Results 1 to 8 of 8

Thread: Network Engineer Looking to Dive into Security and Forensics

  1. #1
    Junior Member
    Join Date
    Sep 2006
    Posts
    6

    Network Engineer Looking to Dive into Security and Forensics

    Hello.

    I work as an Information Systems Engineer currently holding my JNCIA, CCNA, and NET+ certifications. The topic of network/computer forensics and cyber security greatly interest me, to the point where I consistantly shadow our Network Management Center when troubleshooting and doing penetration testing (even though its not my job).

    I'm at the point now where engineering networks is getting boring and drab to me, and my attention is really caught by the science behind the technologies as well as the forensics involved in determining flaws and vulnerabilities.

    So that being said, I am looking for some suggestions as to steps to take to begin my career in security. I am also reading over tutorials and and posts on this subject posted on AO. I already have an intermediate knowledge of networking, routing protocols, TCP/IP, etc...Here is what I am going to try and gain knowledge in which will hopefully put me on the right track:

    -Deep knowledge of operating systems, MS and Unix/Linux
    -Programming/Computer Science, which includes Perl, Assembler, C/C++
    -Sniffers, how to identify and decode certain packets, how to identify potential threats
    -Additional information in network administration, secure design and planning

    And I suppose I should also learn tricks that hackers use to gain access, since thinking like a hacker will help you stay a step ahead in prevention.

    Can anyone provide suggestions, add ons, resources. I will be googling and reading AO as I get time at nights after work.

    Thanks
    EOF
    22 54 68 65 20 62 69 67 20 6c 69 65 20 6f 66 20 63 6f 6d 70 75 74 65 72 20 73 65 63 75 72 69 74 79 20 69 73 20 74 68 61 74 20 73 65 63 75 72 69 74 79 20 69 6d 70 72 6f 76 65 73 20 62 79 20 69 6d 70 6f 73 69 6e 67 20 63 6f 6d 70 6c 65 78 20 70 61 73 73 77 6f 72 64 73 20 6f 6e 20 75 73 65 72 73 2e 20 49 6e 20 72 65 61 6c 20 6c 69 66 65 2c 20 70 65 6f 70 6c 65 20 77 72 69 74 65 20 64 6f 77 6e 20 61 6e 79 74 68 69 6e 67 20 74 68 65 79 20 63 61 6e 27 74 20 72 65 6d 65 6d 62 65 72 2e 20 53 65 63 75 72 69 74 79 20 69 73 20 69 6e 63 72 65 61 73 65 64 20 62 79 20 64 65 73 69 67 6e 69 6e 67 20 66 6f 72 20 74 68 65 20 77 61 79 20 68 75 6d 61 6e 73 20 61 63 74 75 61 6c 6c 79 20 62 65 68 61 76 65 2e 22 20 2d 20 4a 61 6b 6f 62 20 4e 69 65 6c 73 65 6e 0d 0a 0d 0a

  2. #2
    Junior Member
    Join Date
    Aug 2006
    Posts
    29
    Just as an example...

    Since you currently hold your CCNA, you may look into CSSP (cisco certified security professional). I would only suggest that if you like cisco equipment: http://www.cisco.com/web/learning/le...type_home.html

    Another semi-popular certified that i've talked to people about is the CISSP which i believe is the certified information systems security professional. I don't know much about it, but it's there.

    I might also suggest checking out live cd's. Many of them have basic, but powerful, security and forensic tools readily available (knoppix std[security tools distro] for example), and i believe ubuntu has one also (im sure theres many, many others though).
    I have my CCNA and i'm currently working towards my CCNP and CSSP.

  3. #3
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    Since you have an understanding of networks and such, you have a solid foundation to build on. Your current position requires you to think about the most efficient way to allow things to happen. Your new interests will force you to think of ways to disrupt, eavesdrop and steal from said architecture.

    If you understand how TCP works, you should have no problem using a sniffer. Go download wireshark and use it on your own PC to watch traffic and look at what the captures show you. You're a CCNA so you will recognize much of the routing protocols and why they appear.

    Forensics is a new born in this sector and while many places are attempting to cast standards in the area, best practice is still cloudy at best. I would leave this alone at first.

    Programming is an art form and will take you years to perfect the few languages you've mentioned. I personally focus on PERL as it serves my needs very well. Assembler is something I learned YEARS ago and not for the purpose of reverse engineering. It just turned out that way later on when I got into the security sector.

