When we talk about cybersecurity, we are talking about protecting our online spaces, which is a responsibility we all share. Cybersecurity involves protecting our information from access, disclosure, destruction or modification by unauthorized parties.
1. Basic concepts of network security
Cybersecurity is protection: it involves protecting our devices and information from a variety of threats, such as viruses and worms, to more sophisticated forms of cybercrime. It involves protecting our data, ensuring its security, confidentiality and integrity, while also ensuring the proper functioning of our devices and networks.
Cybersecurity can be divided into several key areas:
- Network Security:Protecting the network and its resources from attack, damage, or unauthorized access.
- Information Security:Protecting information and information systems from unauthorized access, use, disclosure, destruction, modification, or destruction.
- Operational safety: Ensure the continuous operation of the system and the normal operation of the equipment, preventing interruptions caused by hardware or software failures, human errors or natural disasters.
- App Security:Protect your applications from a variety of threats, including viruses, hackers, and data theft.
The goal of cybersecurity is to ensure the confidentiality, integrity, and availability of data and systems. Confidentialityis protection against unauthorized data access, Integrityis Protecting data from unauthorized modification, whileavailability ensures that network services are always available to authorized users.
2. The importance of network security
So, why is network security important? Let's look at a few examples.
Example 1: Suppose you are the owner of a company, and all of your company's business runs on the Internet, including communication with customers, order processing, product sales, etc. If your network is attacked, your business will be affected, you may lose customers, and your company may suffer significant losses. This is the importance of cybersecurity.
Example 2: Suppose you are an ordinary Internet user. You do online shopping, online banking, social media, etc. All of these activities of yours require a network, and if your network is not secure, your personal information can be stolen, your bank account can be stolen, and your social media accounts can be misused. This is also the importance of network security.
The importance of cybersecurity cannot be overestimated. As every aspect of our lives and work becomes more and more dependent on the Internet, any form of cyber attack can have catastrophic results. Here are some of the top reasons for cybersecurity:
1. Personal privacy protection
We share more and more information online, including personal information (such as addresses, phone numbers, and social security numbers) and financial information (such as bank account and credit card information). If cybersecurity measures are inadequate, this information could fall into the wrong hands, leading to identity theft or other forms of crime.
2. Corporate security
For enterprises, network security is even more crucial. Enterprises hold large amounts of sensitive data, including employee information, customer information, company financial information and other business data. Cyberattacks can result in the theft of this information, leading to financial losses, brand damage, and possibly even company closure.
For example, a 2017 cyberattack on the credit reporting company Equifax resulted in the theft of personal information of approximately 147 million U.S. consumers, including names, Social Security numbers, dates of birth, addresses, and some driver’s license numbers.
3. National security
Cybersecurity is also an important part of national security. The country's critical infrastructure, such as power grids, transportation systems, and communications networks, all rely on networks. Cyberattacks could paralyze these systems, posing a threat to national security.
For example, in 2015, Ukraine’s power grid suffered a cyber attack, causing about 230,000 people to lose power. According to reports, this was the first time in history that a power outage was caused by a cyber attack.
3. Conclusion
Cybersecurity is an issue that everyone needs to pay attention to. Whether we shop online, use social media, work online, or rely on the Internet for basic daily activities, we need to protect our information and devices from cyberattacks.
Cybersecurity requires the participation of all of us, and each of us has a responsibility to protect our cyberspace. This includes using strong passwords, regularly updating software, sharing personal information carefully, using secure network connections, and educating yourself and others about cyber threats.
Network security is not only a technical issue, but also a human issue. Only when we all recognize the importance of cybersecurity and take appropriate measures to protect our cyberspace can we truly achieve cybersecurity
4. There is a lot of knowledge about network security. How to arrange it scientifically and reasonably?
1. Basic stage
- Cybersecurity Law of the People's Republic of China (includes 18 knowledge points)
- Linux operating system (including 16 knowledge points)
- Computer Network (includes 12 knowledge points)
- SHELL (contains 14 knowledge points)
- HTML/CSS (including 44 knowledge points)
- JavaScript (including 41 knowledge points)
- Introduction to PHP (including 12 knowledge points)
- MySQL database (including 30 knowledge points)
- Python (including 18 knowledge points)
The first step to get started is to systematically learn basic computer knowledge, that is, learn the following basic knowledge modules:Operating system, protocol/network, database, development language , Common vulnerability principles.
After learning the previous basic knowledge, it is time to practice.
Because of the popularity of the Internet and informatization, website systems have a lot of external business, and the level of programmers and the configuration of operation and maintenance personnel vary, so there is more content that needs to be mastered.
2. Penetration stage
- SQL injection penetration and defense (including 36 knowledge points)
- XSS related penetration and defense (including 12 knowledge points)
- Upload verification penetration and defense (including 16 knowledge points)
- The document contains penetration and defense (including 12 knowledge points)
- CSRF penetration and defense (including 7 knowledge points)
- SSRF penetration and defense (including 6 knowledge points)
- XXE penetration and defense (including 5 knowledge points)
- Remote code execution penetration and defense (including 7 knowledge points)
Master the principles, uses, defenses and other knowledge of common vulnerabilities. In the Web penetration stage, you still need to master some necessary tools.
