foreword
Recently, I have received a lot of private messages and messages from my friends, most of them are zero-basic beginners getting started with network security, and they need relevant resources to learn. In fact, all fans who have read it know that it has been recommended in previous articles. Newcomers may not be very clear about it, so I will describe it systematically here.
01. A brief understanding of network security
To put it bluntly, network security means that the data in the network system is protected from being destroyed. And our security engineers engaged in network information security work, of course, the main job is to design programs to maintain network security.
Network security engineer is a general term that also includes many positions, such as security product engineer, security analyst, data recovery engineer, network architecture engineer, network integration engineer, security programming engineer and so on.
All work includes vulnerability mining, code programming, security services, traffic analysis, intrusion detection, cloud protection, system attack and defense, code auditing, etc.
Of course, these positions have nothing to do with you at this stage, I just want to let you know that the industry of network security is also a great place. What you have to do now is to learn the basic knowledge well, and one day in the future, maybe you will be able to get in touch.
If you want to become a master in network penetration, you need to master the full-stack capabilities of computers, networks, and programming. Operating systems, log analysis, traffic analysis, vulnerability attacks, security audits, web security, network protocols, programming languages, etc. need to be learned of.
So you can start from this aspect, you can watch some video tutorials
If you are new to network security, whether it is self-study or class, there is a major prerequisite, which is to master the basic knowledge of security.
Because network security involves a wide range of knowledge, many terms, and a lot of theoretical knowledge, we need to devote a lot of time and energy to study and master the basic knowledge of network security, security concepts and definitions, common security standards, etc.
The following books (with video reading effect are the best) should be read at least once. At first you may feel that the theoretical part is in the clouds, but if you stick to it, you will find that in the future study, this part Accumulation is very important.
Here I recommend 4 books: "Computer System Security", "Introduction to Computer Network Security", "In-depth Analysis of Web Security", "150 Commands of Network Security Linux System"
After mastering the necessary theory, it is time to start learning skills. Combining specific skills with previous theories, you will feel enlightened.
Of course, if you are a complete novice, you can also read this WEB security note first, the content covers the entire web security stage, and it is described in detail from the origin history of the computer
After understanding the basic stage and laying a solid foundation, start to learn the use of common hacking and penetration tools
Note: This is definitely not talking about some software such as catching chickens and remote control. You need to learn systematically. Even if you say you don’t have enough time, you still need to know common tools, such as: Hydra, medusa, sqlmap, AWVS , Burpsuite, Beef-XSS, Metasploit, Nessus, wireshark and other security tools, these are relatively well-known penetration tools and platforms in the security and penetration circles.
After getting familiar with linux, you can start to learn some programming-related knowledge now, because a hacker must master at least two or more programming languages. If you have no programming foundation, I recommend Python as a language here.
Because the Python language code is short, it is easy for Xiaobai to understand. For example, writing a helloworld code in C language requires 5-6 lines, while Python only needs 1 line. After learning Python, you can learn C language or Java again. After you learn a language, you will have a foundation, and the languages are all interoperable, so it should not be difficult to learn C after you have learned Python. You can also write your own when necessary. Hacking or penetration tools.
At this time, the theoretical knowledge has basically been learned, and the important stage is: actual combat. In actual
combat, you can go to some shooting ranges to practice, or go to the vulnerability platform to dig vulnerabilities and submit them (note: any unauthorized penetration and digging is illegal).
This is nearly 100 src Technical documents, only provide some loophole ideas
You can also participate in the net protection every year, and you can also exercise your actual combat ability in the red-blue confrontation.
epilogue
Well, today's content is updated here, and more content that everyone is interested in will continue to be updated in the future.