A security professional must have knowledge of the different tools that they have at their disposal to identify threats and attacks on the network.
The first area that we will look at is installing and configuring network components such as different types of firewalls. We'll then look at how VPNs operate with their different components and operate with different scenarios. We will also look at NIPS, NIDS, HIPS and HIDS, proxy servers, load balancers, wireless access points, mail gateways, and SIEM systems. We will also look at using DLP to prevent sensitive information from leaving the network, and finally, using NAC to ensure that the devices used for remote connections to the network are fully patched.
Next, we will be using the appropriate tools to access the security posture of a system, including protocol analyzers, network scanners, wireless scanners, and password crackers. We will look at data sanitization tools such as shredding, pulverizing, pulping, and degaussing. Security teams need to know about honeypots to determine the attack methods being used so we can mitigate against them. As a security administrator, you need to be familiar with command-line tools, different backup utilities, and the different types of scans (ranging from vulnerability scans to the more intrusive scans that would cause damage to your systems).
We need to be able to analyze and interpret the output from security tools such as HIDS/HIPS.
A security administrator needs the ability to troubleshoot common security issues such as certificate issues, unauthorized software, and different types of threats, including social engineering. We also need to troubleshoot applications and know when to use whitelists and blacklists.
A security administrator needs to familiarize themselves with deploying mobile devices securely, including connection methods, mobile device management concepts, different deployment models, understanding rooting/jailbreaking, and sideloading of applications.
A good knowledge of implementing secure protocols such as S/MIME, PGP, SRTP, SFTP, and securing data in transit using TLS and SSL.
