In summary, the main contents of the network security course include:
Security Basics
Applied Cryptography
Protocol Layer Security
Windows Security (Attack and Defense)
Unix/Linux Security (Attack and Defense)
Firewall Technology
Intrusion Detection System
Auditing and Log Analysis
The following introduces the corresponding specific content and some reference books for each part of knowledge (.
1. Basic safety knowledge
This part of the learning process is relatively easy and can be completed in relatively little time. The contents of this part include: concepts and definitions of security, common security standards, etc.
Most books on the basics of network security will have an introduction to this part.
Here are some recommended reference books related to this part:
"CIW: Holographic Course for Security Experts" Translated by Wei Wei and others, Electronic Industry Press
"Computer System Security" Cao Tianjie, Higher Education Press
"Introduction to Computer Network Security" Gong Jian, Southeast University Press
2. Applied Cryptography
Encryption is the foundation of modern computer (network) security. Without encryption technology, any network security is empty talk.
The application of encryption technology does not simply stop at encrypting and decrypting data. In addition to data confidentiality, cryptography can also complete data integrity verification, user identity authentication, digital signature and other functions.
PKI (Public Key Infrastructure) based on cryptography is an important part of information security infrastructure and a universally applicable network security infrastructure. The construction of authorization management infrastructure, security and confidentiality management system, and unified secure e-government platform cannot do without its support.
It can be said that the application of cryptography runs through the entire learning process of network security. Because most people have not been exposed to the content in this area before, this is a weakness and weakness, so it takes more time and energy to learn than other parts. Also need to refer to more reference books.
Here are some recommended reference books related to this part:
"Cryptography" Song Zhen, Wanshui Publishing House
"Cryptography Engineering Practice Guide" translated by Feng Dengguo, Tsinghua University Press
"Guidance to Secret Studies" translated by Wu Shizhong, Machinery Industry Reference)
3. Protocol Layer Security
There are many reasons for systematically learning about TCP/IP. To properly implement firewall filtering, security administrators must have a deep understanding of the IP layer of TCP/IP and the TCP/UDP layer. Hackers often use a part of the TCP/IP stack to destroy network security, etc. So you must also clearly understand these contents.
Protocol layer security mainly involves content related to the TCP/IP layered model, including the working principles and characteristics of common protocols, defects, protection or alternative measures, and so on.
Here are some recommended reference books related to this part (classic books, must read):
"TCP/IP Detailed Explanation Volume 1: Protocol", translated by Fan Jianhua, etc., Machinery Industry Press
"Using TCP/IP for Internet Interconnection, Volume 1 Principles, Protocols and Structure", translated by Lin Yao, etc., Electronic Industry Press
4. Windows security (attack and defense)
Because Windows is an easier target for attacks.
The learning of Windows security is actually the learning of Windows system attack and defense technologies. The learning content of Windows system security will include: users and groups, file systems, policies, system default values, auditing, and the research of the loopholes in the operating system itself.
There are many reference books in this part. In fact, any book related to Windows offense and defense is fine. Here are some recommended reference books related to this part:
"Introduction to Hacker Attack and Defense" Deng Ji, Electronic Industry Press
" Hacker Exposure ", translated by Yang Jizhang, etc., Tsinghua University Press
"Sniping Hackers", translated by Song Zhen, Electronic Industry Press
5. Unix/Linux security (attack and defense)
As the market share of Linux is getting higher and higher, Linux systems and servers are being deployed more and more widely. The security issues of Unix/Linux systems are becoming more and more prominent. As a network security worker, Linux security definitely occupies half of the importance of network security. However, compared with the Windows system, ordinary users do not have many opportunities to come into contact with the Linux system. The study of the Unix/Linux system itself is also a lesson they must make up for!
The following is a set of reference books recommended for Linux system management.
"Red Hat Linux 9 Desktop Application" Liang Rujun, Mechanical Industry Press (has little to do with network security, can be used as a reference) "
Red Hat Linux 9 System Management" Jin Jieheng , Mechanical Industry Press
"Red Hat Linux 9 Network Services" Liang Rujun, Mechanical Industry Press
In addition to reference books related to Unix/Linux system management, two books related to security are also given here.
"Red Hat Linux Security and Optimization" Deng Shaokun, Wanshui Publishing House
"Unix Hacker Exposure" Translated by Wang Yichuan, Tsinghua University Press
6. Firewall Technology
Firewall technology is an important element in network security. It is a barrier and a sentry for communication between the external network and the internal network. In addition to having a deep understanding of the types and working principles of firewall technologies, a network security manager should also be familiar with the configuration and maintenance of various common firewalls.
At least the following simple configuration of the firewall should be known.
Common use of various personal firewall software
ACL-based packet filtering firewall configuration (such as Windows-based IPSec configuration, Cisco router-based ACL configuration, etc.)
Linux-based operating system firewall configuration (Ipchains/Iptables)
ISA configuration
Cisco PIX configuration
Check Point firewall configuration
VPN configuration based on Windows, Unix, and Cisco routers
Here are some recommended reference books related to this part:
"Network Security and Firewall Technology" Chu Kuang , People's Posts and Telecommunications Press,
"Linux Firewall", translated by Yu Qingni, People's Posts and Telecommunications Press, "
Advanced Firewall ISA Server 2000", Li Jingan, China Railway Press,
"Cisco Access Table Configuration Guide", translated by Leading Studio , Mechanical Industry Press,
"Check Point NG Safety Management", translated by Wang Dongxia, Mechanical Industry Press,
"Virtual Private Network (VPN) Essence", Wang Da, Tsinghua University Press
7. Intrusion Detection System (IDS)
The firewall cannot analyze all the data packets of the application layer, which will become the bottleneck of network data communication. Even a proxy firewall cannot inspect all application-layer packets.
Intrusion detection is a reasonable supplement to a firewall. It helps system administrators discover and respond to attacks by collecting and analyzing various useful information on computer systems and computer network media. It can be said that intrusion detection is the second security gate behind the firewall, which can monitor the network without affecting the network performance, thus providing real-time protection against internal attacks, external attacks and misoperations.
The above is an older security introduction guide article, sourced from the Internet.
This article helped me a lot when I learned about this piece of knowledge. Although some of the content in it is old, the overall learning ideas and the logic of the knowledge structure are not behind, so share it with the topic owner.
Of course, I will only share so much about the learning methods here.
In addition, it is a collection of some learning materials, the classification is not very clear, let's take a look~
Network security full knowledge point route
If you don’t want to find them one by one, you can refer to these materials.
video tutorial
SRC&Hacking Technical Documentation
Hacking Tools Collection
If you need it, you can get the most complete network security data package on the 282G network for free! Leave a message in the comment area to deduct 1 or I will send it to everyone privately in the background!
If you want to learn more about the Linux knowledge system, you can take a look at the content of hundreds of knowledge points that we spent more than a month sorting out hundreds of hours: