In this video, Marc Menninger describes three enabling technologies for IT security professionals. Get an overview of IP networking concepts as well as common IP network attacks. Learn what you need to know about firewall key concepts and common attacks. And finally, explore cryptography key concepts and common attacks.
- [Instructor] As it says in the name, a big part of information technology security is technology. You won't get far in this field without a strong understanding of certain technologies. IP Networking, Firewalls, and Cryptography are three fundamental technologies you must understand as an IT Security Professional. These technologies are foundational because many other technologies are based on or are closely related to them. Let's start with IP Networking.
As an IT Security Professional, you'll be working with the Internet Protocol, or IP, and other network communication protocols, on a regular basis. You'll need to understand IP Networking because many security attacks are based on its flaws. Knowledge of a few key IP Networking concepts is critical. You should understand how IP datagrams are constructed with a header and payload and what encapsulation is. All IT Professionals should know about IP Addresses and sub-nets.
Understanding how IP routing works to transport data packets across network boundaries using routers, and how it relates to the seven layers of the OSI model is also helpful. There are also many common protocols in the Internet Protocol Suite which you'll need to be familiar with. Each of these has their own purposes and functions. Depending on your career, some of these will be more important that others. You'll also be expected to understand common attacks that exploit IP Networking flaws including eavesdropping, IP address spoofing, denial of service attacks, sniffer attacks, and man-in-the-middle attacks.
The next technology you should know is related to the first, Firewalls. Firewalls are used to protect the perimeter of networks. That makes them an important technology for Security Professionals to understand. You'll need to know what the different types of firewalls, like stateless, stateful, or proxy are used for and how they work. Where firewalls need to be placed on a network. How firewall rule sets and packet filtering work, well known ports for various types of internet traffic, the difference between network layer and application layer firewalls.
And how network address translation and private address ranges are used to protect hosts behind the firewall. Firewalls are also natural targets for attackers. You'll need to know about common firewall attacks like brute force and default password attacks, firewall vulnerability attacks, attacks against misconfigured firewalls, and destributed denial of service attacks. The final technology that you'll need to understand as a Security Professional is Cryptography.
A lot of security is achieved by encrypting data. You need to have a strong understanding of how encryption works. You should know common cryptographic algorithms, such as AES, Diffie Helman, RSA, ECC and others. The difference between secret key and public key cryptography, and common cryptographic concepts such as digital certificates, certificate authorities, hash functions, salt, key length, symmetric and asymmetric cryptography, stegranography and more.
Like any security technology, though, cryptography is subject to attacks. Some common cryptographic attacks include brute force, rainbow tables, birthday attacks, cryptographic weakness attacks, and side channel attacks. There are certainly many more technologies you'll need to understand, but IP networking, firewalls, and cryptography are foundational for a successful IT Security career.
Looking for study partners?Join the CISSP Exam study group
Demand for information security professionals has never been higher—and it's only projected to grow. Interested in finding a job in this exciting new field? Or simply advancing to the next level? IT security expert Marc Menninger explains how to launch and develop a successful career in information security. Learn about the nine most common security jobs and the duties and qualifications for each role. Learn which security certifications appear in job listings and which ones will help you get the job you want. Follow example career paths to learn how others have progressed: from IT hobbyist to help-desk technician to analyst, systems architect, and more. Marc closes with career advice specific to information security, which will help you succeed in this dynamic and high-demand industry.
- IT security key concepts
- The job marketplace
- IT security success traits
- Career specializations
- IT security certifications
- Getting experience
- Marketing yourself