NetStumbler

So you want to be a Security Consultant?

Brad Slavin — Wed, 21 Dec 2011 20:23:35 +0000

This is my first guest blogging opportunity on Netstumbler.com and I wanted to discuss what I believe is missing in most of the student/consultants I encounter. I would recommend these things for anyone preparing to be a consultant in IT security.

So, the first and most important thing to learn in my opinion is TCP/IP. You need to know it as well as you do the alphabet. The majority of people I meet in the University world and out in industry do not have a detailed and thorough knowledge of TCP/IP. For a security consultant it is best that you can look at the packets and know exactly what is taking place at the lowest level the wire. Elite hackers know TCP/IP as well as they can write their name. To be able to secure the environment and the enterprise it is imperative you know it like they do.

Take wireless for example, many people will start playing with Wireshark to observe the traffic over the wireless card, as most of you can attest to when you first use Wireshark with a wireless card you start a capture, and you see NOTHING, because you are at the application layer, and do not have a good understanding of the lower layers, and also do not understand that you need to be in monitor mode to capture traffic for the most part, and you are connected to the network, and cannot sniff the wireless traffic, so as you read the alert message that tells you to check the selection for promiscuous mode, and then you deselect it, and what do you see? You see the 802.3 Ethernet traffic and not the 802.11 traffic you were expecting. Taking it one step further you need an understanding of the PHY layer before you start looking at a tools that analyze it for you.

The second most important thing is to learn Linux and Unix. Also, do not stop at Linux, download one of the Unix virtual machines and play with it until you get proficient at it.

A note on certifications, they are good for getting you an interview, but once you get that interview you have to convince the people there that you know what you are doing. There is no certification that can replace hands-on experience and knowledge, you can get that on your own by using virtual machines and building and running your own test labs. The concern over certifications is most are based on rote memorization, it is the same problem we have in academic circles (more on that in a moment).

The problem with this is when you study and cram for a certification exam you memorize something take a test, and then you get certified, but what does this really mean? In my view it means you studied and took a test, and be honest, some of these classes cram all of the information into your brain in 4-5 days, and if the class does not provide a study guide, or something similar to practice the types of questions you may encounter you would not see 90% and above exam success rates touted by so many sites. Now, we shall discuss academic thinking, most of the “academics” without industry experience do not understand what I have been talking about either. I was on a team that developed a Master of Science in Information Security, and I was the only non-academic on the team, the entire group was made up of all PhDs but me, and as we discussed the curriculum I focused on teaching the students protocol analysis … that is packets! Well this shocked pretty much all of the team, but I argued my point in many of the meetings, and finally swayed enough support where we had packet and protocol analysis as part of the curriculum

The most important thing I look for when hiring someone when I was running the Network Operations Center (NOC) is desire and initiative to learn. I would interview people with a list of certification as long as their arm, and when I asked them practical questions, they could not answer them, so they did not get the job. This is because I had junior personnel who could answer the questions, so how could I give someone a position over one of them at about 5 times the amount of pay they were getting. I could not justify it, and never did waiver on that. If a person has desire that is the most important thing. I had a guy come in fresh out of bootcamp that did not even know what UNIX was, and in 6 months he became my UNIX expert.

Another thing that helps is understanding programming, you do not have to be proficient at it, but being able to look at code and at least understand the fundamental concepts of it is very important in this field.

Finally, it is all about research, I learned to do research in Graduate school, I had a Professor Frank Coyle that specializes in using JAVA for real time systems, and he was instrumental in teaching me how to do research, and that is the intent of these short research topics, the more practice you get the better you get to be at it. Today with the amount of online information you can research in a few hours with the Internet. When I was in graduate school, I spent weeks doing research at libraries, take advantage of this opportunity we have today. Recommend you dedicate one hour a night to reading something, a whitepaper etc. There is a saying in the consultant field that as long as you can read the manual and understand it faster than the client you will always get the contract. That is why research is so important.

As I like to tell my clients, up until 2006 my certification count was 0, and now it is at 20, so it is not about getting a certification, it is what you do before and after you get that cert.

- Kevin

Kevin Cardwell currently works as a free-lance consultant and provides consulting services for companies throughout the world, and as an adviser to numerous government entities within the US and UK.

He is an Instructor, Technical Editor and Author for Computer Forensics, and Hacking courses. He is the author of the Center for Advanced Security and Training (CAST) Advanced Network Defense course. He is technical editor of the Learning Tree Course Ethical Hacking and Countermeasures and Computer Forensics. He is author of the Controlling Network Access course. He has presented at the Blackhat USA Conferences. He is a contributing author to the Computer Hacking Forensics Investigator V3 Study Guide and The Best Damn Cybercrime and Digital Forensics Book Period. He is a Certified Ethical Hacker (CEH), Certified Security analyst (E|CSA), Qualified Penetration Tester (QPT), Certified in Handheld Forensics, Computer Hacking Forensic Investigator (CHFI) and Live Computer Forensics Expert (LCFE), and holds a BS in Computer Science from National University in California and a MS in Software Engineering from the Southern Methodist University (SMU) in Texas.

