1. What is network security?
Network security can be classified based on the perspective of attack and defense. The "red team" and "penetration testing" we often hear are research on attack technology, while the "blue team", "security operation" and "security operation and maintenance" are research on defense technology.
Regardless of the field of network, web, mobile, desktop, cloud, etc., there are two sides of attack and defense. For example, web security technology includes both web penetration and web defense technology (WAF). As a qualified network security engineer, you should be both offensive and defensive.
2. What is a hacker?
Hackers generally refer to computer experts who focus on infiltration and stealing attack technology in IT technology. At this stage, hackers need to master far more than these.
3. Why learn hacking technology?
In fact, network information space security has become the fourth largest battlefield after sea, land and air. In addition to the game between countries, there are also obvious competitions between domestic enterprises and enterprises.
Network security hacking technology is one of the capabilities that both countries and enterprises are paying more and more attention to.
So if you are still considering whether to learn, my answer is: just learn, you are right
Cyber Security Skills Sheet
According to the above network security skills table, it is not difficult to see that there are still many technologies that network security needs to touch;
Common skills to learn:
Peripheral management capabilities,
phishing remote control capabilities,
domain penetration capabilities,
traffic analysis capabilities,
vulnerability mining capabilities,
code audit capabilities, etc.
[One by one to help with security learning, all resources one by one]
①Network security learning route
②20 penetration testing e-books
③357 pages of security attack and defense notes
④50 security attack and defense interview guides
⑤Security red team penetration toolkit
⑥Network security essential books
⑦100 Vulnerability actual combat cases
⑧ internal video resources of major security companies ⑨
analysis of CTF capture the flag questions over the years
4. There is a lot of knowledge about network security, how to arrange it scientifically and reasonably?
If you really want to get started with network security through self-study, then I suggest you read what I said below. For each knowledge point, the total self-study time is about half a year, and the personal test is effective (there is a surprise at the end of the article):
How to learn about network security?
1. Computer basics need to be passed
This step has little to do with network security for the time being. It is a basic ability that everyone who enters the IT industry must master.
computer network
computer operating system
Algorithms and Data Architecture
database
Tips: You don't have to study until you are very proficient, it can be done simultaneously with learning other courses.
2. Infiltration technology mastery
A. Primary Penetration
First of all, you must learn the basic content of network security penetration, including information collection, web security, penetration tool proficiency, vulnerability reproduction and actual combat vulnerability mining
B. Advanced penetration - sub-direction
There are a lot of content, but the overall content that needs to be mastered is similar, penetration framework, privilege escalation and maintenance, tunneling technology, intranet penetration, forensics and traceability, Ddos attack and defense, and you can also try to master social engineering (not necessary).
3. Safety management
After choosing a good direction, you can start to enter deeper content, ARP penetration, level protection, risk assessment, security inspection, data security
4. Reverse avoid killing
Windows reverse Android reverse anti-kill technology
5. Code Audit
Java code audit PHP code audit, etc.
6. Advanced mastery of content in other programming directions
JavaSE, C, C++, Shell programming, Golang
Finally,
after sorting out your own learning framework and knowing where to start step by step, the next step is to fill the framework with information and follow along.
Here we can search for learning materials from CSDN, Zhihu, and Station B, but I think a big problem here is that it is incoherent and imperfect. Most of the tutorials shared for free are all here and there. If the foreword does not match the afterword, I will be confused after learning. This is my personal experience after self-study.
If you really want to learn by yourself, I can share with you these tutorials that I have compiled and collected by myself. All knowledge points and content, including e-books, interview questions, pdf documents, videos and related courseware notes, you can leave a message in the comment area to tell me .
Network security is a very popular programming direction. It requires continuous learning and actual combat, mastering the latest technologies and tools for version changes, and avoiding falling behind. I hope everyone can become an excellent network security engineer.