Preface
As a 6-year cybersecurity veteran, I really can’t figure out why I should study cybersecurity when there are so many development positions?
I’m afraid I’m going to pour cold water on those students who are about to get into the trap. It’s really not recommended for ordinary people to learn about network security on their own...
The basics are indeed very simple, and anyone with a little bit of knowledge can understand them. This is what many people say about network security being simple, easy to understand, and easy to learn, and then there are exaggerated remarks to mislead those novices, and then those novices just Follow the grandiosity. This is just like listening to the teacher's lecture in school. As long as you listen carefully, you seem to understand everything. But when it comes to the exam and you have to answer the questions on your own, you will be confused.
Many people come up and say they want to learn network security, but they start learning without even knowing the direction. In the end, they just end up in vain! The security field is a big concept that contains many directions, and different directions require different learning content.
If you have no direction and don’t know where to start, this article is a bit long. I hope you can read it patiently to the end.
Preschool speech
1. This is a path to persevere. If you are enthusiastic for three minutes, you can give up and move on.
2. This route is mainly for employment. Those who want to be a hacker and engage in illegal activities can also leave it. The Internet is not an illegal place!
3. Practice more and think more, don't know anything without leaving the tutorial. It is best to complete the technical development independently after reading the tutorial.
4. When learning Google, Baidu, and self-study, you often don’t meet kind-hearted masters. In the era of paid knowledge, who will give you answers without chatting.
What to learn about network security?
1. Cybersecurity Law
The Internet is not a lawless place for the madman Zhang San. Before learning network security technology, you must first learn how to act within the scope of the law. On June 1, 2017, my country's first cybersecurity law, the Cybersecurity Law of the People's Republic of China, was officially implemented, and my country's cybersecurity management entered a new stage of the rule of law. Therefore, the first lesson we learn is the legal education course on network security.
Therefore, within the boundaries of the law, we must first know where the bottom line is. When there was no cybersecurity law in the past, some boundaries were blurred. Now we must strictly operate within the scope of the cybersecurity law, otherwise it will be like the rumors in the world: Internet Safety, from entry to prison; if Kali learns well, he will be admitted early; if he learns infiltration well, he will have all he can in prison.
2. Hacker Code
When you hear the word hacker, you definitely think it is associated with crime, but today’s hackers are not like that. Don’t think that hackers are criminals. In fact, when the word “hacker” first came out, it was like Superman wearing underwear. The embodiment of justice is a compliment. However, in recent years, as the proportion of people who do not follow martial ethics has increased, this term has been ruthlessly vilified. Our original intention in learning network security is justice and love. This is our original mission that has persisted for 100 years and has never wavered, so we must also have some rules.
Cybersecurity Learning Route (Employment Edition)
Let me reiterate, this learning route is mainly for employment. If you are just interested and want to be a hacker friend, you can leave it!
Cyber security ≠ hacker
Many people come up and say they want to get into the network security industry, but they start learning without even knowing the direction. In the end, they just end up in vain! Hacking is a big concept that includes many directions, and different directions require different learning content.
Network security can be further subdivided into: network penetration, reverse analysis, vulnerability attacks, kernel security, mobile security, cracking PWN and many other sub-directions. Today's article is mainly aimed at the direction of network penetration. Other directions are for reference only. The learning routes are not exactly the same. I will sort them out separately if I have the chance.
Today, I will compile for you the most mainstream career planning route learning process for self-study network security at the enterprise level:
Preschool speech
- 1. This is a path to persevere. If you are enthusiastic for three minutes, you can give up and move on.
- 2. Practice more and think more, don't know anything without leaving the tutorial. It is best to complete the technical development independently after reading the tutorial.
- 3. Sometimes when we search Google or Baidu, we often fail to meet a kind-hearted master who will give you answers without chatting.
- 4. If you encounter something you really don’t understand, you can put it aside for now and solve it later.
Step One: Clear Learning Route
You definitely need a complete knowledge architecture system diagram.
If the image is too large and blurred due to compression by the platform, you can download the high-definition version without watermark at the end of the article.
Step Two: Phased Learning Goals & Planning
Enterprise Level: Junior Cybersecurity Engineer
Junior network engineer
1. Network security theoretical knowledge (2 days)
① Understand the relevant background and prospects of the industry and determine the development direction.
