Behind technology is people, and in the area of cyber security, we need more of them. A question might arise in your mind, “Is there a shortage of skill in this field?” To this, my answer will be a big yes. How do we up-skill then? Well, as someone who has just started off in this field, I will highlighting a few points on which one can emphasise in case a person wants to get started off in this field. Additionally, any person, irrespective of their background, can enter the field of cyber security, provided they have a basic knowledge about computers.
I think a good understanding of the fundamental principles of networks, operating systems and database is very important. Beginners should understand the following concepts at a fair level:
1. TCP and UDP protocols, including how their headers look like and the functions of the different parts of these headers. For instance, if you don’t understand what is TTL value, then you will not grasp how traceroute works and why it doesn’t work in some networks. Similarly, without a good understanding of TCP flags, you would have a tough time figuring out how to get the most out of tools like Nmap.
2. IP, ICMP, DNS, ARP, RARP, FTP and HTTP are some of the other important foundational protocols of the internet. A strong know-how of how these protocols can help you get more out of various scanning tools and interpret their results more effectively.
3. A good book to get started with is Computer Networks by Tanenbaum. One of the other books that made me fall in love with networks and socket programming is UNIX Network Programming by W Richard Stevens, who also wrote the popular TCP/IP Illustrated series. I only did socket programming once as a paid assignment, but learning how to do this can clear up so many concepts related to networking.
4. Network architecture. The ability to read and analyse a network diagram is critical. The first time you look at a network diagram, it might seem overwhelming. My usual tactic is to simply ask the network administrator to walk me through the diagram. One of the easiest ways is to look for the Internet cloud in the diagram, traverse your way to the core switch and then to the other links. Once you’ve done this a few times, it becomes fairly easy. All networks are built up from the same elements — firewalls, switches, routers, WANs, LANs, VLANs, etc.
5. Firewalls. The first firewall I played around with was iptables on Unix, which was later called ipchains. Many commercial firewalls back in the day were built on top of ipchains. Nowadays, you not only have UTMs and Layer 7 firewalls, but also firewalling capability, which is present in the cloud via Amazon’s Virtual Private Cloud, Security Groups, etc.
6. Windows knowledge is very important. Even if you love working on a Linux or a Mac system, many of the systems you’ll be attacking and securing will be Windows PCs and Windows servers. A good knowledge of start-up programs, the structure of the Windows registry, services, users and groups, file system access control, the Event Viewer, etc., are important.
7. Cleaning an infected system by hand is probably the best way to learn how malware infects a Windows system. Of course, you can do this only for low-tech malware and not file-less memory-only malware, but doing this repeatedly can quickly help you understand many important concepts about Windows security.
8. Unix is one of the most powerful operating systems. Grasping important security concepts such as startup programs, connecting open ports to running processes (say using lsof or netstat), knowing log locations and log formats, pluggable authentication modules, bash history, etc. will go a long way in trying to attack Unix system or escalate privileges. This is also very helpful when investigating a hacked Unix system. My favourite Unix fundamentals and security book is Practical Unix and Internet Security.
9. Among the popular databases — Oracle, Microsoft SQL Server, MySQL, etc. — I would suggest you play around with at least one of them. Again, numerous online and offline resources are available to learn the security principles of these technologies. Database security is one topic that tends to put off security professionals, but I feel it is one of the most important elements to be conversant with.
10. The workings of web applications, basics of MVC frameworks, utility of stuff like AngularJS, etc. is important if you’re going to be able to test and secure web applications. But don’t stop there, it would be a good idea to explore the building blocks of Android and iOS mobile apps. To really understand iOS apps, you might need a Mac, but that should definitely not stop you from learning as much as you can theoretically. There’s tons of material on the official Google and Apple sites dedicated to Android and iOS — including security how-to’s.
11. APIs and containers. With the world having moved to DevOps and micro-services architecture, it is an added advantage if you’re also conversant with the workings of APIs and containers and their security risks. Again, you need not be an expert here, but a fair bit of working knowledge would definitely go a long way.
12. The OWASP Top Ten Web Application Security Risks is also a non-negotiable element of your repertoire. Being able to explain each of the Top Ten issues will go a long way in setting you apart from the crowd. Being able to explain the mitigation measures for each of the issues would nearly seal the deal during an interview.