Cable_Chaos_to_Network_Zen_Dr_James 1.pptx
aliashahira9
17 views
30 slides
Jul 27, 2024
Slide 1 of 30
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
About This Presentation
network
Slide Content
From cable chaos to network zen 12 July, 2024 Trainlocate
James Stanger, PhD Chief Technology Evangelist - CompTIA A+, Network+, Security+, MCSE, LPI LPIC 1, Symantec STA Technologist, author and educator. Responsible for working with students, IT pros, hiring managers, and helping shape CompTIA educational standards. I have experience in: Leading organizations (company president) Security analytics and monitoring Exponential technology (e.g., blockchain, AI & ML) Data analytics Linux and open source Cloud security Pen testing, red teaming Threat hunting Network administration Web technologies Education program development CompTIA blog page: https://tinyurl.com/y6pdw72g Your presenter LinkedIn: @jamesstanger
Agenda Demand for networking skills Evolution of the cloud and cybersecurity CompTIA pathways and Network+
You’re viewing 90% of tech careers that exist right now Drilling down to cyber unique skills: Pillars of IT INFRASTRUCTURE Cloud, data center, on-premise, telco, networking, automation, databases, AI DATA Turning raw data into actionable information; analytics, search, modeling, data lifecycle SECURITY Analytics, pen testing, GRC, incident response, cloud security, cyber threat intelligence DEVELOPMENT Coding, development, full-stack, front-end, infrastructure as code AI https://www.comptia.org/content/research/using-strategic-it-for-competitive-advantage
How network tech saved my family Traveling in the UK Accident Escalator stopped But, who did it? Some peaks behind the scenes PLC Control Analog Digital Considerations: “Natural” air gap - maybe Retrofits Signatures Vendor tendencies The human Medical training IT OT Network tech Security and privacy
“We’re finding that we’re spending at least 50% of an employee’s time just training them in the first year of their employment. You can’t work on a network if you don’t know how a network works.” -- Michael Geraghty Chief Information Security Officer, State of New Jersey Today’s data fabric, web 3.0 world Essential services Customer Experience (CX) Your identity (IAM) AI-enabled decision-making Context-specific intelligence Data Lakes Distribution Methods Access Methods Data Stores Data aggregation Cloud Data centers On prem Networks Analytics The need for networks
Everything! Web Database Customer Relationship Management (CRM) In multiple environments Cloud Data center On-prem What are we connecting? The “tech trifecta” Cloud Data center On-prem
Our connected world Asymmetric situations Morphing attack surfaces / problem surfaces Larger More varied Supply chain issues Hardware and software People, Partners, employees Regulations and directives
Network support technician Network administrator / engineer Network architect Networking – essential skills
Connecting IT and OT Is the tech connected? Hotels Restaurants Medical devices Automobiles The electrical grid Water systems Agriculture Shipping
How networking saves the day Who else makes sure everything is connected? Skills needed: Curiosity Troubleshooting steps and methodology Tools of the trade Chris Hunt IT Manager Port of Grays Harbor , Washington State
where to start?
From a “live” interview What happens when you visit company.com? They’re asking about name resolution – DNS How does a name resolve into an IP address? Recursive DNS Order of resolution + They’re really asking about networking foundations – do you have them? Know your protocols!
Putting the OSI/RM to work Frame Ethernet (type) IP ( v4 and v6 ) UDP TCP Various protocols Vendor usage ARP
IPv4 and IPv6 Better traffic handling / routing / fragmenting Processing at end points, instead of router Less congestion at routers Better addressing Larger space Improved routing protocols I’ve shown these slides before, but folks have asked to see it again.
