One of the most startling problems I find when interviewing is that the majority of people don't seem to have a good grasp of basic networking.
Ask someone what happens at a packet level when they type www.google.com into their browser and you are often met with blank response.
If you can't rattle off how DNS, ARP, basic routing, the TCP three way handshake and high level HTTP, I'm going to be disappointed!
What I've found over the years is that a solid, fundamental knowledge of networking is absolutely essential for any kind of hands on information security work. Be it understanding firewall rules, reviewing system design documentation, performing penetration testing or during incident response.
The problem with fully understanding networking is that, as with many things, it's all well and good reading it in a book but what you really need to do is see it in action in a network sniffer.
The problem with that of course is that most people don't have enterprise networks in their house for testing, and I wouldn't recommend digging around on production systems unless you fancy a rather abrupt end to your career!
This is where I think Practical Packet Analysis really comes into its own. The book takes you step by step through the fundamentals of networking, but provides sample packet captures in PCAP format and talks through each capture and how it's displayed and analysed in Wireshark.
The later sections of the book dig more into troubleshooting network problems, which may not be relevant for information security on a day to day basis but always handy to have as a resource in the back pocket.
Does this book explain every single protocol in a deep dive technical approach? No, definitely not. But what it does is give you one better. It gives you the basics, allowing you to better understand new protocols when you come across them. And if you're interested in more packet captures than you can shake your tcpdump at, check out Open Packet (https://www.openpacket.org/).
Taking this book, along with a good TCP/IP reference, such as TCP/IP Illustrated Vol 1, will get you up to speed in networking in short time and will dramatically increase your confidence in reviewing packet captures.
And it should also answer my interview questions if we ever cross paths!
Links:
NoStrach Press http://nostarch.com/packet2.
Amazon http://www.amazon.com/
No comments:
Post a Comment