Differences between revisions 4 and 5
Revision 4 as of 2019-12-17 22:09:06
Size: 2228
Editor: scot
Comment:
Revision 5 as of 2019-12-17 22:13:23
Size: 2308
Editor: scot
Comment:
Deletions are marked like this. Additions are marked like this.
Line 23: Line 23:
 1. Network Protocols Principles and specifically those protocols used in the Internet  1. Internet Protocols and administration of networks in general
Line 31: Line 31:
Next secure programming. I include this as a separate track, but I believe that also is a fundamental that cannot be ignored. Next secure programming. I include this as a separate track that runs concurrently to everything else here, but I believe that programming is a fundamental that cannot be ignored.
Line 34: Line 34:
 1. Web programming
Line 36: Line 37:
 1. Web programming concepts.  1. Operating system concepts
 1. Programming Languages

Security Thoughts, Ideas, Tips and Tricks

This page is a place for me to ramble about general ideas and specific actions that one needs to take to secure or attack systems.

The most important idea for attacking or securing systems

If you don't understand it, you can't protect it or attack it!

That's it in a nutshell. Of course that's impossible in computer science. There is just too much to know! So we need to know and understand the essential things. That is, those things that you must deploy or those things that the target deploys. Therefore the absolute knowledgebase that you must have comes in three flavors:

  1. Windows Systems
  2. Linux Systems
  3. Apple Systems

Optionally I would include the mobile environment a a specialty:

  • Android Systems
  • iOS Systems

What do these all have in common? System. If you don't understand these basic elements, there is no way to build secure systems. For each of these you have to understand how to maintain the OS, configure it and use it properly. Of course Operating systems alone cannot do much. They must be connected. So of course you need to add networking essentials too.

  1. Principles of Networking
  2. Internet Protocols and administration of networks in general

Next comes the frameworks and platforms on which applications are build that means understanding:

  1. Web Servers and Services on both Windows and Linux
  2. Containers (e.g. Docker, Kubernetes etc.)
  3. Key application architectural IT components such as a Email systems, SQL Server and other Data services

Next secure programming. I include this as a separate track that runs concurrently to everything else here, but I believe that programming is a fundamental that cannot be ignored.

  1. Programming Concepts
  2. Web programming
  3. Data structures and algorithms
  4. System programming/scripting
  5. Operating system concepts
  6. Programming Languages

Last, I include those areas of security:

  1. Security+ as a basis for understanding defensive security in depth.
  2. Offensive Security: Using tools and techniques to effectively test security through ethical hacking.
  3. Forensic analysis of attacks on systems.
  4. Legal responsibilities of IT [security] professionals.

MyStartingPage/Security (last edited 2019-12-17 22:13:23 by scot)