Learn how networks and applications “talk” We’re still using the same applications Some “lift and shift” So, many of the same techniques apply in the cloud So, learn how applications “talk” API knowledge is essential, too
HTTP – the dominant application used today Used in: Web traffic Business services (e.g., CRM) Apps Remote connectivity Many attackers therefore disguise themselves in it Attackers usually “roll their own” HTTP C & C traffic Data transfer How well can you differentiate HTTP traffic “dialects” and “hand-rolled” HTTP? HTTP shared libraries (Windows, Linux, MacOS, etc.) Each HTTP library has its own “dialect”
Server Message Blocks (SMB) Two considerations: Port 139: SMB originally ran on top of NetBIOS using port 139. NetBIOS is an older transport layer that allows Windows computers to talk to each other on the same network. Port 445: Later versions of SMB (after Windows 2000) began to use port 445 on top of a TCP stack.Jan 4, 2019
DHCP Know how the protocol works Read the RFCs 2131 2132 Devices that provide DHCP include: Routers Servers Windows Linux Gaming consoles $ sudo apt-get install isc - dhcpd -server $ sudo pico / etc / dhcp / dhcpd.conf default-lease-time 600; max-lease-time 7200; subnet 192.168.53.0 netmask 255.255.0.0 { range 192.168.53.10 192.168.53.220; option routers 192.168.1.254; option domain-name-servers 192.168.1.1, 192.168.1.2; option domain-name “stangernet.com"; } $ sudo systemctl restart isc-dhcp-server.service D O R A
DNS Types caching nameserver primary master secondary master Primary and secondary servers Read the RFCs (1034, 5936, 1886, 2065) Domain Name System Security Extensions (DNSSEC) Get hands-on! $ sudo apt-get install bind9 $ sudo apt-get install dnsutils $ sudo pico / etc /bind/ named.conf Forwarders { 192.168.53.2 75.75.75.75 } $ sudo systemctl restart bind9.service
Some tools of the trade Ping Traceroute Netstat arp nslookup dig
The CompTIA certification landscape: Pathways https://comptia365.sharepoint.com/:f:/s/stanger/EjiRw22sqcFHm852ZAC238EBXby-YWEi3GGIjDJPjlFJKQ?e=MkHs6c
CompTIA Network+ - brought to you by the IT profession https://www.comptia.org/certifications/network
what we need right now
Confidence From Coca-Cola, Veritas, State Farm, HCA Health, and Dell – what they need
researching your cybersecurity career pathway Some research to consider
URL: https://connect.comptia.org/content/research/it-industry-trends-analysis s CompTIA IT Industry Outlook 2024
Looking forward to connecting https://www.linkedin.com/in/jamesstanger
The Skills needed to combat today’s cybersecurity threats (RSA) Automated Pen Testing (Admin Magazine) Two sides of the same coin: Pen testing and security analytics What’s hot in network certifications ( NetworkWorld ) Escaping the Cybersecurity Metrics Matrix (CompTIA) Private Eye: Open source tools for automated pen testing Admin Magazine Thoughts about the help desk (YouTube) The Hunt for the Meaning of the Red team (CompTIA) The IT security disconnect (HP Enterprise) A blockchain manifesto? A report from the RSA 2018 Blockchain Focus Group Cloud Orchestration with Chef Admin Magazine No more close shaves: Talking end user security How CIOs can optimize ITSM software (SearchCIO) Vulnerability management: How to target bug bounty programs ( TechTarget ) My career change journey: The importance of networking The role of the service desk in the cybersecurity kill chain (HDI) How to prevent insiders from breaching your data ( Forbes ) 10 critical security skills every IT team needs (interview, CIO Magazine ) How AI can help you stay ahead of cybersecurity threats (CSO Magazine) Don’t hack me, bro! ( Admin Magazine ) At the hop: Security testing with hping3 ( Linux Magazine ) How Technical Debt Can Damage Business Agility and Competitiveness ( ITPro , UK) The Internet of Things (IoT) and Technical Debt: Why It Matters (CompTIA) James Stanger, PhD Twitter: @jamesstanger Skype: stangernet My CompTIA hub: https://www.comptia.org/blog/listing/author/james%20stanger Latest articles and blog entries: Putting AI and ML to work (CompTIA) What is the difference between IT security and cybersecurity? (CompTIA) Where the Wild Things Are: Investigating Browser-based Brute Force Attacks October, 2020, Admin Magazine Threat Modeling and Cyber Threat Intelligence (CompTIA) Do Fuzzing Applications Really Work? (CompTIA) Threat Intelligence Platforms – needed? (CompTIA) Visualizing with the Elastic Stack and Zeek (CompTIA) Moving to the Cloud: IT Infrastructure and Cybersecurity skills required (CompTIA) Rust Never Sleeps: Cyber and my Vintage Land Cruiser (CompTIA) The Cybersecurity Hat Trick (CompTIA) No sleep ‘til SITS: The birth of time itself (CompTIA) Cross-Layered Detection and Response (XDR): A Welcome New Entry in the Cybersecurity Alphabet Soup (CompTIA) We’re All in this Together: Community and Collaboration Are Key to Cyber Success (CompTIA) Old Guard “Cowboy IT” (SC Magazine) Beyond the security alert dance (CompTIA) Getting hired – pointers (CompTIA) Adventures in Analytics (CompTIA) Thank You!
https://comptia365.sharepoint.com/:p:/s/stanger/EfWzOpyxHalPjVjudjVl3aoBY6tc-FXMXhunegFYVgOneg?e=ovurHt To download these slides
Tags
Download
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 17
- Slides 30
- Age 497 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
51 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
49 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
39 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
38 views
21
Know for Certain
DaveSinNM
24 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
27 views