What knowledge do you need to learn about network security?
First of all, you must (always) realize that you are studying what can be said to be the most difficult course. It is a top course in the field of network expertise. It cannot be learned by just anyone. Otherwise, everyone would be a hacker, and there would be no concept of hackers and network security.
Many friends can master the knowledge and skills of network security by taking a course and reading a book. Unfortunately, network security technology is by no means something that can be mastered in a few books or a few months. You will need to consult numerous reference books.
On the other hand, the traditional education concept we received in school has made us accustomed to teachers specifying teaching materials and reference books. Unfortunately, when you go to society or work, no one will specify what reference books you need to solve this safety problem. You have to study and solve the problem yourself.
Cybersecurity involves a wide range of knowledge, terminology, and theoretical knowledge. is causing a lot of difficulties in learning this course. It also requires us to invest more time and energy in learning it than other courses.
In summary, the main contents of network security courses include:
lBasic knowledge of security
lApplied cryptography
lProtocols Layer security
lWindows security (attack and defense)
lUnix/Linux security (attack and defense)
lFirewall technology
l Intrusion detection system
l Auditing and log analysis
The following introduces the corresponding specific content and some reference books for each part of knowledge (as mentioned earlier, if you have time and have If possible, you should read these books at least once).
1. Basic safety knowledge
This part of the learning process is relatively easy and can be completed in relatively little time. The content of this part includes: security concepts and definitions, common security standards, etc.
Most books on the basics of network security will introduce this part of the content.
The following recommends some reference books related to this part:
l "CIW: Holographic Tutorial for Security Experts" Translated by Wei Wei et al., Electronic Industry Press
l "Computer System Security" Cao Tianjie, Higher Education Press
l "Introduction to Computer Network Security" Gong Jian, Southeast University Press
2. Applied Cryptography
Cryptography is the foundation of modern computer (network) security. Without encryption technology, any network security is empty talk.
The application of encryption technology never simply stops at encrypting and decrypting data. In addition to achieving data confidentiality, cryptography can also complete functions such as data integrity verification, user identity authentication, and digital signatures.
PKI (Public Key Infrastructure) based on cryptography is an important component of information security infrastructure and a universally applicable network security infrastructure. The construction of authorization management infrastructure, trusted timestamp service system, security and confidentiality management system, unified secure e-government platform, etc. are all inseparable from its support.
It can be said that the application of cryptography runs through the entire network security learning process. Because most people have not been exposed to this aspect before, this is a weakness, so it takes more time and energy to learn than other parts. Also need to refer to more reference books.
The following recommends some reference books related to this part:
l "Cryptozoology" Song Zhen, Wanshui Publishing House
l "Practical Guide to Cryptozoology Engineering" 》Translated by Feng Dengguo and others, Tsinghua University Press
l "Guide to Secret Studies" Translated by Wu Shizhong and others, Machinery Industry (This book has a deep content, so you don’t need to read it completely, it can be used as a reference)
< p>3. Protocol layer securityThere are many reasons for the system to learn TCP/IP knowledge. To properly implement firewall filtering, security administrators must have a deep understanding of the IP layer and TCP/UDP layer of TCP/IP. Hackers often use parts of the TCP/IP stack to compromise network security. So you have to understand these clearly as well.
Protocol layer security mainly involves content related to the TCP/IP layered model, including the working principles and characteristics, defects, protection or alternative measures of common protocols, etc.
The following recommends some reference books related to this part (classic books, must-read):
l "TCP/IP Detailed Explanation Volume 1: Protocol" Translated by Fan Jianhua et al., Mechanical Industrial Press
l "Internet Using TCP/IP Volume 1 Principles, Protocols and Structures" Translated by Lin Yao and others, Electronic Industry Press
4. Windows Security (Attack and defense)
Because Microsoft's Windows NT operating systems have been widely used, they are more likely to be targeted.
The study of Windows security is actually the study of Windows system attack and defense technologies. The learning content of Windows system security will include: users and groups, file systems, policies, system defaults, auditing, and research on vulnerabilities of the operating system itself.
There are many reference books in this part. In fact, any book related to Windows offense and defense can be used. Here are some reference books related to this part:
l "A Practical Introduction to Hacker Attack and Defense" Deng Ji, Electronic Industry Press
l "Hacker Exposure" Translated by Yang Jizhang et al. , Tsinghua University Press
l "Sniper Hackers" Translated by Song Zhen and others, Electronic Industry Press
5. Unix/Linux Security (Attack and Defense)
As Linux’s market share increases, Linux systems and servers are deployed more and more widely. The security issues of Unix/Linux systems are also becoming more and more prominent. As a network security worker, Linux security definitely accounts for half of the importance of network security. However, compared with Windows systems, ordinary users have fewer opportunities to come into contact with Linux systems. Learning the Unix/Linux system itself is also a lesson they must learn!
The following is a recommended set of reference books for Linux system management.
l"RedHatLinux9 Desktop Application" Liang Rujun, Machinery Industry Press (not related to network security, can be used as a reference)
l"RedHatLinux9 System Management" Jin Jieheng, Machinery Industry Press
l "RedHatLinux9 Network Service" Liang Rujun, Machinery Industry Press
In addition to reference books related to Unix/Linux system management, two security-related books are also given here.
l "RedHatLinux Security and Optimization" Deng Shao_, Wanshui Publishing House
l "Unix Hackers Exposed" Translated by Wang Yichuan, Tsinghua University Press
6. Firewall Technology
Firewall technology is an important element in network security. It is a barrier and a sentry post when communicating between the external network and the internal network. In addition to having a deep understanding of the types and working principles of firewall technology, a network security manager should also be familiar with the configuration and maintenance of various common firewalls.
At least you should know the following simple configuration of firewall.
lThe use of various common personal firewall software
lACL-based packet filtering firewall configuration (such as Windows-based IPSec configuration, Cisco router-based ACL configuration, etc.)
l p>
l Firewall configuration based on Linux operating system (Ipchains/Iptables)
lISA configuration
lCiscoPIX configuration
lCheckPoint firewall configuration
lVPN configuration based on Windows, Unix, and Cisco routers
The following recommends some reference books related to this part:
l"
Network Security and Firewall Technology
》Chu Kuang, People's Posts and Telecommunications Publishing House
l"Linux Firewall"
Yu Qingni
Translated, People's Posts and Telecommunications Publishing House Society
l"Advanced Firewall ISA Server 2000" Li Jing'an, China Railway Press
l"Cisco Access Table Configuration Guide" Translated by Leading Studio, Machinery Industry Press
< p>l "CheckPointNG Security Management"Wang Dongxia
Translated, Machinery Industry Press
l "Virtual Private Network (VPN) Essence" Wang Da, Tsinghua University Press
7. Intrusion Detection System (IDS)
Firewalls cannot analyze data packets at all application layers and will become a bottleneck for network data communication. Even proxy firewalls cannot inspect all application layer packets.
Intrusion detection is a reasonable supplement to the firewall. It helps system administrators discover attacks and respond to them by collecting and analyzing various useful information on computer systems and computer network media. It can be said that intrusion detection is the second security gate after the firewall. It can monitor the network without affecting network performance, thereby providing real-time protection against internal attacks, external attacks and misoperations.
Hope it helps you