    Being that you have experience in design, I would look into current regulations which force secure designs. You'll need to look into how to segregate networks with firewalls, deploy encryption and most important, you'll need to understand how the business processes work at your company. Once you master that, you can design secure solutions.

    But wait, there's more. You must understand and develop a security policy and all the other documents that hang from it. Things like a systems security plan and so forth. These things filter down through the enterprise and will impact how applications are developed in house.

    So, to sum it up, I would:

    1) Learn about policy design using best practice. See the NIST 800 docs for more info.
    2) Learn how to use a sniffer. Experiment by watching conversations with common protocols like HTTP, FTP, SMB, etc.
    3) Pick a language and master it before attempting another. Too many langs at once will confuse you.
    4) Don't waste money on a vendor centric cert. Look into something like the CISSP (www.isc2.org)
    5) Start looking at security tools like Nessus and NMAP. There are tons of resources out there that discuss their uses for both good and bad.
    6) Select a good *nix based live CD (Helix comes to mind or the slueth tool kit) and learn how to use the tools on that distro.
    7) Understanding business processes is *critical*. If you can't do this, you'll never be able to develop and deploy a secure solution to the enterprise and you'll end up in operations changing backup tapes for a living.

    Good luck on your adventure. Oh and one last thing. I don't know many 19 year old network engineers. How is it that you've gotten such a position without a 4 year degree in CIS?

    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  4. #4
    Junior Member
    Join Date
    Sep 2006
    Posts
    6
    Thank you both for your replies, they were extremely informative.

    @ thehorse13: Lol this is gonna be long, but here goes...

    I graduated June 2005. The way my high school was setup was you had to be full time for your freshman year. Once you hit your sophomore year (10) you had the choice to either remain full time or do half a day at a technical school. At that time I was only just getting into computers, and knew nothing about networking. The instrcutor at the tech school was a former sales engineer from Cisco and had also worked at Network General, a very cerebral person.

    In any case, I remember being heavily interested in the course work, i.e. learning how the various routing protocols worked, how data is converted into segments, packets, frames, and bits, and how each layer of the OSI worked together to deliver data. Lol I was actually so interested I slacked off on my normal school work to read up on technology and networking, but I still passed thankfully

    So I completed all four semesters in about a year and obtained my CCNA. I still had two years left in tech school so I decided to help take the load off my teacher (he was teaching, managing the network, and troubleshooting problems) a bit and setup a little help desk system where teachers could submit tickets if they were having issues. We also used this a little for outsiders as well for donations. This actually turned into my senior project.

    At my tech school we have a committee called the OAC (Occupational Advisory Committee). Its composed of several members who currently work in the industry, and we all meet three times a year to review the course curriculum, discuss trends in the industry, and see how we can better prepare students for work in the IT field. It's worked out well so far, and this is where I've met all of my current contacts from various companies such as Network General, Panduit, Cisco, Netex, CNI, etc..

    It was at this meeting in August of 2005 where I got my hook into the company I'm at now. At that time I was doing first shifts at a Wawa (never ever work at these places, I've never seen people so ticked over a meatball before ). My teacher bragged about me a good bit which led to talking and eventually an invite to talk furthur about my future. And now here I am, with a Juniper cert added.

    Sheesh, sounds like I was writing a biography...but thats my story. Took a lot of hard work to get here though, and now I'm looking at my B.S. in Computer Science as well as all my technical certs...not enough time in a day

    Unfortunately, as good as things may sound for me, this place sucks to work at. Very political, old fashioned, thankless, and a sweat shop...over worked and underpaid. We've had a lot of people leave in the past few months for better jobs, tired of all the bs they have to put up with here. But so it goes I guess

    Lol this ends my long post. Thanks for replies and your interest thehorse13, hopefully we'll talk again.

    --EOF
    22 54 68 65 20 62 69 67 20 6c 69 65 20 6f 66 20 63 6f 6d 70 75 74 65 72 20 73 65 63 75 72 69 74 79 20 69 73 20 74 68 61 74 20 73 65 63 75 72 69 74 79 20 69 6d 70 72 6f 76 65 73 20 62 79 20 69 6d 70 6f 73 69 6e 67 20 63 6f 6d 70 6c 65 78 20 70 61 73 73 77 6f 72 64 73 20 6f 6e 20 75 73 65 72 73 2e 20 49 6e 20 72 65 61 6c 20 6c 69 66 65 2c 20 70 65 6f 70 6c 65 20 77 72 69 74 65 20 64 6f 77 6e 20 61 6e 79 74 68 69 6e 67 20 74 68 65 79 20 63 61 6e 27 74 20 72 65 6d 65 6d 62 65 72 2e 20 53 65 63 75 72 69 74 79 20 69 73 20 69 6e 63 72 65 61 73 65 64 20 62 79 20 64 65 73 69 67 6e 69 6e 67 20 66 6f 72 20 74 68 65 20 77 61 79 20 68 75 6d 61 6e 73 20 61 63 74 75 61 6c 6c 79 20 62 65 68 61 76 65 2e 22 20 2d 20 4a 61 6b 6f 62 20 4e 69 65 6c 73 65 6e 0d 0a 0d 0a