Main tools and platforms to master:burp, AWVS, Appscan, Nessus, sqlmap, nmap, shodan, fofa, proxy tools ssrs, hydra, medusa, airspoof etc. You can use the above open source shooting range to practice the above tools, which is enough;
3. Safety management (improvement)
- Penetration report writing (including 21 knowledge points)
- Level Protection 2.0 (includes 50 knowledge points)
- Emergency response (including 5 knowledge points)
- Code audit (including 8 knowledge points)
- Risk assessment (including 11 knowledge points)
- Safety inspection (including 12 knowledge points)
- Data security (including 25 knowledge points)
Mainly includespenetration report preparation, network security level protection classification, emergency response, code audit, risk assessment, security inspection, data security, and compilation of laws and regulationsetc.
- This stage is mainly for those who are already engaged in network security related work and need to be promoted to management positions.
- If you are only studying to take up engineering positions, you may or may not study at this stage.
4. Upgrade stage (upgrade)
- Cryptozoology (including 34 knowledge points)
- Introduction to JavaSE (including 92 knowledge points)
- C language (including 140 knowledge points)
- C++ language (including 181 knowledge points)
- Windows reverse engineering (including 46 knowledge points)
- CTF Capture the Flag Competition (including 36 knowledge points)
- Android reverse engineering (including 40 knowledge points)
Mainly includingcryptography, JavaSE, C language, C++, Windows reverse engineering, CTF capture the flag competition, Android reverse engineering, etc.
Mainly aimed at those who are already engaged in network security related work and need to improve their knowledge of advanced security architecture.
If you really want to get started with web security through self-study, I suggest you take a look at the following learning roadmap, which details how long to learn each knowledge point and how to learn it. The total self-study time is about half a year, and it is effective in personal testing (there is a surprise at the end of the article) ):
After sorting out your knowledge framework and knowing how to learn, the next step is to fill the framework with content.
We have many choices at this time, such as CSDN, Zhihu, and Bilibili. There are many people sharing their learning materials, but I think there is a big one here. The problem is that they are incoherent and incomplete. Most of the tutorials shared for free are just one piece here and there, with no preface and follow-up. You will get confused as you learn. This is my personal experience after self-study.
If you really want to learn on your own, I can share with you these tutorials that I have compiled and collected. They not only includeweb security, There are also penetration tests and other content, including e-books, interview questions, pdf documents, videos and related courseware Notes, I have already learned them all, like and collect in the comment area and leave a message "Already followed"! You can share it with everyone for free! Friends who can't wait can also kick me directly from the platform! Orfollow me and the background will automatically send it to everyone! After following, please pay attention to the background news!
My advice to my friends is to think clearly, There is no shortcut to self-learning network security. In comparison, system network security is the most economical Cost-effective way, because it can help you save a lot of time and energy costs. Hold on, now that you've been on this road, even though the future may seem difficult, as long as you grit your teeth and persevere, you will eventually get the results you want.
Network security learning materials and tutorials, follow to be automatically sent
Hacking tools & SRC technical documents & PDF books & web security, etc. (can be shared)
Recommended book list:
Computer operating system:
【1】Coding: the language hidden behind computer software and hardware
【2】In-depth understanding of the operating system
【3】In-depth understanding of Windows operating system
【4】Linux kernel and implementation
Programming development category:
【1】 windows programming
【2】windwos core becomes
【3】Linux Programming
【4】Advanced transformation of unix environment
【5】IOS becomes
【6】The first line of code Android
【7】C programming language design
【8】C primer plus
【9】C and pointers
【10】C Expert Programming
【11】C Traps and Defects
【12】Assembly language (Wang Shuang)
【13】java core technology
【14】java programming ideas
【15】Python core programming
【16】Linuxshell script strategy
【17】Introduction to Algorithms
【18】Compilation principle
【19】Practical combat of compilation and decompilation technology
【20】How to clean your code
【21】Code encyclopedia
【22】Detailed explanation of TCP/IP
【23】Rootkit: Lurkers in the gray area of the system
【24】Hacker attack and defense technology guide
【25】Encryption and decryption
【26】C++ disassembly and reverse analysis technology revealed
【27】Web security testing
【28】White hat talks about web security
【29】Proficient in script hacking
【30】Web front-end hacking technology revealed
【31】Applications for programmers
【32】English Writing Handbook: Elements of Style
Special statement:
This tutorial is purely technical sharing! This tutorial is in no way intended to provide technical support to those with ill intentions! We also do not assume any joint liability arising from the misuse of technology! The purpose of this tutorial is to maximize everyone's attention to network security and take corresponding security measures, thereby reducing the economic losses caused by network security.