②Learn laws and regulations related to network security.
③The concept of network security operations.
④Introduction to MLPS, regulations, processes and specifications for MLPS. (Very important)
2. Penetration testing basics (one week)
① Penetration testing process, classification, standards
② Information collection technology: active/passive information collection, Nmap tools, Google Hacking
③ Vulnerability scanning, vulnerability exploitation, principles, utilization methods, tools (MSF), bypassing IDS and anti-virus reconnaissance
④ Host attack and defense drills: MS17-010, MS08-067, MS10-046, MS12-20, etc.
3. Operating system basics (one week)
① Common functions and commands of Windows system
② Common functions and commands of Kali Linux system
③ Operating system security (system intrusion troubleshooting/system reinforcement basics)
4. Computer network basics (one week)
①Computer network basics, protocols and architecture
②Network communication principles, OSI model, data forwarding process
③Common protocol analysis (HTTP, TCP/IP, ARP, etc.)
④Network attack technology and network security defense technology
⑤Web vulnerability principles and defense: active/ Passive attacks, DDOS attacks, CVE vulnerability recurrence
5. Basic database operations (2 days)
① Database basics
② SQL language basics
③ Database security reinforcement
6. Web penetration (1 week)
①Introduction to HTML, CSS and JavaScript
②OWASP Top10
③Web vulnerability scanning tools
④Web penetration tools: Nmap, BurpSuite, SQLMap, others (Chopper, Miss Scan, etc.)
Congratulations, if you learn this, you can basically work in a network security-related job, such as penetration testing, web penetration, security services, security analysis and other positions; if you learn the standard protection module well, you can also work as a standard protection engineer. Salary range 6k-15k
So far, about 1 month. You've become a "script kiddie." So do you still want to explore further?
[ Get "Script Kid" growth and advanced resources ]
7. Script programming (beginner/intermediate/advanced)
in the field of cybersecurity. The ability to program is the essential difference between "script kiddies" and real hackers . In the actual penetration testing process, in the face of complex and changeable network environments, when commonly used tools cannot meet actual needs, it is often necessary to expand existing tools, or write tools and automated scripts that meet our requirements. At this time, Requires certain programming skills. In the CTF competition, where every second counts, if you want to effectively use homemade script tools to achieve various purposes, you need to have programming skills.
For beginners, it is recommended to choose one of the scripting languages Python/PHP/Go/Java and learn to program common libraries; build a development environment and choose an IDE. Wamp and XAMPP are recommended for PHP environments, and Sublime is highly recommended for IDEs; ·Learn Python programming , the learning content includes: grammar, regularity, files, networks, multi-threading and other common libraries. We recommend "Python Core Programming", don't read it all; · Use Python to write exploits for vulnerabilities, and then write a simple web crawler; · PHP basic syntax Learn and write a simple blog system; Be familiar with the MVC architecture, and try to learn a PHP framework or Python framework (optional); ·Understand Bootstrap layout or CSS.
8. Super Internet worker
This part of the content is still relatively far away for students with zero foundation, so I won’t go into details and post a rough route. If you are interested in children's shoes, you can research it. If you don't understand the place, you can [click here] to join me and learn and communicate with me.
Cybersecurity learning routes & learning resources
Scan the card below to get the latest collection of network security materials (including 200 e-books, standard question banks, CTF pre-match materials, commonly used tools, knowledge brain maps, etc.) to help everyone improve!
Conclusion
The network security industry is like a river and lake, where people of all colors gather. Compared with many well-known and decent people in European and American countries who have a solid foundation (understand encryption, know how to protect, can dig holes, and are good at engineering), our country's talents are more of a heretic (many white hats may be unconvinced), so in the future talent training and In terms of construction, it is necessary to adjust the structure and encourage more people to do "positive" "system construction" that combines "business" with "data" and "automation". Only in this way can we quench the thirst for talents and truly provide comprehensive services to society. The Internet provides security.
Special statement:
This tutorial is purely technical sharing! The purpose of this book is by no means to provide technical support to those with bad intentions! We also do not assume any joint liability arising from the misuse of technology! The purpose of this book is to awaken everyone's attention to network security to the greatest extent, and to take corresponding security measures, thereby reducing the economic losses caused by network security! ! !