1. Basic knowledge of network security
1. Basic computer knowledge
Knowing the basic knowledge of computer hardware, software, operating system and network structure can help you better understand the concept and technology of network security.
2. Network basics
Understanding the structure, protocols, services and security issues of the network can help you better solve the principles and technologies of network security.
3. Security Basics
Understanding security concepts, principles, intimidation and attack methods can help you better understand the meaning and necessity of network security.
2. Network Security Technology
1. Network security protection technology
Network security defense technology refers to the technology to protect the network from attacks and intrusions, including defensive firewalls, intrusion detection and prevention systems, anti-virus software patching, and loopholes.
2. Network security attack technology
Network security attack technology refers to the technology of using loopholes, loopholes and defects to attack and intrude the network, including Trojan horses, silkworms, poisons, and DoS.
3. Network Security Penetration Testing Technology
Network security penetrating technology refers to a powerful and effective technology that simulates the behavior of attackers and tests network security protection measures, including information collection, deletion, disclosure, privilege escalation, and data leakage.
3. Network Security Tools
1. Network security protection tools
Network security protection tools refer to software and hardware devices used to protect network security, including firewalls, IDS/IPS, anti-virus software, etc.
2. Network security attack tools
Network security attack tools refer to software and hardware devices used for network attacks and access, including Nmap, Metasploit, Aircrack-ng, etc.
3. Network Security Penetration Tools
Network security penetrating tools are software and hardware devices used to test guidelines for network security protection implementation, including Nessus, Burp Suite, Kali Linux, etc.
4. Network Security Implementation
1. Network security policy formulation
2. Network security incident response
3. Network security training and publicity
5. Future development trend of network security
1. Application of artificial intelligence and machine learning in network security
2. The development and application of cloud security. With the popularization and application of cloud computing technology, cloud security will become one of the important areas of network security, which requires continuous development and innovation.
3. Application of blockchain technology in network security
Network security is a popular career field, and with the continuous improvement of information technology, network security is becoming more and more important. Penetration engineers, security operation and maintenance engineers, etc. For those who want to enter the field of network security, they need to have solid computer foundation and security knowledge, and also need to continuously learn and master the latest technologies and tools.
1. There are many jobs and a wide range of development directions
①Employment environment: Network security can be engaged in related work in the fields of computer science and technology, information communication, e-commerce, Internet finance, e-government affairs, etc., and can also work in government agencies, institutions, banks, insurance, securities and other financial institutions, telecommunications, media and other related industries.
②Employment positions: network security engineer, penetration test engineer, code audit engineer, level protection engineer, security operation and maintenance engineer, security operation engineer, security service engineer, etc.
2. Competitive salary
As an emerging industry, the market demand for network security talents is far greater than the supply. If companies want to really recruit talents, they must have sufficient competitive advantages in salary and benefits. Therefore, salaries in the field of network security have also shown a steady growth trend in recent years.
3. Large space for career development
From the perspective of the main content of network security major learning, it includes Linux operation and maintenance, Python development, penetration testing, code auditing, level protection, emergency response, risk assessment, etc. It can be seen that the network security major is highly technical and has distinctive professional characteristics. It is one of the engineering majors that can learn real technology.
Therefore, in terms of career development, in addition to the large number of jobs, the network security major will be in the core position of the technical backbone in the workplace due to its strong professional and technical nature, and there is a lot of room for career development.
4. Great career value-added potential
The network security major has strong technical characteristics, especially mastering the core network architecture and security technology in the work, which has an irreplaceable competitive advantage in career development.
With the continuous improvement of personal ability, the professional value of the work will also increase with the enrichment of one's own experience and the maturity of project operation, and the appreciation space is bullish all the way, which is the main reason why it is popular with everyone.
To some extent, in the field of network security, just like the doctor profession, the older you are, the more popular you become. Because the technology becomes more mature, the work will naturally be valued, and promotion and salary increase are a matter of course .
6. Frequently Asked Questions about Network Security
1. Virus and malware protection
2. Network password security issues
3. Social engineering attack
4. Phishing Attacks
7. Network security learning route
If the picture is too large and can't be seen clearly due to the compression of the platform, please remember to pay attention. After paying attention, the background will automatically send it to everyone!
The first stage: getting started with basic operations and learning basic knowledge
The first step to getting started is to learn some current mainstream security tool courses and supporting books on basic principles. Generally speaking, this process takes about 1 month.
At this stage, you already have a basic understanding of cybersecurity. If you have finished the first step, I believe you have theoretically understood the above is sql injection, what is xss attack, and you have also mastered the basic operations of security tools such as burp, msf, and cs. The most important thing at this time is to start laying the foundation!
