Cyber Security - Where do I begin? Should I begin?

[nycsusan@hotmail.com]

I may have an opportunity to get into an Internet Security position and I was wondering what all I need to learn to be effective in that role? I am studying Java and XML already, would those skills be applicable? Do I need to learn about TCP/IP, routers, networking, UNIX, NT, what? And in what order? As part of my regular AS/400 duties, I handle security on our AS/400s. However, the web servers are NT so I have no idea if the security concepts that I know and love on the 400 will help me in this Cyber Cop role. Also, if any of you have career advice about this, I am all ears. I see this as an ongoing need - job security, if you will (no pun intended). There will always be hackers wanting to cause trouble, and (I believe) there will always be a need for people to stay one step ahead of them. Or am I mistaken? To sum it up: What would I need to learn in order to manage internet security, and in what order? What do ya'll see as the future job market for Internet security gurus? Thanks in advance!

[Guest.Visitor]

Susan, Most of all, if the person hiring you for the position knows of your limitations and accepts you, make sure you will have the opportunity to enhance your abilities (at the companies expense) in the form of seminars, classes and publications. I would check out the Security textbook that Midrange publishes as well as the one that was published by Duke Press (News 400). Both are excellent pubs and if I remember correctly, a Wayne wrote both of them. Different Waynes though. Good topics there. I would also find out what kind of server they are using (i.e. Domino or what) and then use the YAHOO (or other) search engine to find info on them. Good luck -Bret

[J.Pluta]

A short list: AS/400 ------ The CFGTCP command and all its submenus, including * Host tables * Port restrictions * Routes and interfaces Exit programs Host servers IBM HTTP Server WebSphere TCP/IP ------ IP addressing Routers/firewalls, including * NAT (Network Address Translation) * IP filtering Virtual Private Networking Domain configuration HTTP and SSL SMTP (Simple Mail Transfer Protocol) SNMP (Simple Network Monitoring Protocol) The above is "all" you need to effectively address security concerns on an AS/400-only network. However, for higher security, you may also want to include APPC communications for secure 400-to-400 communications. If you plan on using Windows or UNIX as your web interface, you'll also need to understand the software on those platforms. Windows 2000 has a fairly extensive web server (Internet Information Server), while UNIX and Linux boxes tend to rely on Apache. You'll also need to understand the various administration, backup and security questions there. To be a security "expert" in the Internet world requires a rather broad range of expertise, and it's an awful lot for one person. That's why my company relies on two different people: one for AS/400 security and one for Internet security. Java and XML expertise is primarily for the application side of things, and will neither help nor hinder you in your pursuit of security knowledge. However, Java is more appropriate than XML in web presence, while XML will probably (the jury is still out at this point) be more helpful in B2B applications in the long run. Realize that XML is rapidly evolving, and there are a whole host of related technologies already, including WML, VML and XAML, not to mention a steadily growing set of tools to utilize XML in applications. Hope this helps. Joe http://www.java400.net http://www.edeployment.com http://www.plutabrothers.com

[nycsusan@hotmail.com]

The groups I am looking at use NT - goodbye AS/400. What does that do to your lists, if anything. Can I leverage my 400 security skills at all if I move to Cyber Security on NT?

[nycsusan@hotmail.com]

Bret wrote: "Most of all, if the person hiring you for the position knows of your limitations and accepts you, make sure you will have the opportunity to enhance your abilities (at the companies expense) in the form of seminars, classes and publications." Yes, I agree, and I am always completely honest with what I know and don't know. But I am the type who does my homework and I'd like to bring training to the table if I cannot bring experience. I think it demonstrates initiative, which I have LOTS of!!! What do you think about the future job market for Cyber Cops?

[Guest.Visitor]

Susan, In the most general sense: Yes. The AS/400 security concerns differ very slightly. User, device rights, file rights, software rights and manipulation rights are similar enough. The AS/400 only proves that you have a knowledge of security concepts. A very important thing for security gurus. I worked in one shop as a consultant where the manager actually pettitioned for and got permission to remove the floppy drives from the PC workstations. Quite an uproar, but he had been hosed up a couple of times that month because virus' from user installed software. Games and such. His firewall was not all that much, but he certainly cut down the chances of infection. Read, read and read in the mean time. -bret

[Guest.Visitor]

The Pentagon seems to think quite highly of them. Just opened up a hundred or more positions in the Virgina/Washington area. -bret

[J.Pluta]

(this is an opposing viewpoint ) No, AS/400 security and NT administration are completely different animals. If you've managed to get at all into the IFS security (read, write, execute as opposed to *CHANGE, *USE, *OBJMGT and the like), you'll have a better grasp of the fundamentals of UNIX/NT security. As an additional note: Windows 2000 outstrips Windows/NT in several crucial areas, the most germane to this discussion being: TCP/IP access! My TCP/IP expert tells me that Windows 2000 has a completely rewritten TCP/IP stack (that's the interface software to you and me) that is twice as fast as that of NT. Unofficial tests show nearly double the throughput on Windows 2000 as compared to NT. So moving into an NT position may not exactly be your most career-extending option. Joe

[Guest.Visitor]

Susan, Hope you don't miss the 400 too much. I would highly recommend studying for MCSE with an emphasis in security. Windows NT 4.0 is being replaced with Windows 2000. I would go for the 2000 certification. Not only will you need to study but hands-on Windows NT/2000 skills cannot be beat. It would be very helpful if you have access to a network that you can experiment with. Good luck Susan! PS - Is there a Windows forum as good as this one? You may miss us too. Scott

[Guest.Visitor]

Joe, I'd add "hacking" to your well thought-out list. Learn some socket programming and do some hacking (into your own systems, of course). Consider how that might help you stop a malicious hacker. Nathan.