You can find more information about Kevin at www.elitesecurityandforensics.com

Getting Serious About Wi-Fi Management

Wayne Slavin — Fri, 17 Dec 2004 01:02:00 +0000

The Radicati Group pegs the penetration of Wi-Fi in the enterprise at 50 percent by 2008. Cut that number in half and it’s still huge. So now that Wi-Fi is becoming a standard part of enterprise infrastructure, it’s time to get serious about security and management.
Via [techworld.com]

Azimuth Systems Launches VoWLAN Test Platform

Wayne Slavin — Tue, 30 Nov 2004 16:19:00 +0000

Wireless-network test-system developer Azimuth Systems today launched a benchmark test platform for testing VoIP (voice over Internet protocol) in Wi-Fi settings. The company claims that the W-Series wireless-LAN test platform validates both VoWLAN handsets and Wi-Fi infrastructure gear.
Via [edn.com]

Corporate Wi-Fi Integration, Part 4

Wayne Slavin — Sat, 30 Oct 2004 18:04:00 +0000

Mike Houghton wraps up his four-part series on integrating Wi-Fi with your corporate IT environment by providing a glimpse into the future and some final recommendations for a successful implementation.
Via [enterpriseitplanet.com]

Access All Areas

Wayne Slavin — Tue, 26 Oct 2004 18:49:00 +0000

When many companies find it hard enough to control the IT use of office-based employees, how do you convince them that giving staff remote access is a good idea?
Via [vnunet.com]

Drive-Through Wireless

Wayne Slavin — Tue, 05 Oct 2004 17:00:00 +0000

We’ve told this story in a dozen variations: The entrepreneur who envisions a new use for Wi-Fi, a moneymaker sure to tap into the demands of a previously unrecognized audience. Latte sippers. Boaters. RV drivers.
Via [wi-fiplanet.com]

Wound Up In Wireless

Wayne Slavin — Mon, 04 Oct 2004 21:26:00 +0000

With all the media coverage and vendor hype it is easy to believe we are in the middle of a wireless revolution. But don’t get carried away: while there is an opportunity to deliver value to customers through wireless solutions, resellers must present solid business cases and help customers around technical complexities
Via [vnunet.com]

Voice Over Wi-Fi: Too Green For The Enterprise

Wayne Slavin — Mon, 04 Oct 2004 14:35:00 +0000

Everyone likes to get something for nothing, so the combination of Internet telephony and open wireless access can seem irresistible. Imagine a wireless phone that can work with networks all over the world, without needing a subscription to a service provider.
Via [networkmagazine.com]

Group Proposes Wireless Smart Card Authentication

Wayne Slavin — Fri, 01 Oct 2004 18:51:00 +0000

The WLAN Smart Card Consortium Thursday proposed a new type of authentication that it claims will simplify securely logging on to all types of wireless networks.
Via [internetweek.com]

Corporate Wi-Fi Integration, Part 3

Wayne Slavin — Thu, 30 Sep 2004 02:01:00 +0000

Parts 1 and 2 of this of this 4-part series, we discussed some of the reasons for making the switch to Wi-Fi, the all-important site survey, and what components make up a WLAN. In this, part 3 of our series, we’ll discuss some of the issues that inevitably crop up and a list of the top Wi-Fi vendors.
Via [enterpriseitplanet.com]

Wireless Security Enhances Worm Detection

Wayne Slavin — Tue, 28 Sep 2004 15:47:00 +0000

Network Chemistry, a provider of RF (radio frequency) security solutions, announced Monday that new worm-detection capabilities have been added to its RFprotect Wireless Intrusion Protection System.
Via [news.zdnet.com]

WLANs Go Feral In Corporate Undergrowth

Wayne Slavin — Tue, 21 Sep 2004 16:47:00 +0000

Frustrated employees are taking IT into their own hands by installing DIY Wi-Fi access points (APs) in their offices while their IT departments donâ€™t even notice, according to Gartner. A rogue access point can leave an organisationâ€™s network wide open and once on the network, an unauthorised user could go undetected.
Via [theregister.co.uk]

College Backs Off Wi-Fi Ban

Wayne Slavin — Fri, 17 Sep 2004 14:30:00 +0000

High-tech tensions at the University of Texas at Dallas are easing, as administrators are curtailing the regulation of private hot spots in campus housing, but problems with interference may continue.
Via [news.zdnet.com]

Wireless Is More

Wayne Slavin — Fri, 17 Sep 2004 14:27:00 +0000

Want to free yourself from the clutter of computer cables, surf the web from the sofa, and download music in the garden? It’s easy – all you need is a wireless home network.
Via [vnunet.com]

Airespace Wins IBM Partnership For WiFi Service

Wayne Slavin — Thu, 16 Sep 2004 15:06:00 +0000

Airespace, a Silicon Valley telecom services start-up, won a partnership with International Business Machines Corp. that will help Airespace grab a piece of the growing market for WiFi services, the two companies told Reuters on Wednesday.
Via [reuters.com]