I believe the most important aspect to security is programming. If it weren't for software, most security problems would not exist! To really understand security issues one needs to understand how software and hardware are related, the architecture of the computer itself. Then learn how computers communicate and networking fundmentals, namely protocols such as TCP, UDP and how they relate to IP.
At this point you can begin to learn about the various types of attacks, how they work and, most importantly, how to prevent them. Everything else is just composed of these essential elements. I warn you: there is a lot of material to be covered in what I just described. My opinion on programming languages: first learn C and C++. Then practice with a different language such as perl or perhaps (gasp) VB, just so you understand what a language is. Then learn assembly. The assembly language concepts are not the same as those in C/C++: you are working at a lower, closer to the hardware. Security takes committment; you must love to do this. That's my $.02. Good Luck. 'ken' Jack McCarthy wrote: > This is directed towards all who work or have working knowledge and experience in >the Internet/network security field. I am a firm believer in the rule, "Learn from >the mistakes of others. You won't live long enough to make all of them yourself" - >for that is the purpose of this post - to learn from those who have gone through this >before or who are currently going through it - whatever that 'it' may be. > > > Basic questions/thoughts: > > What would be the best way for someone to go about laying a solid foundation of >knowledge in the Internet/network security field - (specifically areas like intrusion >detection, scanning, firewalls, forensics, incident response and "The Honeynet >Project" like topics.) For example, if you had the ability to go back and learn it >again (do it all over again), how would you go about it? How would you do it >differently? In what order would you have studied the different >subjects/technologies? Does learning one subject/topic hinge on the ability to learn >another? If so, what would you learn/study first? Programming languages? Which >ones? In what order? What did you do to attain the knowledge you have? Would you >have done it differently? If so, how and why? > > For someone who already works in the IT field, has a strong interest in security and >wants to seriously pursue this field, what are the steps they should take in order to >get going on the right path - the solid path, the one with no shortcuts? I am >currently reading everything I can get my hands on (picked up 'Know Your Enemy' the >other day), just want to make sure I lay a solid foundation to build upon. > > > Grateful for the guidance, > > -Jack > >
