security crash course 1

[imbadatthis]

Howdy,

Need a bit of crash course on network security. Do's and Donts. Any websites? documents?
I have 4 days to readup as much as I can.

please help .

thanks,


We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.

 

[VinceWhirlwind]

I would start by familiarising myself with the 10 domains of the CISSP, then look in-depth at the bits you think you're going to need to know about:

Access Control
Categories and Controls
Control Threats and countermeasures
Application Development Security
Software Based Controls
Software Development Lifecycle and Principles
Business Continuity and Disaster Recovery Planning
Response and Recovery Plans
Restoration Activities
Cryptography
Basic Concepts and Algorithms
Signatures and Certification
Cryptanalysis
Information Security Governance and Risk Management
Policies, Standards, Guidelines and Procedures
Risk Management Tools and Practices
Planning and Organization
Legal, Regulations, Investigations and Compliance
Major Legal Systems
Common and Civil Law
Regulations, Laws and Information Security
Operations Security
Media, Backups and Change Control Management
Controls Categories
Physical (Environmental) Security
Layered Physical Defense and Entry Points
Site Location Principles
Security Architecture and Design
Principles and Benefits
Trusted Systems and Computing Base
System and Enterprise Architecture
Telecommunications and Network Security
Network Security Concepts and Risks
Business Goals and Network Security

 

[imbadatthis]

thanks vince.


We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.

 

[iolair]

Cisco has some really good documentation on this, too. Especially if you're looking to lock down a Cisco router/network. There is a lot of good information in the CCNA security certification books, too. I like the CISSP book, and also the Scott McClure book "Hacking Exposed". Good luck, sounds like you're on the right track.

Iolair MacWalter
Network Engineer

 

[Quadratic]

Network Security" is pretty broad. For a broad topic, I'd say something general like the CISSP (as suggested), or even the entrance Security+ would be ok. The real question is, what is driving your need to read up on network security? Anything more specific than that as the topic?

CCNP, CCDP, CCIP

 

[VinceWhirlwind]

Obviously he's put a bunch of stuff in a job application and now he has to come through at interview...

4 days is ample time to brush up on all the important talking points.

 

[imbadatthis]

Vince is some what correct.. well on the part of me having to read up . I dont put lies in my resume, the guys interviewing me know that I dont have alot of experience with it, its junior position. Im just trying to be proactive, and read up a bit as to not look like a complete idiot...

more was looking for best practices when it comes to network security...

which was answered.

thanks again,


We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.

 

[VinceWhirlwind]

Buy a concise CISSP book, learn the 10 domains, and say you intend to study for a CISSP.

Read this site:

http://www.schneier.com/

And drop Bruce Schneier's name at least once in relation to any of the posts on his site that relates to anything the interviewer asks you. Being familiar whith Bruce Schneier's work and opinions is an excellent career move if you work in security...

 

[imbadatthis]

VinceWhirlwind , thanks again,
If i may bother you one more time,

http://www.chapters.indigo.ca/home/search/?keywords=CISSP&pageSize=12

which book would you recommend?



We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.

 

[VinceWhirlwind]

Hard to say really, the one I had in mind was a very concise Sybex (?I think) book which is cheap (like, NOT $120!) and quick to read.

The "official (ISC)2 guides" could be good, I suppose.