Learning Security

Eildor

I know very little about security other than the CCNA and CCNP Routing and Switching topics. Where would be a good place to start for someone who wants to learn more about security? I don't mind going the CCNA Security route, however I don't know whether that's the best option. Never configured a hardware firewall, IPS, IDS, ASA or anything like that; nor do I even know what the differences are between them.

Thank you.

RTmarc

Security+

Eildor

RTmarc wrote: »

Security+

Any reason why Security+ and not CCNA Security?

chrisone

I am assuming you want to stay in the network field? Then there is no reason to do security+ , i would go into the cisco realm. CCNA Security is best option. Security+ is more of a general informational cert that does cover network security but just from a theory perspective.

Eildor

chrisone wrote: »

Security+ is more of a general informational cert that does cover network security but just from a theory perspective.

That's exactly the impression I got looking at the contents page... many topics with very little coverage :S

chrisone

Yeah , plus in the end you are going to get hired for your Cisco certs not really for your security+ cert.

phoeneous

Eildor wrote: »

Any reason why Security+ and not CCNA Security?

Because security+ is a good place to start for general infosec. CCNA Security is specific to Cisco.

N2IT

I agree CCNA Security sounds like a great next certification to follow up on your studies.

Webmaster

I agree the CCNA Security can be a more valuable addition to a resume than the Security+ especially if you work with Cisco gear already, but I agree with the guys who suggested Security+ nevertheless. You mentioned "nor do I even know what the differences are between them" and while that is covered in the CCNA Sec as well, it's a strong indication that there is a whole lot more to learn from Sec+ than just the differences between those.

My suggestion is the Security+ exam objectives and/or study guides. Whether you should actually sit and pay for the Sec+ exam and the certification is another thing but in any case it's a good (and imo much better) place to start "for someone who wants to learn more about security". You mentioned CCNA and CCNP topics, if you already passed those exams and actually have or can get hands-on experience with Cisco gear I'd save the money for CCNA:Sec. After Security+ the CCNA:Security will be easier and you will be able to focus more on the vendor specific topics and device configs.

docrice

At least study the Security+ topics. If the only thing you have are Cisco certs (even CCNA Security) and you want to learn more about "security," I'd say do the Security+ exam as well. Some people think that just because someone configures firewalls for a living that it makes them a security guy.

Security is much about mindset as well as configuring devices. Understanding network threats goes beyond what vendor equipment certification provide. Cisco's security track as I've seen it so far is more about how to configure their products rather than really getting into why a setup should be done a certain way.

For example, if you have a given network architecture with ASAs and other devices, how would an attacker attempt to sneak past the defenses and with what methods and tools? Cisco training doesn't cover this at all. I work with routers, switches, firewalls, intrusion detection / prevention systems, and other traditional networking equipment all day, but it's obvious there's a lot more to it than that.

There's a place for vendor-specific training. There's also a real need for vendor-neutral training which can dive deeper than that. Security+ is a good start. It's basic, and you may find yourself still wanting to know the difference between router ACLs (stateless, unless you're talking about IOS Firewall with CBAC or the zone-based version), stateful-inspection firewalls like the ASA (which also does a little app inspection), the newer application-recognition firewalls (typically marketed as "nextgen"), intrusion prevention, and even application-specific (such as web application firewall). Many times these are combined into a single appliance. Other times companies buy individual point solutions for their needs.

Ahriakin

Echoing the advice to do the Sec+ first. One thing you really need to understand is Security is the ultimate grey area on any network. Even if you only intend to work on Cisco security appliances in a dedicate role you not only need to have a good understanding of InfoSec in general but also an understanding of the data you are protecting (which often means OS/Server knowledge). Context is everything and without the generalized theory to go with it you cannot understand and protect your network adequately. General information helps you strategically, vendor specific information helps you tactically.

YFZblu

Good advice here. It sounds like you need a high level broad view of security, which the Security+ will provide. After that, you have some options. If you want to be network specific, you can take a look at the CCNA: Security track - Just remember the CCNA is a prerequisite for that certification if certifying is your goal. If you prefer to stay general but want to go deeper, the GIAC GSEC certification will do that for you. Unfortunately there is not much of a track for GIAC certifications other than shelling out for the training they provide; the training they provide is world class, btw.

I agree with docrice - there is more to security than knowing how to configure ZBF. Security+ will introduce you to a broad range of security topics and it's a good place to start.

RTmarc

Webmaster wrote: »

I agree the CCNA Security can be a more valuable addition to a resume than the Security+ especially if you work with Cisco gear already, but I agree with the guys who suggested Security+ nevertheless. You mentioned "nor do I even know what the differences are between them" and while that is covered in the CCNA Sec as well, it's a strong indication that there is a whole lot more to learn from Sec+ than just the differences between those.

My suggestion is the Security+ exam objectives and/or study guides. Whether you should actually sit and pay for the Sec+ exam and the certification is another thing but in any case it's a good (and imo much better) place to start "for someone who wants to learn more about security". You mentioned CCNA and CCNP topics, if you already passed those exams and actually have or can get hands-on experience with Cisco gear I'd save the money for CCNA:Sec. After Security+ the CCNA:Security will be easier and you will be able to focus more on the vendor specific topics and device configs.

Bingo! Perhaps I shouldn't have been so subtle.

N2IT

The OP doesn't new to spend 256 USD on a basic certification just to fill in the gray areas. He can pick up a security book or 2 apply the knowledge as needed. Grabbing a PDF or digital book for ~10 dollars would be a great idea, the cost is low and the impact would much higher than the cost.

IMO The security NA would be the next step in the certification process. (This is of course I am understanding the OP's career direction, which sounds like he/she wants to continue with networking).

Eildor

Thank you all very much for your advice!

I will read through the Security+ material before going on to the CCNA Security material. I graduate in April, at which point I will be looking for a job as a junior network engineer (something along those lines)... so I don't think I need to be a security professional, but I guess it would help to know the basics of security and monitoring. If I can do the CCNA Security exam before I graduate that would be great, if not it will have to wait.

What kind of software should I familiarise myself with in preparation for when I look for a job? I think CCNA Security is based on ASDM... but is that used as much as something like Check Point in the real world? If I know one then I guess learning the other wouldn't be too difficult; it'd just take familiarising oneself with the GUI.

Kasor

Just a quick question, by having all these security certification, how many percentage of your daily function that dealing with security routing. Don't just go after the certification. Look into the career and objective that will help your job. If you don't have a job yet, then you need to look into getting a job, but have all those certification didn't mean that you can do the work. Just a reality check. Security is a great, but very competitive and only few people will actually do security work.

Eildor

Kasor wrote: »

Just a quick question, by having all these security certification, how many percentage of your daily function that dealing with security routing. Don't just go after the certification. Look into the career and objective that will help your job. If you don't have a job yet, then you need to look into getting a job, but have all those certification didn't mean that you can do the work. Just a reality check. Security is a great, but very competitive and only few people will actually do security work.

I'm still in full-time education, so I can't exactly look into getting a job just yet. Certs are just there to hopefully make it easier for me to get an entry-level job.