As a beginner in IT Security, should I learn TCP/IP?

Question

I'm a university lecturer and a web and desktop software developer. For many reasons I want to learn software security to change my field in the long run. It's been a few days that I've started studying tcp/ip as my first step in this still self-learning process.

I thought it's better to share my efforts with the community to get as much as I can from experienced experts. I appreciate any guideline and etc which you will share.

Do you think I'm on the right track? Do you think it's a must to learn tcp/ip very deep?

Answer 1

IT in general, IT security in particular, is an area where you should always learn. When you do not want to learn any further, then it is time to retire. Therefore, you should already be eager to learn TCP/IP, and your question should be: "do I learn TCP/IP first, or is there something more urgent ?"

Knowing the internals of TCP/IP is an invaluable tool for understanding what is going on; it is very enlightening. I warmly recommend that you study it. Similarly, I recommend some knowledge of assembly, possibly electronics. Grasping the internal structure of protocols and languages and architectures allows you to keep track of the ever changing field of IT security with much less effort than simply looking at the surface of things.

(For instance, in my everyday work, knowing how SSL works turns out to be extremely useful, on a daily basis.)

Answer 2

Very deep? Assuming that means reading and understanding the entire RFC then no. What you need to understand in IT security is what happens to data end to end from when it is accessed by an application, to being transmitted over a network or the internet, to when it is re-assembled and used by an application on another system wherever that is in the world.

Understanding TCP/IP is a good thing, you also need to understand the context it operates in and its interactions with OSes and applications for it to be useful in a security context.

Answer 3

Basically I think there is a big distinction between knowing a protocol or set of protocols and meet one or more processes set as secure protocols, also because security itself may have several aspects and various depths, I not mean theory software but I would advise a good way to start with TCP/IP. Affirming a loud YES! is a splendid choice.

Therefore my main advice, as other users have advised to you; TCP/IP is a mainstay of digital communication and is very important, whatever your specialty, electronics or computer.

Now going into the details, since the ideal is to start where you can interact directly with the hardware, without any OS involved, luckily in the last 10 years, manufacturers of microcontrollers and microprocessors been made available to users' in the network, TCP/IP stacks shallow, easy to understand and implement, also they have pushed low-cost hardware to the disposal of users allowing many users trying a hardware implementation.

One of the most widespread is uIP (Totally free) and one of the most implemented by open hardware projects is the Microchip TCP/IP Stack (exclusive Microchip chips).

http://en.wikipedia.org/wiki/UIP_(micro_IP)

http://www.microchip.com/stellent/idcplg?IdcService=SS_GET_PAGE&nodeId=2505&param=en535724

I firmly believe that you can not be a specialist in something without knowing or being able to debug the source code and not knowing exactly how the hardware and that hardware allows a certain process, be it a diffusion mechanism or security mechanism.

It is also true that know in depth the hardware does not make you a security professional. But knowledge of the hardware details and the flow of the low-level software, are essential if you need solve real problems.

And finally I would like to advise a book, which I personally think is one of the best college texts to get started with the TCP/IP protocols

Data Communications and Networking by Behrouz A. Forouzan

Answer 4

Learning TCP/IP very deep is a matter of perspective. How deep are we talking about here ? Deep enough to get you into trouble or deep as in dissecting data packets and analyzing level at the switches or routers ? First one, i.e., "enough to get into trouble" is easy. Just find few relevant websites and start reading. And if you can get your hands on a set of firewalls and routers, start messing with them. In no time, I can guarantee you, you will feel you can move the earth with your knowledge. And you actually can, albeit, in a negative way. I am a UNIX guy and systems administration provides my livelihood for the past 20+ years. I have worked through the thick and thin of the field. I have worked with good network people as well as the "worst". And at the beginning everybody seemed like they knew what they were talking about. After a few live events, I understood who was a security expert and who was just faking it.

If you are interested in security, you most probably heard the term, the most secure computer is the one which has no connections to any network. And when I say network, with the exception of few monolithic mainframes communicating to each other in some old (and now esoteric) protocol, likes of SNA, NetBEUI etc, everything is handled by TCP/IP. So security without knowing TCP/IP is nothing more than glorified virus cleaner in my opinion. So, if your heart is in the field of information security, you will need to know TCP/IP really well. And for that, I strongly suggest, starting from a basic network administrator curriculum (which I believe is provided by most any community college with a computing lab) and then build upon it. If you want to be really credible, you will need to step up to the plate and get a CCIE certification, followed by CISSP (Certified Information Systems Security Professional). And believe me, if you want to master this field , you're looking down the barrel for about 7-8 years, as you need to progress slowly in the field, while working in real life IT shops. Security is a moving target. You can not get to it, just by reading. You need practice and it'd better be in the real life, not in an isolated, learning lab.

Answer 5

When I first started in IT Security I had an okay but not expert knowledge of how server operating systems work with TCP/IP stacks, nor was I an expert in TCP/IP on the wire. I thought that it was unnecessary and that I wouldn't gain much from learning it.

Years later, now being intimately familiar with server TCP/IP stacks and TCP/IP on the wire, I can tell you that I understand what is going on exponentially better, and I am much faster at detecting anomalies and understanding new security threats. Yes, even at a software level.

However, when cutting into IT security my suggestion is you will typically not actually understand the security concerns unless you have the ability to configure the boxes as an admin. This means time in the trenches as an operations or admin employee.

So, while I would agree that a knowledge of TCP/IP is very important, you should also know that to actually grasp the entire IT Security field you must have advanced knowledge in a plethora of IT concentrations.

IT Security is a never-ending learning experience, similar to all IT concentrations. However, since Security is broad you need to be aware of the changes for ALL IT concentrations, which is what makes this field challenging (And why I went into it). You will deal with new technology and new threats constantly, and if you are unable to dedicate yourself to keeping up with the field, you will no longer be effective in your job.

That being said, I feel that it's a great place for academics such as yourself because the perpetual learning process is not new to you, and academics also are comfortable "deep diving" numerous technologies.