In fact, everyone knows the prospect of network security, but it is still interesting to enter the industry to a large extent.
The saying "interest is the best teacher" is not general, but the person who captures and protects children's interests is more important. As a learner, the mind is often fleeting and unstable. Only when an interest can be stabilized and turned into a great motivation to understand a certain field, can the interest have the real meaning as a starting point.
People who are confused and at a loss can read it carefully to solve their doubts. If you want to get started with zero-based network security in 30 days, you must figure it out.
1. Misunderstandings easily caused by learning network security
1. Taking programming as a purpose, ignoring its tool function
I said it a long time ago: Don't hold the mentality of "using programming as the purpose, and then start learning network security".
Due to the particularity of the network security industry, it takes too long to learn programming with zero foundation, which will lead to not many key things available after the transition to security. A programmer is a programmer, and a network security engineer is a network security engineer, and they cannot be confused . If you pay too much attention to language in learning network security, then you are putting the cart before the horse. In the network security industry, the importance of understanding and analyzing the principles of security issues is far greater than learning language.
In the process of learning network security, you must learn with a purpose, and make up for what you don't know, so as to achieve a more precise learning purpose.
2. Too much study, no plan
Of course, learning network security requires steady and steady progress. Many people know this, but when they really start learning, they try too hard and want to learn everything, which leads to gulping. In self-study, it is not recommended to study in a large area, but to find a positioning and precise learning direction, otherwise it is easy to give up halfway.
2. Basic preparation and conditions for learning network security
1. Language knowledge
The scope of network security is very wide, and the specific language to learn depends on your own direction. If you choose the direction of web security, you need to learn php, jsp, javascipt, etc. If you choose the direction of binary, you need to learn assembly, C, C++, etc., but there is a language that is common in the security field, and that is Python, because many times you need to use Python to quickly implement prototypes .
2. Basic English and professional terms
The inventor of the computer originated from the West, so the computer language is basically English, and some related tutorials are originally in English, and some related professional terms will be used. Therefore, learning network security requires a certain amount of English and hacker professional terms. In this way, there will be no "communication barriers" when exchanging technologies with other colleagues.
Some beginners still don't know what "broiler" means. Can this understand the technical exchange post?
3. Introductory learning route
Click to collect the high-definition expandable mind map
The first stage: getting started with basic operations and learning basic knowledge
The first step to getting started is to learn some current mainstream security tool courses and supporting books on basic principles. Generally speaking, this process takes about 1 month.
At this stage, you already have a basic understanding of cybersecurity. If you have finished the first step, I believe you have theoretically understood the above is sql injection, what is xss attack, and you have also mastered the basic operations of security tools such as burp, msf, and cs. The most important thing at this time is to start laying the foundation!
The so-called "foundation" is actually a systematic study of basic computer knowledge. If you want to learn network security well, you must first have 5 basic knowledge modules:
1. Operating system
2. Protocol/Network
3. Database
4. Development language
5. Principles of Common Vulnerabilities
What is the use of learning these basics?
The level of knowledge in various fields of computer determines the upper limit of your penetration level.
[1] For example: if you have a high level of programming, you will be better than others in code auditing, and the exploit tools you write will be easier to use than others;
[2] For example: if you have a high level of database knowledge, then when you are conducting SQL injection attacks, you can write more and better SQL injection statements, which can bypass WAF that others cannot bypass;
[3] For example: if your network level is high, then you can understand the network structure of the target more easily than others when you infiltrate the internal network. You can get a network topology to know where you are, and get a router configuration file to know what routes they have made;
【4】For another example, if your operating system is good, your privilege will be enhanced, your information collection efficiency will be higher, and you can efficiently filter out the information you want.
The second stage: practical operation
1. Mining SRC
The purpose of digging SRC is mainly to put the skills into practice. The biggest illusion of learning network security is to feel that you know everything, but when it comes to digging holes, you can’t do anything. SRC is a very good opportunity to apply skills.
2. Learn from technical sharing posts (vulnerability mining type)
Watch and learn all the 0day mining posts in the past ten years, and then build an environment to reproduce the loopholes, think and learn the author's digging thinking, and cultivate your own penetrating thinking
3. Range practice
Build a shooting range by yourself or go to a free shooting range website to practice. If you have the conditions, you can buy it or apply to a reliable training institution. Generally, there are supporting shooting range exercises.
Phase 3: Participate in CTF competitions or HVV operations
Recommended: CTF competition
CTF has three points:
【1】A chance close to actual combat. Now the network security law is very strict, unlike before, everyone can mess around
[2] Topics keep up with the frontiers of technology, but many books lag behind
【3】If you are a college student, it will be very helpful for finding a job in the future
If you want to play a CTF competition, go directly to the competition questions, if you don’t understand the competition questions, go to the information according to what you don’t understand
Recommended: HVV (network protection)
HVV has four points:
[1] It can also greatly exercise you and improve your own skills. It is best to participate in the HVV action held every year
【2】Be able to meet many bigwigs in the circle and expand your network
【3】The salary of HVV is also very high, so you can earn a lot of money if you participate
[4] Like the CTF competition, if you are a college student, it will also be very helpful for finding a job in the future
4. Clarify the goal and position the future direction
When learning network security, it is extremely important to have a clear goal, because there are many positions and different directions. Some people just want to play CTF competitions, while others want to find good jobs. Traditional security positions in network security include: security product engineer, security consultant, penetration test engineer, security development engineer, security operation and maintenance engineer, emergency response engineer, level protection assessor, and this does not include other niche positions. The goals are different, and the routes and plans are naturally different.
Talk about the disadvantages of self-study network security
Many novices who are interested in network security, or IT practitioners with certain experience, choose to study by themselves for a period of time at the beginning, but without exception, they all give up self-study in the end and choose network security training institutions.
So why? The reason is that there are too many shortcomings in network security self-study, which is not as effective as network security training institutions.
There are three major characteristics of the Internet industry: many professional subdivisions, strong technical skills, and strong practicality. Network security is not suitable for talking on paper, self-study is futile. Of course, strong self-discipline and high talent are another matter.
Disadvantages of self-study cyber security:
1. It is difficult to get in touch with the real network confrontation environment for practical operations, let alone telecom-grade products and equipment;
2. The knowledge learned is one-sided, there is no professional tutorial to support the enterprise, and I am still confused about employment.
3. There is no guidance in places that I don’t understand, and too many details are missed.
4. There is no good atmosphere to grow together.
So in the end, I suggest that if you want to learn network security, you must not blindly study by yourself. If you just want to get a simple introduction to network security, self-study is no problem. If you want to study in depth, it is recommended to choose a good network security training institution.
To master the methods and skills, you can get started with zero foundation and understand some network security knowledge in 30 days, but if you want to learn in depth, it is recommended to find a good training institution. In addition, the network security industry requires continuous study and accumulation of experience over the years. That's the most important thing.
Finally, I also sorted out some of the materials I learned when I was studying. Most of them are very good. Friends who don’t want to spend time looking for other materials can take a look. I have sorted and packed them all.
This full version of online security learning materials has been uploaded. If you need it, you can scan the QR code of the CSDN official certification below on WeChat or click the link to get it for free [guaranteed 100% free]
https://mp.weixin.qq.com/s/rB52cfWsdBq57z1eaftQaQ