01 What is Network Security
Network security can be classified based on the perspective of attack and defense. The "red team" and " penetration testing " we often hear are research on attack technology, while the "blue team", "security operation" and " security operation and maintenance " are research on defense technology.
Regardless of the field of network, web, mobile, desktop, cloud, etc., there are two sides of attack and defense. For example, web security technology includes both web penetration and web defense technology (WAF). As a qualified network security engineer , you should be both offensive and defensive. After all, you can win every battle if you know yourself and the enemy.
02 How to plan network security
If you are a newcomer in the security industry, I suggest that you start with network security or web security/penetration testing.
It is worth mentioning that, to learn network security, it is the network first and then the security; to learn web security, it is also the web first and then the security.
Security does not exist independently, but is an upper-layer application technology based on other technologies. Breaking away from this foundation, it is easy to become a theory on paper, and become " knowing what it is, not knowing why it is ", and it is difficult to go far on a safe career path.
If you are originally engaged in network operation and maintenance, you can choose the direction of getting started in network security; if you are originally engaged in program development, it is recommended to choose the direction of getting started in web security/penetration testing. Of course, after learning a certain degree or having a certain work experience, the technical coupling in different directions will become higher and higher, and you need to know a little bit in each direction.
According to the network security skills table above, it is not difficult to see that there are still many technologies that network security needs to be exposed to. Common skills need to be learned: peripheral management capabilities, phishing remote control capabilities, domain penetration capabilities, traffic analysis capabilities, vulnerability mining capabilities, code auditing ability etc.
Contains:
①Network security learning route
②20 penetration testing e-books
③357-page security attack and defense
notes ④50 security attack and defense
interview guides ⑤Security red team penetration toolkit
⑥Network security essential books
⑦100 actual vulnerability cases
⑧Internal video resources of major security companies
⑨Analysis of past CTF capture the flag questions
03There is a lot of network security knowledge, how to arrange it scientifically and reasonably?
1. Basic stage
★Network Security Law of the People's Republic of China (including 18 knowledge points)
★Linux operating system (including 16 knowledge points)
★ Computer network (including 12 knowledge points)
★SHELL (including 14 knowledge points)
★HTML/CSS (including 44 knowledge points)
★JavaScript (including 41 knowledge points)
★Introduction to PHP (including 12 knowledge points)
★MySQL database (including 30 knowledge points)
★Python (including 18 knowledge points)
——————— ————————
The first step to getting started is to systematically learn basic computer knowledge, that is, to learn the following basic knowledge modules: operating system, protocol/network, database, development language, and common vulnerability principles. After the previous basic knowledge is learned, it is time to practice.
Because of the popularization of the Internet and informatization, the website system has more external businesses, and the level of programmers is uneven and the configuration of operation and maintenance personnel, so there is more content to be mastered.
2. Penetration stage
■ Penetration and defense of SQL injection (including 36 knowledge points)
■ XSS related penetration and defense (including 12 knowledge points)
■ Upload verification penetration and defense (including 16 knowledge points)
■|The file contains penetration and defense (including 12 knowledge points) knowledge points)
CSRF penetration and defense (including 7 knowledge points)
SSRF penetration and defense (6 knowledge points)
XXE penetration and defense (5 knowledge points)
remote code execution penetration and defense (7 knowledge points) knowledge points)
■… (contains… knowledge points)
————————————————
Master the principles, usage and defense of common vulnerabilities. In the web penetration stage, you still need to master some necessary tools.
The main tools and platforms to master: burp, AWVS, Appscan, Nessus, sqlmap, nmap, shodan, fofa , proxy tools ssrs, hydra, medusa, airspoof, etc. The practice of the above tools can be practiced with the above open source shooting range, which is enough up;
3. Safety management (enhancement)
★ Penetration report writing (including 21 knowledge points)
★ Level protection 2.0 (including 50 knowledge points)
★ Emergency response (including 5 knowledge points)
★ Code audit (including 8 knowledge points)
★ Risk assessment (including 11 knowledge points) points)
★Security inspection (including 12 knowledge points)
★Data security (including 25 knowledge points)
—————————————————
It mainly includes the preparation of penetration reports, grading of network security level protection, emergency response, code audit, risk assessment, security inspection, data security, compilation of laws and regulations, etc.
This stage is mainly for those who have been engaged in network security-related work and need to be promoted to management positions. If you only study to participate in engineering positions, you can learn or not at this stage.
4. Ascension stage (ascension)
■ Cryptography (including 34 knowledge points)
■Introduction to JavaSE (including 92 knowledge points)
■C language (including 140 knowledge points)
■C++ language (including 181 knowledge points)
■Windows reverse engineering (including 46 knowledge points)
■CTF capture the flag (contains 36 knowledge points)
■Android reverse engineering (contains 40 knowledge points)
—————————————————
Mainly including cryptography, JavaSE, C language, C++, Windows reverse, CTF capture the flag, Android reverse, etc.
It is mainly aimed at the knowledge that needs to be improved to improve the advanced security architecture after already engaged in network security related work.
epilogue
The advice to my friends is to think clearly that there is no shortcut to self-study network security. In comparison, systematic network security is the most cost-effective way, because it can save you a lot of time and energy costs. The advice for self-taught friends is to persevere. Now that you have come to this road, although the future seems to be difficult, as long as you grit your teeth and persevere, you will eventually get the effect you want.
Finally
, I compiled some information and content about network security, hoping to help everyone understand and learn network security. If you need these materials, you can leave a message in the comment area, and I will reply as soon as possible. At the same time, everyone is welcome to share their views and experiences to jointly promote the development of cybersecurity.
1. Zero-basic introduction to network security
For students who have never been exposed to network security, I have prepared a detailed learning and growth roadmap for you. It can be said that it is the most scientific and systematic learning route, and it is no problem for everyone to follow this general direction.
At the same time, the sections corresponding to each growth route have supporting tutorial notes source code provided:
2. Network Security Video Tutorial
Many friends don’t like obscure text, so I have also prepared a video tutorial for you. There are 21 chapters in total, and each chapter is the essence of the current section.
3. SRC Documentation & Hacking Technology Books The
SRC Documentation & Hacking Technology Books that everyone likes and cares about most are also included
4. Information on network protection operations
Among them, the corresponding information about the HW net protection operation has also been prepared, which can be equivalent to the gold finger of the competition!
