-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I would do some research on the SANS reading room, specifically the
Security Basics section at http://www.sans.org/rr/whitepapers/basics/
There are several papers written there on setting up an infosec
program within an existing environment that have tech savvy
(engineer) types. Also check out the security modeling and policies
sections.
Get familiar with the CIA, Confidentiality, Integrity, and
Authentication, model so that it is applied in every aspect of you
daily practices. Look at everything on your network from a security
point of view. Engineers mostly are trying to connect devices and
not so much worried about what "else" is open. Security folks are
checking that open connection and seeing what else is open, and how
it can be exploited. Reverse the thought process, close everything
and only open the bare minimum to make the connectivity do its thing.
Then when it is talking, make sure that nothing else can get through
your hole.
Hiring an engineer into the security field is good as they have the
protocol/IP experience. A lot of the work we are doing now includes
firewall reviews, network architecture design & reviews. They need
to know not just how to setup firewalls and connect network devices,
but what are the vulnerabilities of each firewall rule, connection,
protocol, port and such. It isn't just about connectivity, but what
could possibly be wrong with the configuration from a security point
of view. IP stack experience is good to have. Run Ethereal off your
desktop and be able to look at the output with knowledge. I've
gotten several 100mb log files that we needed to sift through to find
an attackers footprints, where, when, what did they access type of
stuff.
The training for security is ongoing, just like everything else in
IT. It evolves daily, you will always find something that you did
not know, someone will always know more than you.
Good luck to you and your group!
Randy Golly
Sr. Security Consultant
VeriSign Global Security Consulting Group
Grapevine, Texas
- -----Original Message-----
From: Ravi Kumar [mailto:ravivsn@rocsys.com]
Sent: Thursday, December 23, 2004 12:43 AM
To: focus-ids
Subject: what is required for an engineer to become an SECURITY
engineer
Hi,
I was asked to prepare syllabus for security management,incident
handling,forensics analysis, intrusion detection etc., Th intention
is train an engineer to become a SECURITY engineer.
-snip-
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
iQA/AwUBQcxLuB3mdvPQn8MfEQJo1wCdG6FQUJnbLKTuam9/j2AEEYiQ73cAmwXU
1xoato5T/Y7POqYulR/xMl/q
=PSZi
-----END PGP SIGNATURE-----
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------
