General Security Training

SephStorm · July 2011

Anyone know anywhere to get some good general security training? What I mean is training on how to implement security technologies. Sec+ gave me a good overview of security theory and procedure. CEH gave me the tools and methodology of the attacker, but I am missing how to implement a defense.

I know there are several sites with videos and whatnot, but a lot of them are more collections than anything. I want a program that will go through in a logical path and teach me, for ex

how to choose a firewall and how to implement one. Walk me through an install. (I have an ASA, so teach me how to write an ACL, and other things needed. Maybye talk about DMZ's, show a real one (not just a diagram). IDS, same thing, give me a class on Intrusion Detection. so on and so forth.

Am I in the clouds? Does such a program exist? Do I need to look at a college program? Maybe special tutoring? The ENSA material looks like it works along those lines, but unless I get the CBT's I have doubts about going through those red books...

GAngel · July 2011

SephStorm wrote: »

Anyone know anywhere to get some good general security training? What I mean is training on how to implement security technologies. Sec+ gave me a good overview of security theory and procedure. CEH gave me the tools and methodology of the attacker, but I am missing how to implement a defense.

I know there are several sites with videos and whatnot, but a lot of them are more collections than anything. I want a program that will go through in a logical path and teach me, for ex

how to choose a firewall and how to implement one. Walk me through an install. (I have an ASA, so teach me how to write an ACL, and other things needed. Maybye talk about DMZ's, show a real one (not just a diagram). IDS, same thing, give me a class on Intrusion Detection. so on and so forth.

Am I in the clouds? Does such a program exist? Do I need to look at a college program? Maybe special tutoring? The ENSA material looks like it works along those lines, but unless I get the CBT's I have doubts about going through those red books...

CCNA/ccnp:s or MCITP/Linux

You have to walk before you can run. You implement "security technologies" on a platform. If you're not an expert at the platform you're going to leave holes that an experienced admin won't. Your defense starts with your basic design. Building a DMZ following a book takes 30 minutes putting the right servers in the dmz is where the real skill is involved.

I've had more security exposure working as a net admin than all my time in security niche jobs.

chrisone · July 2011

CCNA Security - Self Study Guide

CCNP Security - Secure, Firewall, VPN, IPS

Security Monitoring - by Chris Fry "O'Reilly Press"

ASA Configuration - Richard A. Deal

ASA All-in-one - by Jazib Frahim and Omar Santos

Network Flow Analysis - by Michael Lucas

Juniper Security Track

Depending on the vendor you choose but cisco will be your best bet. I threw in some other security books in there that are highly recommended around these parts of the woods.

docrice · July 2011

There is vendor-specific and vendor-neutral training. If you implement Cisco ASA or Check Point firewalls, you should get appropriate training for those platforms that you utilize in your environment. However, so far in my (relatively) limited training experience, I have found that vendor-specific training (even if it's on security-focused appliances) do not teach you "security" but rather "configuring security products." They are two very different things in my opinion.

SANS has really good vendor-neutral courses if you want to learn about firewalling (perimeter defense) and intrusion detection. They also cover just about all other security-related areas including systems, incident response, pentesting, development, auditing, etc.. The downside with SANS is that they're expensive, and from what I can tell they recently also had a price increase on their courses. In regards to firewalls specifically, the 502 class is great but it won't walk you through an install / configuration of any appliance, although it does cover a little bit of ACLs on IOS. The point of that course is more to teach you strategies and mindset which can be applied universally rather than focusing on a specific vendor platform. It also teaches you some limitations of various vendor platforms, information that you won't get in vendor-specific training.

There are also a number of books that generally come highly-recommended from a defensive side such as Tao of Network Security Monitoring, Security Warrior, etc..

You might also want to consider network design studies such as the CCDA (I haven't gone through it, so someone else can vouch for it's validity for the real world as well as its degree of Cisco bias).

All that said, "security technologies" is a pretty broad reference and can mean anything from network firewalls / IDS to host-based IPS to data-at-rest / data-in-motion DLP to drive encryption to credential management systems. It's a large spectrum and something that can't be covered in just a few courses. It sounds like you might benefit the most right now by learning how to configure a specific vendor technology such as an ASA. The ASA All-in-One book mentioned above in this thread would be a good starting point.

DMZ designs will differ from organization to organization depending on business requirements. Some are simple "three-legged" firewall designs while others are multi-tiered across multiple firewall layers. Determining what's needed is highly dependent on services to be exposed, existing compliance requirements, cost, and so on. While there are good general rules one can use as a starting point, there are other variables that come into play which can stretch-out / throw traditional assumptions out the window.

