3
3
0
Posted 8 y ago
Responses: 1
What training would you suggest for someone interested in Information Security Analyst/Engineer?
(0)
(0)
SGT (Join to see)
SSG Derek Scheller - So, Learn:
Event log files
Dissecting TCP packets (Wireshark?)
Splunk/ArcSight
CEH/SANS GCIH
Alright. And the fun begins.
Event log files
Dissecting TCP packets (Wireshark?)
Splunk/ArcSight
CEH/SANS GCIH
Alright. And the fun begins.
(1)
(0)
SSG Derek Scheller
SGT (Join to see) - I would use wireshark to start with since it breaks everything down (Don't try to look at it live, capture the traffic, save it and then open it in wireshark). One of the best ways to capture the traffic is run TCPDump and export it to a .pcap and then stop it once you feel you have enough traffic. This includes sending/receiving files as well as logins so that you can see what everything will look like in Wireshark. Finally try to get your hands on trial versions of software like Savvius' Omnipeek as it can break down data flow and timelines a lot better.
(1)
(0)
SGT (Join to see)
SSG Derek Scheller - Will that Omnipeek also help me understand the results from the TCP packets ?
(0)
(0)
SSG Derek Scheller
SGT (Join to see) - Possibly but I would start my study on what a tcp packet looks like, what data can be carried in it and how long each section is. SANS has great cheat sheets for that as well.
(1)
(0)
Suspended Profile
Good to go!
Read This Next