Suggest a change

These fields are all optional and need only
be supplied if you would like a direct reply.

Subject
Your email address
Your real name

You must answer this!

If you don't, my spam filtering will
ensure that I never see your email.

What's 8 plus five (in digits only)?

Please make your changes here and then
Editing tips and layout rules.

File: GettingStartedInInfoSec

[[[> This page has been _
Tagged As Security and _
Tagged As Software ]]]
Saw this in passing on Mastodon and thought it was worth having
"to hand" as a sort of checklist for reference.

Here is what
''' <a href="https://mastodon.hasameli.com/@munin">@Munin, Keeper of Lore</a>
said:

----

Here's what I consider to be foundational concepts that you ought
to at least be aware of before going into infosec:

* What a computer is, and what common operating systems are.
  * What a software update is.
  * What an application is.
  * Where updates for applications come from vs. those for the OS.
  * What it means when an OS or application is EOL
  * What a network is
  * What an IP address is
  * What a netmask is
  * What a gateway is
  * What a route is
  * What DHCP is
  * What DNS is
  * What a port is - and the difference between well-known ports and the others.
  * How a TCP connection is set up
  * How a UDP connection differs from a TCP connection
  * What ARP is, and why you need it
  * What a MAC address is, and how to change it
  * Why a MAC address is not a unique identifier
  * How to set up a network enclave
  * What NAT is
  * What a firewall is
  * How a connection gets from point A to point B on the internet
  * What nmap is and when you'd use it
  * What a file hash is
  * Why it is not encryption
  * What happens when a file is written in the OS
  * What happens when a file is deleted in the OS
  * What file formats are and how they're detected
  * Basic understanding of HTTP and how it differs from HTTPS
  * What happens when you send an email

That should be a good basic manifest, and you'll doubtless
find out other things when you learn these.

Once you know about these things, we can talk about stuff
like the principle of least privilege and all that jazz,
and talk about how to work on securing your assets and
networks.

----

To this,
''' <a href="https://mastodon.social/@elomatreb">@elomatreb@mastodon.social</a>
replied:

* I'd add "why encryption without authentication isn't good enough"
  * ...  "a basic understanding of encryption and cipher modes"

Suggested by another colleague:

* what fragmentation is ...

* There are or have apparently been known attacks involving taking
      advantage of what different OSs do with overlapping fragments.
      If you send what appears to be the same packet fragmented different
      ways, but /actually/ gluing the various bits together you find that
      the overlaps are different, you may be able to get away with stuff.

* Is it worth mentioning IP options, IPv6 extension headers /etc./ ?

* What switches do when they don't know where destination mac address is.

* You can make a switch forget a mac address it once knew.  For example,
      send it stuff from lots of made up macs so it has to throw away ones
      it knows to make room for them.

* Should be know stuff like understanding how a computer boots and how
    bad'uns can interfere there?  Master boot records, and similar.
----

''' <img src="/cgi-bin/CountHits.py?GettingStartedInInfoSec" alt="" />