intrusion detection/protection, gatekeeper, vpn, database audit, bastion machine, anti-denial of service, cloud protection products, antivirus, access, web application firewall, virtualization security products and more.

Security operation and data analysis direction: security service, security evaluation, risk assessment, level protection, ISO 27000, log analysis, threat analysis, SOC operation, etc.

Security attack and defense and emergency direction: web attack and defense, system attack and defense, intranet penetration, emergency response, code audit, mobile apk monitoring, industrial control system security detection, etc.

Continue, let’s write and summarize the common points of these three directions

Security product direction: Products are deployed on the network, so if you want to get started with the product, you must first get started with the network foundation (Cisco, Huawei, and H3C are all available). In one, you need to debug security policies, so you need to understand basic security knowledge and principles , to sum up, getting started with security products requires network foundation + basic attack and defense

Security operation and data analysis direction: It is necessary to operate the business system. It is necessary to know whether the security configuration of important business systems is a service requirement, to understand the operating system (windows, linux), to understand the middleware, and to understand the database. To understand, you need to understand the national policy requirements. Since it is a security threat analysis, you must understand the basic security knowledge and principles, and you can even verify the loopholes. To sum up, the requirements for getting started in the direction of security operation and data analysis: operating system + middleware configuration + database configuration + basic attack and defense

Security attack and defense and emergency direction: Since it is attack and defense, you must understand attack and certain programming language skills. If you want to log in to the system for emergency, you must understand the operating system, middleware, and database. Therefore, in summary, getting started requires operation System + middleware configuration + database + advanced attack and defense

Of course, as a product engineer, do you really need to understand the operating system? Obviously not, most security products in China are developed based on open source linux. As a security attack and defense engineer, don't you need to understand the network? You don’t need to go too deep, you don’t need to understand what ospf, what is the second layer, what is SDN, but you should understand the basic network, otherwise you can’t even understand the IP address, so go find someone.

So here comes the question again, as a freshman, what should I learn first and what am I learning?

Since you have asked so straightforwardly, let me tell you, where do you start with zero foundation?

The first thing to learn is network foundation + operating system + middleware + database. I believe that everyone in the university has basically learned it. For those who have not learned it, you can find some information on the Internet to learn.

Then add a little bit of basic language skills, and suggest php, which is currently more popular.

The next step is to learn the basics of attack and defense. First, learn about stepping, enumeration, and vulnerability scanning, then learn about exploits, web site penetration, Trojan horses, privilege escalation, and lateral penetration, and finally understand clear logs and authority maintenance.

If you are still not clear, then I will share with you a map of network security knowledge system, I hope it will be helpful to you who are just getting started!

If you want to get started with network security through self-study, I suggest you take a closer look at the learning roadmap above. If you still don’t know how to learn, then I will list a text version for you, specific to each knowledge point. How long, how to learn, the total self-study time is about half a year ( there are easter eggs at the end of the article ):

4.1. Concepts related to web security (2 weeks)

  • Familiar with basic concepts (SQL injection, upload, XSS, CSRF, one-sentence Trojan horse, etc.). Google/SecWiki through keywords (SQL injection, upload, XSS, CSRF, one-word Trojan horse, etc.);
  • Read "Mastering Script Hackers", although it is very old and has errors, it is still possible to get started;
  • Watch some infiltration notes/videos to understand the whole process of actual infiltration, you can Google (infiltration notes, infiltration process, intrusion process, etc.);

4.2. Familiar with penetration related tools (3 weeks)

  • Familiar with the use of AWVS, sqlmap, Burp, nessus , chopper, nmap, Appscan and other related tools.
  • To understand the purpose and usage scenarios of such tools, first use the software name Google/SecWiki;
  • Download the backdoor-free versions of these software for installation;
  • Learn and use, specific teaching materials can be searched on SecWiki, for example: Brup's tutorial, sqlmap;
  • Once you have learned these commonly used software, you can install Sonic Start to make a penetration toolbox;

4.3. Infiltration combat operation (5 weeks)

  • Master the entire stages of penetration and be able to independently penetrate small sites. Look for infiltration videos on the Internet to watch and think about the ideas and principles, keywords (infiltration, SQL injection videos, file upload intrusion, database backup, dedecms exploits, etc.);
  • Find a site/build a test environment for testing by yourself, remember to hide yourself;
  • Thinking about penetration is mainly divided into several stages, and what work needs to be done in each stage, such as this: PTES penetration testing execution standards; research on the types of SQL injection, injection principles, and manual injection techniques;
  • Study the principle of file upload, how to truncate, double suffix deception (IIS, PHP), analysis vulnerability exploitation (IIS, Nignix, Apache), etc., refer to: upload attack framework;
  • Study the principles and types of XSS formation, the specific learning method can be Google/SecWiki, you can refer to: XSS;
  • To study the method and specific use of Windows/Linux privilege escalation, please refer to: Privilege Escalation; you can refer to: Open Source Penetration Testing Vulnerable Systems;

4.4. Pay attention to the dynamics of the security circle (1 week)

  • Pay attention to the latest vulnerabilities, security incidents and technical articles in the security circle. Browse daily security technology articles/events through SecWiki;
  • Pay attention to practitioners in the security circle through Weibo/twitter (if you encounter a big cow’s attention or a friend’s decisive attention), take time to check it every day;
  • Subscribe to domestic and foreign security technology blogs through feedly/fresh fruit (not limited to domestic, usually pay more attention to accumulation), if you don't have a feed, you can look at the aggregation column of SecWiki;
  • Cultivate the habit of actively submitting security technical articles to link to SecWiki every day for accumulation;
  • Pay more attention to the latest list of vulnerabilities, and recommend a few: exploit-db, CVE Chinese library, Wooyun, etc., and practice when encountering public vulnerabilities.
  • Follow the topics or videos of domestic and international security conferences, and recommend SecWiki-Conference.