The best training program in my opinion is in a home lab you can make and break yourself. iptables and pf provide a free and fantastic way to get your feet wet. If you're so inclined, buy an ASA or an IOS-based router and depend on it for your home network. If you know how packets are structured and general protocol behavior, you can only go up. If you know how to configure ACLs on an ASA but forgo understanding the nature of common network protocols, you'll end up being just another button pusher.

Turgon · July 2011

Some good advice from Docrice.

SephStorm · July 2011

ok.

Based on this advice, my goals are looking like:

over the next year:
MCTS: Windows 7 as it is the platform that will likely be rolled out in my environment next.
Linux (no cert).
CCNA and CCNA Security.
ASA training of some sort.

in the mid term future I am looking at some server training / certification and a possibly getting back on the pentesting feild, as I hope to move into that field around that time frame.

This is of course subject to change. On that ASA book, is it sufficient for learning from the ground up, or would it be nessesary to go through CCNA (S) before reading it? I know the IOS syntax and many CCENT/CCNA level commands, and knowledge.

docrice · July 2011

Go for the ASA book. It's rather large, and if you work with an ASA it's a good reference. The software code that runs on ASA appliances is different from IOS, although much of the syntax is similar. You'll soon realize this as the NAT commands are not the same as IOS, ACL creation / deletion is similar-feeling but also not-quite-so, and the concept of security levels on an interface. That's just for starters.

The CCNA Security goes over IOS-based firewalling such as CBAC and the newer zone-based firewall features. Generally speaking, most organizations that I know who implement Cisco firewalls don't do it at the router level but have a dedicated "firewall" appliance like an ASA ... or PIX if their CFO is a firm believer in maximizing ROI on EOLed equipment.

Turgon · July 2011

I agree. You want that ASA book and some significant hands on with ASA. For me, no network professional is complete without deep appreciation of firewall matters. I have noticed a trend in recent years where dedicated firewall teams assume responsibility for them, often in large organisations that have many of them. Some of these operators have strong network skills, others marginal. As a network professional you want to be strong in route switch and production firewalls as one has implications for the other in terms of topology, traffic flow and separation.

SephStorm · July 2011

Thank you all.

treynolds · July 2011

SephStorm, once you know how to break it then you should know what needs to be fixed

It may not necessarily be a missing patch, but a configuration which allows more access than is necessary.

wastedtime · July 2011

Just some suggestions.
Networking side understand your common protocols and how they work. (One book I recommend Amazon.com: The TCP/IP Guide: A Comprehensive, Illustrated Internet Protocols Reference (9781593270476): Charles M. Kozierok: Books)

As far as operating systems go understand how Operating Systems work. How they manage memory and executing code. (Amazon.com: windows system internals: Books is a good book for Windows.)

I would also try to understand the basics of 32bit x86 assembly. learn a common programming/scripting language that isn't OS dependent. Not trying to say powershell and bash aren't good but I personally see it being more environment dependent (I personally like AutoIt). Java/C aren't bad on the programming side.

That is what I would consider the basics for a security professional. Being able to apply those and understand how they relate to what ever environment you are in. Keep in mind this is just a broad overview.

Bl8ckr0uter · July 2011

docrice wrote: »

Go for the ASA book. It's rather large, and if you work with an ASA it's a good reference. The software code that runs on ASA appliances is different from IOS, although much of the syntax is similar. You'll soon realize this as the NAT commands are not the same as IOS, ACL creation / deletion is similar-feeling but also not-quite-so, and the concept of security levels on an interface. That's just for starters.

Make sure you visit the security zone on cisco's site as the book is over 8.3 but 8.4 is out. I agree, it's pretty good (and huge lol). I suggest you pickup the TCP/IP Illustrated Vol I. I am reading through it right now and it is highly informative. I also have the TCP/IP Guide by No Starch and I plan to go through it when I am done with the Steven's guide. I would also pick up the wireshark guide as well. Very good information in there as well. I said this on another thread:

Bl8ckr0uter wrote: »

In order to be a Network Security Engineer you really have to focus on the words in that order. Learn Networking. Learn Security. Learn Engineering (putting it all together). In my opinion that is the way to really be l337.

As I have been reading more about TCP/IP, I "understand" how some of these attacks are fashioned and why they do what they do. I am sort of disappointed in the lack of packet level education in Cisco's courses /certs now. Make sure you balance any vendor book with any related RFCs on the subject.

On another note, why wouldn't you want linux plus?

General Security Training

Comments