The so-called "foundation" is actually a systematic study of basic computer knowledge. If you want to learn network security well, you must first have 5 basic knowledge modules:
1. Operating system
2. Protocol/Network
3. Database
4. Development language
5. Principles of Common Vulnerabilities
What is the use of learning these basics?
The level of knowledge in various fields of computer determines the upper limit of your penetration level.
[1] For example: if you have a high level of programming, you will be better than others in code auditing, and the exploit tools you write will be easier to use than others;
[2] For example: if you have a high level of database knowledge, then when you are conducting SQL injection attacks, you can write more and better SQL injection statements, which can bypass WAF that others cannot bypass;
【3】For example: if your network level is high, then you can understand the network structure of the target more easily than others when you infiltrate the internal network. You can get a network topology to know where you are, and get the configuration of a router. file, you will know what routes they have made;
【4】For another example, if your operating system is good, your privilege will be enhanced, your information collection efficiency will be higher, and you can efficiently filter out the information you want.
The second stage: practical operation
1. Mining SRC
The purpose of digging SRC is mainly to put the skills into practice. The biggest illusion of learning network security is to feel that you know everything, but when it comes to digging holes, you can’t do anything. SRC is a very good opportunity to apply skills.
2. Learn from technical sharing posts (vulnerability mining type)
Watch and study all the 0day mining posts in the past ten years, and then build an environment to reproduce the loopholes, think and learn the author's digging thinking, and cultivate your own penetrating thinking
3. Range practice
Build a shooting range by yourself or go to a free shooting range website to practice. If you have the conditions, you can buy it or apply to a reliable training institution. Generally, there are supporting shooting range exercises.
Phase 3: Participate in CTF competitions or HVV operations
Recommended: CTF Competition
CTF has three points:
【1】A chance close to actual combat. Now the network security law is very strict, unlike before, everyone can mess around
[2] Topics keep up with the frontiers of technology, but many books lag behind
【3】If you are a college student, it will be very helpful for finding a job in the future
If you want to play a CTF competition, go directly to the competition questions, if you don’t understand the competition questions, go to the information according to what you don’t understand
Recommended: HVV (network protection)
HVV has four points:
[1] It can also greatly exercise you and improve your own skills. It is best to participate in the HVV action held every year
【2】Be able to meet many bigwigs in the circle and expand your network
【3】The salary of HVV is also very high, so you can earn a lot of money if you participate
[4] Like the CTF competition, if you are a college student, it will also be very helpful for finding a job in the future
8. Recommended network security resources
It will be sent to you automatically after the attention is needed, just pay attention to the background message
Book list recommendation:
Computer operating system:
[1] Coding: the language hidden behind computer software and hardware
【2】In-depth understanding of the operating system
【3】In-depth understanding of windows operating system
【4】Linux kernel and implementation
Programming development class:
【1】windows programming
【2】windwos core becomes
【3】Linux programming
【4】Unix environment advanced into
【5】IOS becomes
[6] The first line of code Android
【7】C programming language design
【8】C primer plus
[9] C and pointers
[10] C expert programming
[11] C traps and defects
[12] Assembly language (Wang Shuang)
【13】java core technology
【14】java programming ideas
【15】Python core programming
[16] Linux shell script strategy
[17] Introduction to Algorithms
[18] Compilation principle
[19] Compilation and decompilation technology practice
[20] The way to clean code
[21] Code Encyclopedia
[22] TCP/IP Detailed Explanation
【23】Rootkit: Lurkers in the gray area of the system
【24】Hacking Attack and Defense Technology Collection
【25】Encryption and decryption
【26】C++ Disassembly and Reverse Analysis Technique Revealed
[27] web security testing
【28】White hat talks about web security
【29】Proficient in script hacking
【30】Web front-end hacking technology secret
[31] Programmer's application
【32】English Writing Handbook: Elements of Style
Common Internet Security and Forums
- Kanxue Forum
- safety class
- safety cow
- Safety internal reference
- Green League
- prophetic community
- XCTF Alliance
epilogue
The network security industry is like a river and lake, where people of all colors gather. Compared with many decent families with solid foundations in European and American countries (understand encryption, know how to protect, can dig holes, and are good at engineering), our talents are more heretics (many white hats may not be convinced), so in the future Talent training and In terms of construction, it is necessary to adjust the structure and encourage more people to do "positive" "system and construction" that combines "business" and "data" and "automation" in order to quench the thirst for talents and truly serve the society in an all-round way. Internet provides security.
Special statement:
This tutorial is purely technical sharing! The purpose of this tutorial is in no way to provide and technical support for those with bad motives! Nor does it assume joint and several liability arising from the misuse of technology! The purpose of this tutorial is to maximize everyone's attention to network security and take corresponding security measures to reduce economic losses caused by network security.