Wednesday, May 28, 2008

HeX: From Zero To One

These days, I have encountered questions like this,

1. How can I be an efficient network security analyst?

2. Is there a quick path or short cut to be one?

3. I'm just system administrator/programmer and don't know crap about security, I'm interested in it but don't know where to start?

4. There are so many resources in the internet, what's the specific knowledge required to be network security analyst so that I can be more focusing on particular subjects?

If you are a student, or just starting to work as network security analyst, I hope this post will shade some lights for you -

I would like to point out 3 posts that I have written -

The HeX System that we are developing is the key to answer almost all your questions, but you might not be able to know where to look at if I throw you HeX liveCD without giving you hints or tips. The HeX Handbook which is derived from my own Network Security Analyst Handbook is actually designed to lead you to the right path.

If you read my post about HeX liveCD analogy, I mentioned this -

The HeX liveCD can only make up to this part(see below) -

Obtain Network Based Data -> Utilizing NSM Based Tools -> Generate Output

The rest depends on how analyst able to perform it -

Output Interpretation -> Output Analysis -> Output Summarization -> Report

Clearly enough, the HeX itself can't do everything for you, you have to help yourself starting from Output Interpretation process.

If you apply the reverse thinking, what are the obstacle you have encountered during Output Interpretation? You have used the tools to generate the output for you, for example - snort, bro-ids or even simple tcpdump. Apparently if you find yourself can't understand those output, you can't interpret them correctly. Now the important question is "Why can't you understand those output?" There are few answers to it -

1. You may not have enough network protocol knowledge.

2. You may not familiar with the tools because different tools tend to generate the output in different ways or results.

3. You may not update yourself with current security trends(follow bug traq, cve and so forth)

4. You are being lazy

Now I flash back again to my Network Security Analyst Handbook post, I have put the book into four sections -

Sec 1 - Net Sec Analyst: The RoadMap
Sec 2 - Net Sec Analyst: The Workflows
Sec 3 - Net Sec Analyst: The Tools
Sec 4 - Net Sec Analyst: The Case Study

For the Section 1 and Section 2, I have elaborated them as -

Network Security Analyst: The RoadMap
What are good foundations and technical knowledge that should be acquired to become good network security analyst? I hope The RoadMap can answer question like that, until now I haven 't seen any books discussing about this topic yet.

Network Security Analyst: The WorkFlows
What are the methodologies and mechanisms that are used by network security analyst to handle their tasks? The routine daily tasks, the automated and manual process of performing analysis, situation handling and so forth.
This is more of how to think or work like a network security analyst. I will try to standardize the common work flows but you are free to extend it to your own way.

If you have gone through Section 1 and 2, you should be able to do this -

Output Interpretation -> Output Analysis -> Output Summarization -> Report

Unfortunately we don't offer these in HeX version 1.x, but this is going to change, we are currently working on integrating things that are discussed in Section 1 and 2 into HeX version 2.x which will be released sometime around June. As Section 3 is already integrated into HeX, you should be able to complete Section 1-3 with HeX, all you need is discipline!

This is not a myth, the HeX Handbook will guide you to complete Section 1-3 using HeX System itself, you don't need more.

For the Section 4, I already have other plan and maybe you can see them in HeX 3.x, who knows.

If you want to learn to be a competent network security analyst, you can start with HeX. It will take you from 0 to 1.

Now I start to think that University should offer this kind of course for students, as far as I know country like Philippine has their Universities offering malware analysis course and therefore you can see a lot of them working in AntiVirus Industry, if our country want to produce competent network security analyst, they should offer security related courses in University. Not wait until they are out of school and busy with works.

Enjoy ;]

1 comment:

lisa moore said...

Security must be one of the priorities of a company if it wants to last. Utilizing data is not an easy task. Therefore, getting a support system is required in each company to ensure that the data is always safe and secured.

~Lisa Moore