ZukoZuko LopezLopezNetwork Security ProfessionalNetwork Security Professional

http://www.myspace.com/zuko60http://www.myspace.com/zuko60

http://www.linkedin.com/in/zuko60http://www.linkedin.com/in/zuko60

http://www.task.to/http://www.task.to/

http://www.meetup.com/Toronto-CISSP/mhttp://www.meetup.com/Toronto-CISSP/members/8327532/embers/8327532/

IT SecurityIT Security

Some say that in order to achieve 100% Some say that in order to achieve 100% security in your computer or network you security in your computer or network you have to avoid buying or creating one.have to avoid buying or creating one.

But that is not IT or PC securityBut that is not IT or PC security

DAHHHHHDAHHHHH Others say that if you want 100% IT Others say that if you want 100% IT

Network or PC security buy a PC but leave Network or PC security buy a PC but leave it unpacked and DON’T create a network!!!it unpacked and DON’T create a network!!!

Humm!!!!Humm!!!!

BUT what is the purpose or use of an BUT what is the purpose or use of an unpacked PC or a non existent unpacked PC or a non existent network???network???

Even if you leave a PC unpacked you Even if you leave a PC unpacked you are not sure if it is already infected are not sure if it is already infected with a Trojan, spyware, Adware or is with a Trojan, spyware, Adware or is lacking an important security patch or lacking an important security patch or upgrade on the OS or any software or upgrade on the OS or any software or browsers that have been preinstalled.browsers that have been preinstalled.

With one simple phrase we could With one simple phrase we could confidently say:confidently say:

““100% PC or Network 100% PC or Network security is an UTOPIAsecurity is an UTOPIA.”.”

What is IT Security?What is IT Security?

IT SecurityIT Security

Before we can answer that question Before we can answer that question let us define some It Security fields, let us define some It Security fields, so that at the end you can find the so that at the end you can find the answer according to your field or answer according to your field or expertise.expertise.

IT Security Fields

IT Security

Design and Implementation

Monitoring

Management

Prevention

Auditory

Damage Control

In not particular orderIn not particular order

How I become an It security How I become an It security expert?expert?

IT security is a somewhat new and IT security is a somewhat new and old field and with many branches as old field and with many branches as you just saw.you just saw.

In the early days and IT security In the early days and IT security expert had to do everything and expert had to do everything and learn everything related to a PC or learn everything related to a PC or network security.network security.

Today is impossible to become an Today is impossible to become an expert on every field of IT security.expert on every field of IT security.

If you want to become a security If you want to become a security expert you have to find what is the expert you have to find what is the field that you like the most an prepare field that you like the most an prepare yourself toward that field and you will yourself toward that field and you will not become bored or burned out thru-not become bored or burned out thru-out your work lifetime.out your work lifetime.

Remember IT will always be a growing Remember IT will always be a growing field, industry or science as you want field, industry or science as you want to call it.to call it.

Back in the early days you became an Back in the early days you became an It security expert at the work place.It security expert at the work place.

NOW there are colleges or universities NOW there are colleges or universities or IT school programs to become an or IT school programs to become an expert on all the different fieldsexpert on all the different fields

More over there are a plethora of More over there are a plethora of certifications that you could pursue in certifications that you could pursue in order to call yourself an expert on a order to call yourself an expert on a plethora of IT security fields.plethora of IT security fields.

IT Security as seen on the previous IT Security as seen on the previous diagram could be split on diagram could be split on management, hardware and management, hardware and software.software.

Each one of these could be further Each one of these could be further split into other subfieldssplit into other subfields

Some are basic and other are more Some are basic and other are more advanced level of expertise.advanced level of expertise.

Back to our chartBack to our chart

IT Security

Design and Implementation

Monitoring

Management

Prevention

Auditory

Damage Control

In not particular orderIn not particular order

Security Security CertificationsCertifications

Not all and in not particular orderNot all and in not particular orderFor more info visit the vendors websitesFor more info visit the vendors websites

CompTIACompTIA Security +Security +

Security Certified ProgramSecurity Certified Program

Security AwarenessSecurity Awareness SCNSSCNS - - Security Certified Network SpecialistSecurity Certified Network Specialist SCNPSCNP - - Security Certified Network ProfessionalSecurity Certified Network Professional SCNASCNA - - Security Certified Network Architect Security Certified Network Architect CPE for CISSPCPE for CISSP - - CPE Credits for CISSP Certificate-CPE Credits for CISSP Certificate-

holderholder

CISCOCISCO Network SecurityNetwork Security

CCENTCCENT (entry Level)(entry Level)

CCNA SecurityCCNA Security (Associate)(Associate)

CCSPCCSP (Professional)(Professional)

CCIE SecurityCCIE Security (expert)(expert)

VPN and Security CertificationsVPN and Security Certifications

Cisco ASA SpecialistCisco ASA Specialist

Cisco IPS SpecialistCisco IPS Specialist

Cisco Network Admission Control Cisco Network Admission Control SpecialistSpecialist

Cisco Security Sales SpecialistCisco Security Sales Specialist

Cisco Security Solutions and Design Cisco Security Solutions and Design SpecialistSpecialist

