Security Thoughts, Ideas, Tips and Tricks

This page is a place for me to ramble about general ideas and specific actions that one needs to take to secure or attack systems.

The most important idea for attacking or securing systems

If you don't understand it, you can't protect it or attack it!

That's it in a nutshell. Of course that's impossible in computer science. There is just too much to know! So we need to know and understand the essential things. That is, those things that you must deploy or those things that the target deploys. Therefore the absolute knowledgebase that you must have comes in three flavors:

  1. Windows Systems
  2. Linux Systems
  3. Apple Systems

Optionally I would include the mobile environment a a specialty:

What do these all have in common? System. If you don't understand these basic elements, there is no way to build secure systems. For each of these you have to understand how to maintain the OS, configure it and use it properly. Of course Operating systems alone cannot do much. They must be connected. So of course you need to add networking essentials too.

  1. Principles of Networking
  2. Internet Protocols and administration of networks in general

Next comes the frameworks and platforms on which applications are build that means understanding:

  1. Web Servers and Services on both Windows and Linux
  2. Containers (e.g. Docker, Kubernetes etc.)
  3. Key application architectural IT components such as a Email systems, SQL Server and other Data services

Next secure programming. I include this as a separate track that runs concurrently to everything else here, but I believe that programming is a fundamental that cannot be ignored.

  1. Programming Concepts
  2. Web programming
  3. Data structures and algorithms
  4. System programming/scripting
  5. Operating system concepts
  6. Programming Languages

Last, I include those areas of security:

  1. Security+ as a basis for understanding defensive security in depth.
  2. Offensive Security: Using tools and techniques to effectively test security through ethical hacking.
  3. Forensic analysis of attacks on systems.
  4. Legal responsibilities of IT [security] professionals.

MyStartingPage/Security (last edited 2019-12-17 22:13:23 by scot)