Security Thoughts, Ideas, Tips and Tricks
This page is a place for me to ramble about general ideas and specific actions that one needs to take to secure or attack systems.
The most important idea for attacking or securing systems
If you don't understand it, you can't protect it or attack it!
That's it in a nutshell. Of course that's impossible in computer science. There is just too much to know! So we need to know and understand the essential things. That is, those things that you must deploy or those things that the target deploys. Therefore the absolute knowledgebase that you must have comes in three flavors:
- Windows Systems
- Linux Systems
- Apple Systems
Optionally I would include the mobile environment a a specialty:
- Android Systems
- iOS Systems
What do these all have in common? System. If you don't understand these basic elements, there is no way to build secure systems. For each of these you have to understand how to maintain the OS, configure it and use it properly. Of course Operating systems alone cannot do much. They must be connected. So of course you need to add networking essentials too.
- Principles of Networking
- Internet Protocols and administration of networks in general
Next comes the frameworks and platforms on which applications are build that means understanding:
- Web Servers and Services on both Windows and Linux
- Containers (e.g. Docker, Kubernetes etc.)
- Key application architectural IT components such as a Email systems, SQL Server and other Data services
Next secure programming. I include this as a separate track that runs concurrently to everything else here, but I believe that programming is a fundamental that cannot be ignored.
- Programming Concepts
- Web programming
- Data structures and algorithms
- System programming/scripting
- Operating system concepts
- Programming Languages
Last, I include those areas of security:
- Security+ as a basis for understanding defensive security in depth.
- Offensive Security: Using tools and techniques to effectively test security through ethical hacking.
- Forensic analysis of attacks on systems.
- Legal responsibilities of IT [security] professionals.