CISCOCISCO Cisco Firewall Specialist Cisco Firewall Specialist Requires:Requires: CCNA + 2 Exams CCNA + 2 Exams

Cisco VPN Specialist Cisco VPN Specialist Requires:Requires: CCNA + 2 Exams CCNA + 2 Exams

Cisco IDS Specialist Cisco IDS Specialist Requires:Requires: CCNA + 2 Exams CCNA + 2 Exams

CCSP - Cisco Certified Security CCSP - Cisco Certified Security Professional Professional Requires:Requires: CCNA + 5 Exams CCNA + 5 Exams

Learning TreeLearning Tree

Security CoursesSecurity Courses

NSCP - NSCP - Network Security Certified ProfessionalNetwork Security Certified Professional

CIWCERTIFIEDCIWCERTIFIED

CIWCIW - Security Professional - Security Professional

(ISC)²(ISC)²

International Information SystemsInternational Information Systems

Security Certification ConsortiumSecurity Certification Consortium

Associate of (ISC)²Associate of (ISC)²SSCPSSCP - - Systems Security Certified PractitionerSystems Security Certified Practitioner

CAPCAP - - Certification and Accreditation ProfessionalCertification and Accreditation Professional

CSSLPCSSLP - - Certified Secure Software Lifecycle Certified Secure Software Lifecycle ProfessionalProfessional

CISSPCISSP - - Certified Information Systems Security Certified Information Systems Security ProfessionalProfessional

(ISC)²(ISC)²

CISSP ConcentrationsCISSP ConcentrationsISSAPISSAP - - Information Systems Security Architecture Information Systems Security Architecture

ProfessionalProfessional

ISSEPISSEP - - Information Systems Security Engineering Information Systems Security Engineering ProfessionalProfessional

ISSMPISSMP - - Information Systems Security Management Information Systems Security Management ProfessionalProfessional

GIACGIAC

International Information SystemsInternational Information Systems

Security Certification ConsortiumSecurity Certification Consortium

Certifications many offered Certifications many offered

Follow the linkFollow the link

http://www.giac.org/certifications/http://www.giac.org/certifications/

RSA SecurityRSA Security

RSA RSA Certified Security ProfessionalCertified Security Professional

RSA RSA SecurIDSecurID Certified Systems Engineer (CSE) Certified Systems Engineer (CSE) RSA RSA SecurIDSecurID Certified Administrator (CA) Certified Administrator (CA) RSA RSA enVisionenVision Certified Systems Engineer (CSE) Certified Systems Engineer (CSE) RSA Access Manager Certified Systems EngineeRSA Access Manager Certified Systems Enginee

r (CSE)r (CSE)

RSA Digital Certificate Management Solutions CRSA Digital Certificate Management Solutions Certified Systems Engineer (CSE)ertified Systems Engineer (CSE)

RSA DLP Suite Certified Systems EngineerRSA DLP Suite Certified Systems Engineer

BrainBenchBrainBench

Information Security AdministratorInformation Security Administrator

OtherOther Certification TestsCertification Tests offered by offered by

BrainBenchBrainBench

SECURITYSECURITY

SCP Corporate SCP Corporate

Security Certified Network Specialist Security Certified Network Specialist

Security Certified Network ProfessionalSecurity Certified Network Professional

Security Certified Network ArchitectSecurity Certified Network Architect

EC CouncilEC Council

Certified Ethical HackerCertified Ethical Hacker

CPTCPT

Certified Penetration testerCertified Penetration tester

Some but not all the companies that Some but not all the companies that offer this certification or coursesoffer this certification or courses

GIACGIAC

IACRBIACRB

EC-CouncilEC-Council

Hardware FirewallsHardware Firewalls

You can become an expert and obtain a You can become an expert and obtain a certifications on some of the most certifications on some of the most common firewalls in the marketcommon firewalls in the market

SonicwallSonicwall CiscoCisco JuniperJuniper SmoothWallSmoothWall GTAGTA

PreventionPrevention

User SecurityUser Security

You are the principal USER.You are the principal USER.

As an expert your obligation is to be up to As an expert your obligation is to be up to date in new technologies, training, date in new technologies, training, threats, patches, updates and as well to threats, patches, updates and as well to educate the non technical user at home educate the non technical user at home and at your workplace.and at your workplace.

Security starts with you and you are the Security starts with you and you are the first one whom will pay the consequences first one whom will pay the consequences of any security breach. of any security breach.

Lets begin with security basicsLets begin with security basics Antivirus, Spyware, Adware, Spam and Antivirus, Spyware, Adware, Spam and

software firewallssoftware firewalls

These can be monitor an managed at a These can be monitor an managed at a home an corporate level.home an corporate level.

There are various Antivirus suites to There are various Antivirus suites to achieve this level of security and more achieve this level of security and more often than not you become an expert by often than not you become an expert by using and monitoring these suites at using and monitoring these suites at home or workplace.home or workplace.

So far I don’t know of any certifications So far I don’t know of any certifications for this level of expertise unless that it for this level of expertise unless that it fits into another certifications.fits into another certifications.

Design and ImplementationDesign and Implementation

So Far This is all I got More to comeSo Far This is all I got More to come

ZUKO60ZUKO60