From: Dave Dyer (ddyer@ciber.com)
Date: Thu Jul 08 2004 - 15:31:09 EDT
I agree for the most part, Don. However, I think that differing levels of
knowledge of the network layer are needed for specific job-duties. I see
security specialists as normally falling into one of the following
categories:
1. Network Security - Absolutely should understand TCP/IP in and out and
not rely solely on tools.
2. Non-Tech Security - Should focus more on ISO/HIPPA/GLB/ etc and
non-technical controls than on anything having to do with TCP/IP
3. Application Security - Need to understand how code interacts with the
network and memory, so should at least understand TCP/IP from a packet
level.
4. The Well-Rounded Security Professional - Has a little knowledge of all
areas and can perform assessments, but isn't necessarily specialized in one
area. This is more often than not the consultant, in my opinion, that is
forced to rely on tool feedback rather than base understanding of any core
component of the assessment (TCP/IP for example).
I agree that it's an alarming trend. I believe the major cause for this
trend has to do with major growth in the amount of knowledge any security
professional "should" maintain. With the growth of wireless, IPv6, Linux
changes/versions/releases, vulnerability tracking, web applications, etc,
it's a full time job just to keep up on one specific area. If you happen to
be one of the bastions of the security world who's been around (and
understood TCP/IP through and through) for years, then that's great.
However, I have NOT seen many suggestions for either highly specialized
security folks, or for people who are new to the industry, on just how to go
about learning the basics (or, for that matter, what basics should be
important). I'm not going to list everything but as I see it, in order to
be a good security consultant, you need at least some of the following
skills:
1. Network skills
a. TCP/IP
b. OSI Model (including UDP/ICMP/ARP/RARP, etc)
c. Router/Switch/Hub hardware experience
d. DNS understanding
e. Secure Architecture understanding (This should be logical)
f. Wireless
g. VPN
2. Communication Skills
a. Interview/Due Diligence skills
b. Technical and Non-technical documentation skills
c. The ability to communicate verbally from CEO to Coder
d. Presentation skills (sometimes for large audiences, including visual
aids)
3. Application Skills
a. Firewall
b. IDS
c. Honeypot
d. OS (*nix, win, cisco)
e. Web Apps (too many to list)
f. Client/Server apps
Anyway, the list can go on and on (encryption, standards,
vulnerabilities...), and is probably much better organized through the CISSP
CBK than I have put it here, but that's just a demonstration a portion of
the stuff that we have to be knowledgeable about on a daily basis as
security consultants. Now... my challenge to you would be to come up with a
list of PRIORITIZED items to be (or become) intimately familiar with in
order to evolve into an exceptional security professional.
-----Original Message-----
From: Don Parker [mailto:dparker@rigelksecurity.com]
Sent: Tuesday, July 06, 2004 7:21 PM
To: pen-test@securityfocus.com; vuln-dev@securityfocus.com
Subject: TCP/IP skills
Hello all, I just wanted to comment on what I see as a rather alarming trend
in the
security industry today. More and more many are becoming reliant upon tools
to do their
job whilst they ignore core components of their skillset. Specifically in
this case an
in-depth knowledge of TCP/IP.
Knowing TCP/IP at a granular level in my opinion is very much a core skill
that must be
attained by anyone who wishes to have a successful career in the network
security
industry today. One cannot become adept by simply using tools, and never
knowing how to
interpret the output by verifying the packets themselves.
It constantly amazes me when I teach a TCP/IP Analysis course that people
who are
presently in the industy do not know of such basic TCP/IP concepts as the 3
way
handshake and how ICMP works. That or being able to wholly dissect a packet
and explain
the relationships between various metrics.
I would be curious to hear of your opinions on this?
Cheers,
Don
-------------------------------------------
Don Parker, GCIA
Intrusion Detection Specialist
Rigel Kent Security & Advisory Services Inc
www.rigelksecurity.com
ph :613.233.HACK
fax:613.233.1788
toll: 1-877-777-H8CK
--------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:57 EDT