4.5. Familiar with Windows/Kali Linux (3 weeks)

  • Learn Windows/Kali Linux basic commands and common tools;
  • Familiar with common cmd commands under Windows, such as: ipconfig, nslookup, tracert, net, tasklist, taskkill , etc.;
  • Familiar with common commands under Linux, such as: ifconfig, ls, cp, mv, vi, wget, service, sudo, etc.;
  • Familiar with common tools under Kali Linux system, you can refer to SecWiki, "Web Penetration Testing with Kali Linux", "Hacking with Kali", etc.;
  • If you are familiar with the metasploit tool, you can refer to SecWiki, "Metasploit Penetration Testing Guide".

4.6. Server security configuration (3 weeks)

  • Learn server environment configuration, and be able to discover security problems in the configuration through thinking. IIS configuration under Windows2003/2008 environment, pay special attention to configuration security and operation permissions, you can refer to: SecWiki-configuration;
  • The security configuration of LAMP in the Linux environment mainly considers running permissions, cross-directory, folder permissions, etc., you can refer to: SecWiki-Configuration;
  • Remote system reinforcement, restrict user name and password login, and restrict ports through iptables;
  • Configure software Waf to strengthen system security, configure mod_security and other systems on the server, see SecWiki-ModSecurity;
  • The Nessus software is used to perform security detection on the configuration environment and discover unknown security threats.

4.7, script programming learning (4 weeks)

  • Choose one of the scripting languages ​​Perl/Python/PHP/Go/Java to learn programming of commonly used libraries. Build a development environment and choose an IDE. The PHP environment recommends Wamp and XAMPP. The IDE strongly recommends Sublime. Some Sublime skills: SecWiki-Sublime;
  • Python programming learning, learning content includes: grammar, regularization, files, network, multi-threading and other common libraries, recommend "Python Core Programming", don't read it;
  • Write the exploit of the vulnerability in Python, and then write a simple web crawler, see SecWiki-crawler, video;
  • Learn PHP basic grammar and write a simple blog system , see "PHP and MySQL Programming (4th Edition)", video;
  • Familiar with the MVC architecture, and try to learn a PHP framework or Python framework (optional);
  • To understand the layout or CSS of Bootstrap, you can refer to: SecWiki-Bootstrap;

4.8. Source code audit and vulnerability analysis (3 weeks)

  • It can independently analyze script source code programs and find security problems. Familiar with the dynamic and static methods of source code audit, and know how to analyze the program, see SecWiki-Audit;
  • Find and analyze the vulnerabilities of open source programs from Wooyun and try to analyze them yourself;
  • Understand the causes of Web vulnerabilities, and then search and analyze them through keywords, see SecWiki-Code Auditing, Advanced PHP Application Vulnerability Auditing Technology;
  • Study the formation principles of web vulnerabilities and how to avoid such vulnerabilities from the source code level, and organize them into a checklist.

4.9. Security system design and development (5 weeks)

  • Be able to build your own security system and put forward some security suggestions or system architecture. Develop some practical security gadgets and open source to reflect personal strength;
  • Establish your own security system and have your own understanding and opinions on company security;
  • Propose or join the architecture or development of large security systems;
  • Watch yourself develop~

V. Summary

The above are my personal suggestions for friends who are new to network security!

One last point needs to be clarified:

The technologies in different directions listed above are not strictly independent. On the contrary, they often complement each other and need to be combined and integrated.

Everyone's perception is limited, and I am no exception. The answer in this article is just my family’s opinion. I suggest that you read more people’s summaries and experiences, and compare them horizontally.

If you want to enter the field of network security through self-study, I can share with you these tutorials that I have compiled and collected. There are not only web security, but also penetration testing and other content, including e-books, interview questions, pdf documents, and videos. As well as related courseware notes, I have read most of them, and I feel pretty good. If you need it, you can like and bookmark this article , and then pay attention to the comment area or private message on Houtai to get it.

If you find it helpful, you can help me like it and bookmark it. If the writing is wrong or unclear, you are welcome to point it out in the comment area, thank you!

Guess you like

Origin blog.csdn.net/2301_77157449/article/details/130902386
Recommended
Ranking
error: (-215:Assertion failed) !_img.empty() in function ‘cv::imwrite‘
Database migration between Navicat servers
Minimum number of rotation of the array: Array
balenaEtcher for mac (make a boot disk software) v1.5.67
Custom processing serialization and deserialization in jackson
Mu-en-mask system development software
Mastering Regular Expressions
Find mileage Java--
Web pages can not directly concern the public micro-channel number how to do? A key to arouse public concern number of micro-channel solutions
[CodeForces - 739B] Alyona and a tree Tree + [difference] + bipartite
Daily
More
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)

Code World

© 2018 codetd.com