Скачать книгу

or services. In many such cases, people in those external organizations need access to internal resources. Every aspect of this process must be done right to prevent cybercriminals from exploiting external access and stealing data.

       ✓ Email server: Because email servers are connected to the Internet, systems engineers need to know how to correctly configure and “harden” email servers to prevent intruders from compromising the organization’s email communications.

       ✓ File server: Internal and external file servers must be correctly configured and managed to protect all sensitive information stored on them and to prevent intruders from being able to access sensitive data.

       ✓ Laptop computers: Personnel who build and manage laptop computers (as well as tablets and other cool devices that we all want) must include the latest measures, such as whole-disk encryption and advanced malware prevention tools, to prevent the compromise of data stolen on laptops, as well as to protect the systems that laptops are permitted to connect to.

       ✓ In-house written software: Software developers need to understand how to write software that will be resistant to attacks such as buffer overflow, script injection, and authentication bypass.

       ✓ Enterprise application with user accounts: Personnel who manage user accounts for enterprise applications need to keep accurate records and use detailed procedures to make sure that no unauthorized personnel are given user accounts. Also, applications must be configured to track all user logins, and create alerts if any user accounts are under attack.

      As you can see from this list, which is but a sampling of all the aspects that require security expertise in an organization, a wide set of skills is required for all IT workers, including specialized security personnel.

      Chapter 2

      Understanding InfoSec Roles: One Day in the Life

       In This Chapter

      ▶ Understanding the paths to achieving a security job

      ▶ Exploring the array of security-related jobs

      ▶ Climbing to the heights of security management jobs

      What is it like to have a security job?

      Many people obtain security jobs after they've been in IT for a number of years. In many cases, the ability to get a security job is a matter of opportunity – being in the right place at the right time. However, a lot more than good luck is required; you need the desire and the aptitude for a security job.

      Most people accumulated IT job experience and then move laterally into a security job. Others get a degree in computer science, management information systems, or information security and then get an entry-level InfoSec position. This chapter describes both job-hunting methods and also details the most common security jobs, from security analyst to CISO.

      Getting Security Experience Where You Are Now

      Workers early in their careers have the following complaint:

       I want to get this new job, but it requires experience. How can I get experience if I don’t have this job?

      Sounds like a chicken-or-egg problem, right? Not necessarily. Most security professionals didn't have a non-security-related job one day and a security job the next. Instead, they gained and built upon security skills in their current IT job.

      In this section, you explore the following IT roles and discover how to build your information security knowledge and skills while in those roles:

       Service desk analyst

       Network administrator

       Systems administrator

       Database administrator

       Software developer

       Project manager

       Business analyst

       IT manager

       Human resources employee

      

All IT positions contain security-related skills and responsibilities. Everyone in IT should be aware of the security-related aspects of their jobs. IT workers are entrusted with a high level of privilege: they have access to sensitive data and the systems that control it.

       Service desk analyst

      A service desk analyst assists users how have problems with their computers, user accounts, or business applications. In some companies this position is the equivalent of a help desk technician or a PC fix-it dude (or dudette).

      In many ways, service desk analysts have one of the most important non-security positions because they are in contact with users in all levels of the organization. For many employees, service desk analysts are the only IT people they will ever contact.

      A service desk person must be able to recognize several types of security issues, such as the following:

       Forgotten passwords

       Requests to install software

       Phishing messages

       Unsafe practices, such as sharing passwords or visiting malicious web sites

       Network administrator

      The network administrator title can mean different things in different organizations. This role often includes the administration of the following:

       User accounts

       File server access

       Remote access

      Network administrators are on the front lines of access control, and effective access control practices reduce the likelihood of a number of security-related problems, such as active user accounts for terminated personnel, granting excessive privileges, group accounts, and user accounts with non-expiring or non-complex passwords.

      

My security career started in network support

      Back in 1990, I was doing network support for a large dairy. They were having problems with their network and had been experiencing some unexpected financial reporting problems, so they had started to suspect fraud. The CFO approached me one Friday afternoon as I was working on the network and said something like, “So this system is secure, isn’t it, and can’t be the cause of our problems?”

      Caught off-guard, I answered, “Yes, sure, it must be”

      Driving home, I became increasingly concerned that I had answered without any evidence to back my words. This really worried me, so I went into the lab on the weekend and built an equivalent system that I proceeded to hack. I identified four or five issues and then devised controls to prevent or detect these.

      On Monday, I went back into the dairy and applied the fixes – and explained to the CFO why. At the time, security was not recognized as a separate skill or even a job; it was just something good network admins did.

      Without realizing it, I had become a white hat hacker and I moved full time into security about two years later!

      Richard N., London

       Systems administrator

      A systems administrator (also called a systems engineer) configures and maintains server operating systems and, in some organizations, desktop operating systems.

      A systems administrator – often shortened to sysadmin or SA – is usually responsible for all security-related configurations in operating systems, including the all-important system hardening, which is the practice of configuring

Скачать книгу