01/ Preface

What is network security ？

Network security refers to the hardware of the network system 、 The data in the software and its system is protected , Not damaged by accidental or malicious reasons 、 change 、 Let the cat out of the , The system operates continuously, reliably and normally , Uninterrupted network service .

1.2.3  Types of network security

（1） Physical security

（2） System security

（3） Electronic Commerce

（4） Security agreement

（5） Application system security

1.3.5  Network attack classification

（1） Take the initiative to attack ： A deliberate act that involves an attacker accessing the information he needs .

（2） Passive attack ： It's about gathering information, not visiting , Legitimate users of the data are unaware of this . Passive attacks include sniffing 、 Collect information and other attack methods .

1.3.6  Common forms of cyber attacks

（1） Logic bomb

（2） System Bug

（3） social engineering

（4） Back doors and concealed passages

（5） Denial of service attacks

（6） Viruses 、 Worms and Trojans

（7） Network monitoring

（8）SQL Injection attack

（9）ARP cheating

Network security post

Penetration test engineer ： 1、 be responsible for WEB、APP Application system for vulnerability discovery and testing ;
2、 Be able to exploit and analyze the discovered vulnerabilities , Further verification and test and give the solution ;
3、 Responsible for tracking and researching the latest on the Internet APP、Web Safety technology 、 The latest security holes .

Network Security Engineer ：

1. Be responsible for the penetration test of the company's business systems 、 Vulnerability excavation and security reinforcement ;
2. Be responsible for tracking and analyzing all kinds of safety problems , Emergency response to safety incidents ;
3. Participate in the construction of the company's network security system ;
4. Responsible for tracking the latest developments in the industry , Latest security vulnerability research and follow-up work ;

Reverse engineer :

1、 In charge of the company Android Product related technical problems ;

2、 Crack mainstream websites and app The anti climbing mechanism ;

3、 Grasp the development trend of network technology and network application ;

4、 According to specific product requirements , Provide the company with technical support for competitive product analysis .

Loophole / Virus analysis **** The engineer :

1、 Responsible for hardware and software 、 operating system 、 The firmware 、 Network protocol 、 Management mechanism and other loopholes ;
2、 Write relevant research documents , To write POC;
3、 Track and analyze the latest research results in the field , Innovative technology and methods , Promote the application to the ground ;
4、 Related technology research and system development

Security researcher :

1. Track and analyze the latest security vulnerabilities in the industry ;
2. Analyze the causes and utilization methods of vulnerabilities ;
3. Prepare vulnerability analysis report ;
4. Output detection capability .

Safety operation and maintenance / Security Service Engineer :

1 Familiar with common Windows&linux、Web Application and database attack methods ;

Master common Web Security vulnerability principle and utilization technology （SQL Inject 、xss Cross site scripts 、 Upload files 、csrf Request forgery across sites 、 File contains 、 Ultra vires 、SSRF etc. ）;

It can be seen from the above figure , According to work needs and responsibilities , Every post has key tasks and necessary skills .

for example , The main work of the safety penetration test engineer is to be responsible for WEB、APP Application system for vulnerability discovery and testing ; Be able to exploit and analyze the discovered vulnerabilities , Further verification and test and give the solution ; Responsible for tracking and researching the latest on the Internet APP、Web Safety technology 、 The latest security holes .

Another example is that the main work of security attack and defense experts is the actual combat of security attack and defense , Organized high-end offensive and defensive activities , Evaluate the safety protection level of the enterprise , And empower through the team , Improve the overall security attack and defense strength of the team , The required skills are mainly red blue confrontation and opponent simulation .

Choose a position that you are interested in, and you can focus on learning , If you don't know what you are interested in and are interested in more than one , You can learn it systematically first , Find a suitable direction to practice .

After you know your goals, you need to find learning materials to learn

1、 First of all, we should learn the basic knowledge and elements of the network , such as :http Agreements, etc .

recommend B Stand up and learn ： Network security course —p1http Review of the agreement

2、 Install common security software , such as kali, virtual machine

Reference resources b standing 【kali Installation configuration p2】

3、 It is easier to understand and absorb when watching videos and matching books

4、 Get into the habit of taking notes . Although the actual combat in the Internet era is particularly important , But taking notes can make the knowledge learned in a period of time fully reviewed or quickly reviewed when forgotten ~

in addition , In the process of learning, we need a learning route to follow , In case of disorderly study

This learning route covers the market 99% Safety technology content of , It's over .（ In order to show the whole content , The miniaturization is quite serious ）

In addition, I have posted the learning path resources that I have saved from several years of study below , Need to be able to get

【 Help safe learning , All resources are obtained from one by one 】
① Network Security Learning Route
②20 Penetration test ebook
③ Safe attack and defense 357 Page notes
④50 A security attack and defense interview guide
⑤ Safety red team penetration Kit
⑥ information gathering 80 Search syntax
⑦100 Three actual cases of vulnerability
⑧ Internal video resources of the safety factory
⑨ Calendar year CTF Analysis of the flag race

Finally, I will give you a common sense to protect yourself from information leakage ：

Common network password security protection skills

（1） Using complex passwords （2） Use the soft keyboard

（3） Use dynamic password （ One time password ）（4） Prevention of phishing

（5） Use SSL To guard against Sniffer（6） Try not to save passwords locally

（7） Use USB Key（8） Personal password management

（9） Password classification （10） biometrics