  5. #5
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    So you work for Juniper?
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  6. #6
    Junior Member
    Join Date
    Sep 2006
    Posts
    6
    Unfortunately no...I work at the Philadelphia Stock Exchange in the Communications Engineering department, been there a year now.

    It would be nice to work for Cisco or Juniper since I would be doing more what I enjoy...My ultimate dream is to work for DoD or some high profile government agency working as a security professional. But I have a nice long time for that, no rush I suppose.


    --EOF
    22 54 68 65 20 62 69 67 20 6c 69 65 20 6f 66 20 63 6f 6d 70 75 74 65 72 20 73 65 63 75 72 69 74 79 20 69 73 20 74 68 61 74 20 73 65 63 75 72 69 74 79 20 69 6d 70 72 6f 76 65 73 20 62 79 20 69 6d 70 6f 73 69 6e 67 20 63 6f 6d 70 6c 65 78 20 70 61 73 73 77 6f 72 64 73 20 6f 6e 20 75 73 65 72 73 2e 20 49 6e 20 72 65 61 6c 20 6c 69 66 65 2c 20 70 65 6f 70 6c 65 20 77 72 69 74 65 20 64 6f 77 6e 20 61 6e 79 74 68 69 6e 67 20 74 68 65 79 20 63 61 6e 27 74 20 72 65 6d 65 6d 62 65 72 2e 20 53 65 63 75 72 69 74 79 20 69 73 20 69 6e 63 72 65 61 73 65 64 20 62 79 20 64 65 73 69 67 6e 69 6e 67 20 66 6f 72 20 74 68 65 20 77 61 79 20 68 75 6d 61 6e 73 20 61 63 74 75 61 6c 6c 79 20 62 65 68 61 76 65 2e 22 20 2d 20 4a 61 6b 6f 62 20 4e 69 65 6c 73 65 6e 0d 0a 0d 0a

  7. #7
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    My ultimate dream is to work for DoD or some high profile government agency working as a security professional. But I have a nice long time for that, no rush I suppose.
    Careful what you wish for. Mine nearly killed me - twice.

    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  8. #8
    Junior Member
    Join Date
    Sep 2006
    Posts
    6
    Careful what you wish for. Mine nearly killed me - twice.
    I'm sorry to hear that. I guess I just have a sense of adventure and taking risks?

    Like I say, I have a while to go before that.

    Take care of yourself

    --EOF
    22 54 68 65 20 62 69 67 20 6c 69 65 20 6f 66 20 63 6f 6d 70 75 74 65 72 20 73 65 63 75 72 69 74 79 20 69 73 20 74 68 61 74 20 73 65 63 75 72 69 74 79 20 69 6d 70 72 6f 76 65 73 20 62 79 20 69 6d 70 6f 73 69 6e 67 20 63 6f 6d 70 6c 65 78 20 70 61 73 73 77 6f 72 64 73 20 6f 6e 20 75 73 65 72 73 2e 20 49 6e 20 72 65 61 6c 20 6c 69 66 65 2c 20 70 65 6f 70 6c 65 20 77 72 69 74 65 20 64 6f 77 6e 20 61 6e 79 74 68 69 6e 67 20 74 68 65 79 20 63 61 6e 27 74 20 72 65 6d 65 6d 62 65 72 2e 20 53 65 63 75 72 69 74 79 20 69 73 20 69 6e 63 72 65 61 73 65 64 20 62 79 20 64 65 73 69 67 6e 69 6e 67 20 66 6f 72 20 74 68 65 20 77 61 79 20 68 75 6d 61 6e 73 20 61 63 74 75 61 6c 6c 79 20 62 65 68 61 76 65 2e 22 20 2d 20 4a 61 6b 6f 62 20 4e 69 65 6c 73 65 6e 0d 0a 0d 0a

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •