Advice learning networking/security.

Post Reply New Topic

The degree I am working on transfered credits in and cleared me of having to take a few classes. The problem with that is several of those classes are networking classes. So my issue is I will have a 4 year degree in CIS with only basic understanding of networking.

So I could take the classes anyways or just read some books and save myself a few thousand dollars but I don't know where I should start. Should I get a book that is made for getting cisco/comptia/Microsoft certs? Should I start with Cisco? or would something else be better?

I cannot tell you what courses to take, since education and all that are probably very different where you live, but i can tell you what is useful:


1) A good understanding of systems: Primarily Windows and Linux since those are the ones that you are most likely to come across in general. How they work, user/account administration, policies and other security features, hardening, auditing and network configuration/tools.

2) Networking knowledge: Basic TCP/IP, configuration, subnetting (vanilla and CIDR masks), how TCP sessions work vs UDP, some popular plaintext protocols

3) Application systems: MS IIS, PHP, JSP/Java platforms and similar software. You do not need to know how to write code, but it is very useful.

I do not know if the CIS education brings it up, but unless you know how to configure a standard firewall (personal and enterprise), configure an IDS, know how to use some pentesting programs/scanners, file integrity systems (i.e. tripwire) - and more, your education wont be very useful out there in the real world. Well, maby in Information-security (as in ISO 27000), but not in IT-security

This is my opinion on what is important. You CAN get certifications and all that, but there are lots of people who think they are pretty useless and have no real relationship to aquired knowledge and experience - and i am one of them.

Also note that there are plenty of roles within IT/Information security, you better think ahead about the future about what you want to do.

If you want more input, i'd suggest you ask on securityfocus.com, they have mailing lists for security jobs (not listings for jobs, but a discussion list about jobs) and you may get some additional feedback there. (In the end though, experience beats education.)

http://www.securityfocus.com/

Good luck.

I'm a senior network engineer and if I had to recommend a basic overview approach, you really can't go wrong with the material required for the CCNA. Even though it's a vendor based certification, at that level the material that it focuses on is really just the basics of the technology. You'll master the OSI model, learn how to do ip addressing, learn the bare basics of some routing protocols. From there, if a certain area interests you, you can always pursue that after you decide that you like it.

PM if you have more questions - I passed the CCIE written several times, but never actually went to take the lab. After a few years I kind of lost interest. But, it's still a fun field and has kept my attention for much longer than many other areas where I've worked

ETA: I don't think it matters whether you actually take the CCNA test or not - but the material covered if you studied as if you were going to take it, would be beneficial.

Look on the web. Install yourself an operating system and study its setup. Hang around caCert and learn to defend it. Hang around slashdot and learn to attack it. Put some little web applications together, implement a single signon. Learn how to get at them from elsewhere. Learn how to track who else is getting at them.

Then start looking at the CCNA syllabus...

GRR...that sux...just lost a whole half-page of text....sigh, once more into the breach.

If you just want the barebones basics, COMPTia has the '+' series. These won't get you the big bucks; they're designed to give the lowest common denominator of knowledge that the industry thinks you should have. But it's a @#$ sake cheaper than CCNA, MCSE, or RHSA... you can always go back and get them later...

A+ - mainly for PC hardware techs. Some remote support options now as well.
N+ - network plus. The basics of how they work
S+ - Server plus. If you want to fix network servers.
S+ (?) - there's one called Security plus. not sure about the initial 'letter'.
L+ - Linux plus. i'm thinking bout this one, if I can ever find a @#$% place that offers it, and
doesn't want an arm and a leg to teach it.

You can research these on the web.

Approach number 2 - find 2 sites; indeed.com, and jobster.com. These are where monster and
other sites pull their job lists from. Pull up your area (or where you'd like to work, and see whate they're asking you to have. Then reverse engineer your education, and apply for that. Go through a good number of listings, just to make sure..