In this video, Marc Menninger describes three enabling technologies for IT security professionals. Get an overview of IP networking concepts as well as common IP network attacks. Learn what you need to know about firewall key concepts and common attacks. And finally, explore cryptography key concepts and common attacks.
- [Instructor] As it says in the name, a big part of information technology security is technology. You won't get far in this field without a strong understanding of certain technologies. IP Networking, Firewalls, and Cryptography are three fundamental technologies you must understand as an IT Security Professional. These technologies are foundational because many other technologies are based on or are closely related to them. Let's start with IP Networking.
As an IT Security Professional, you'll be working with the Internet Protocol, or IP, and other network communication protocols, on a regular basis. You'll need to understand IP Networking because many security attacks are based on its flaws. Knowledge of a few key IP Networking concepts is critical. You should understand how IP datagrams are constructed with a header and payload and what encapsulation is. All IT Professionals should know about IP Addresses and sub-nets.
Understanding how IP routing works to transport data packets across network boundaries using routers, and how it relates to the seven layers of the OSI model is also helpful. There are also many common protocols in the Internet Protocol Suite which you'll need to be familiar with. Each of these has their own purposes and functions. Depending on your career, some of these will be more important that others. You'll also be expected to understand common attacks that exploit IP Networking flaws including eavesdropping, IP address spoofing, denial of service attacks, sniffer attacks, and man-in-the-middle attacks.
The next technology you should know is related to the first, Firewalls. Firewalls are used to protect the perimeter of networks. That makes them an important technology for Security Professionals to understand. You'll need to know what the different types of firewalls, like stateless, stateful, or proxy are used for and how they work. Where firewalls need to be placed on a network. How firewall rule sets and packet filtering work, well known ports for various types of internet traffic, the difference between network layer and application layer firewalls.
And how network address translation and private address ranges are used to protect hosts behind the firewall. Firewalls are also natural targets for attackers. You'll need to know about common firewall attacks like brute force and default password attacks, firewall vulnerability attacks, attacks against misconfigured firewalls, and destributed denial of service attacks. The final technology that you'll need to understand as a Security Professional is Cryptography.
A lot of security is achieved by encrypting data. You need to have a strong understanding of how encryption works. You should know common cryptographic algorithms, such as AES, Diffie Helman, RSA, ECC and others. The difference between secret key and public key cryptography, and common cryptographic concepts such as digital certificates, certificate authorities, hash functions, salt, key length, symmetric and asymmetric cryptography, stegranography and more.
Like any security technology, though, cryptography is subject to attacks. Some common cryptographic attacks include brute force, rainbow tables, birthday attacks, cryptographic weakness attacks, and side channel attacks. There are certainly many more technologies you'll need to understand, but IP networking, firewalls, and cryptography are foundational for a successful IT Security career.
Marc closes with a few pieces of career advice specific to the world of information security, which will help you succeed in this dynamic and high-demand industry.
- IT security key concepts
- The job marketplace (government vs. healthcare, etc.)
- IT security success traits
- Career specializations
- IT security certifications
- Getting experience
- Marketing yourself