FW: TCP/IP skills

drbitbucket_at_comcast.net
Date: 07/08/04

  • Next message: Jordan Cole (stilist): "Re: TCP/IP skills"
    To: pen-test@securityfocus.com
    Date: Thu, 08 Jul 2004 17:48:51 +0000
    
    

    I couldn't agree more. Using the tools is one thing. Knowing how they work is entirely another. Having those core skills not only allows you to dig down, deep, and understand what really is happening, but it also allows you to choose which tools do a good job and improve upon them or find other tools if they don't give you what you want.

    Of course, knowing what you want is another of those skills that comes from a greater understanding of security as it applies to network traffic as well as operating system/service stimulus and responses.

    Acquiring those skills don't come over night either, it takes a lot of work and time. It is tempting to many to simply use the tools without getting to know the fundamentals.

    Jon Repaci, GCIA, CISSP

    -----Original Message-----
    From: Don Parker [mailto:dparker@rigelksecurity.com]
    Sent: Tuesday, July 06, 2004 7:21 PM
    To: pen-test@securityfocus.com; vuln-dev@securityfocus.com
    Subject: TCP/IP skills

    Hello all, I just wanted to comment on what I see as a rather alarming trend in
    the
    security industry today. More and more many are becoming reliant upon tools to
    do their
    job whilst they ignore core components of their skillset. Specifically in this
    case an
    in-depth knowledge of TCP/IP.

    Knowing TCP/IP at a granular level in my opinion is very much a core skill that
    must be
    attained by anyone who wishes to have a successful career in the network
    security
    industry today. One cannot become adept by simply using tools, and never knowing
    how to
    interpret the output by verifying the packets themselves.

    It constantly amazes me when I teach a TCP/IP Analysis course that people who
    are
    presently in the industy do not know of such basic TCP/IP concepts as the 3 way
    handshake and how ICMP works. That or being able to wholly dissect a packet and
    explain
    the relationships between various metrics.

    I would be curious to hear of your opinions on this?

    Cheers,

    Don

    -------------------------------------------
    Don Parker, GCIA
    Intrusion Detection Specialist
    Rigel Kent Security & Advisory Services Inc
    www.rigelksecurity.com
    ph :613.233.HACK
    fax:613.233.1788
    toll: 1-877-777-H8CK
    --------------------------------------------


  • Next message: Jordan Cole (stilist): "Re: TCP/IP skills"