Subdivision direction of network security engineers :

Specialized in penetration testing

Specialized in safety analysis

Specialized in threat analysis

Specialized in forensics

Special maintenance , Reinforcement or something

on the whole , Main work of Network Security Engineer :1. Analyze the current situation of network   2. In case of network attack or security incident, improve the service to help users recover the system , Investigate and obtain evidence   
3. Some network architectures facing customers , Propose reasonable network security solutions   4. Responsible for coordinating a customized implementation of the solution , Deployment and development, etc .

Work of penetration test engineer : It mainly focuses on network security and defense . First of all, have a certain understanding of the maintained site or network, that is, information collection ; Analyze the information obtained and get the general defense situation of the network ; Then it analyzes the vulnerability of the network , Generally, it includes vulnerabilities in the province of the system , Software vulnerabilities , Code level vulnerabilities ; Find loopholes for penetration ( Main technical application links ); Then, after penetrating ( Enter server ) Steal information out to bypass security equipment ; Finally, eliminate the trace , Can't be Forensics .

Therefore, the network engineer in the direction of penetration is to simulate hackers , Attack the target server or network , This is a white box test ( The penetration engineer knows the relevant information of the site ), Hack into the internal network or server with your own means , Finally, a report shall be given to Party A , The report points out the means of attack , It is recommended to deploy relevant products , It is suggested to take relevant measures to defend .

By a website
Small vulnerabilities began to gradually use various technical means to win the server corresponding to the website ( The website is built on the server ). Upload the Trojan horse to the target server and execute it successfully , You can successfully win the target server . The essence of penetration testing is information collection .

1) Systematic learning penetration test process from simple to deep : To get the password , Get administrator privileges , Get the highest permission of the target , Obtain all controllable permissions of the target intranet as an example

2) Master the principle of mainstream vulnerabilities , Utilization method : injection , Cross Station , read , Ultra vires , upload , Request Forgery

3) Learning loopholes, mining thinking methods , Start vulnerability mining training for selected targets

Technology
©2019-2020 Toolsou All rights reserved,
Final review of database : Summary of comprehensive application questions use Python Make simple games Laplance operator ( Second derivative ) Convert hard disk to GPT Partition format Python Implementation of Hanoi Tower code about String How to create objects vue3 Learning journey 1—— establish vue3 project java String from back to front _Java String String summary use Python Write a story about plants versus zombies 【 Greedy Algorithm 】 Huffman coding problem