What is the MOST important technical skill you should have as a security professional?
Most people that want to get into security ask a question like this. I know I did!
“What do I need to focus on to get better at security?” Or be better at my job.
I hear things like “I want to be an expert at [insert topic]” or “I’m good at [insert topic], so what do I need to learn next?”
To answer those questions, you need this ONE solid fundamental before you can be good at anything else.
The answer is not what you might think. At least in my experience…
So…what ONE technical skill do you need to master to be successful in security?
Is it coding? Is it software? Is it networking? Is it hacking?
In my experience, the ONE absolute technical topic you need to understand: TCP/IP communications.
Let me explain why.
“TCP/IP (Transmission Control Protocol/Internet Protocol) is the basic communication language or protocol of the Internet.” – techtarget.com
Networking, software, hacking skills all rely on TCP/IP communications. Software applications, databases, and operating systems ALL have to communicate in order to create an information system.
One of my favorite sayings is “the most secure system is the one that’s still in the box”. Meaning it’s not communicating with anything! I’m not sure where that statement came from…but its true!
Security is defined as “the state of being protected or safe from harm” – merriam-webster.com.
If a system is not communicating or broadcasting, it’s safe at that moment from remote attacks.
TCP/IP ports can be both secure and unsecure based on the protocol. So you will want to limit how much your information system communicates with the outside world. You also want to know EXACTLY who and what your system is talking to.
The goal with security and TCP/IP is to limit the amount of unprotected communications. – B. Spencer
The protocol you are using right now to read this is article is HTTP. That communicates on TCP port 80. Port 80 is also unsecure. It can be read in “clear text” if it were intercepted by an attacker. Anything you send to me right now is ALL IN THE CLEAR!
(See the newsletter about protocol analyzers/packet sniffers for more on capturing network traffic.)
Why is this important to security?
Well, there are 1023 “well known” or common service TCP/IP ports.
- Port 7: Echo (or ping) for network discovery and troubleshooting.
- Port 22: SSH for secure user access and file transfers.
- Port 25: SMTP for email
- Port 53: DNS for name resolution
- Port 80: HTTP for web access
- Port 514: Syslog for audit log transfers
And so on. There are actually 65,535 TCP/IP ports that can be used for system communications.
Now…you don’t need to learn every one of those! You don’t even need to know all 1023 of the common service ports.
(Deep breath and sigh of relief!)
Learning about TCP/IP and the common service ports will take you a LONG way in security.
If you are troubleshooting an incident, designing a solution, or creating an access control list on a firewall, it will come in VERY handy.
Every IT professional knows the TCP/IP ports important to them. System administrators, network administrator, and so on.
You will hear them talked about in meetings. They will come up in discussions. People will ask you if “this port is secure” or “if I send this port through the firewall, it that okay?” You will want to have the answers to those questions.
Or at least know where to go and do some research.
In my experience, the more I learned about TCP/IP communications, the better I became at security.
If you are at a place, where you’re asking yourself “What do I need to focus on to get better at security?” I suggest starting with TCP/IP.
You’ll find yourself improving drastically when you do.
Here are a few resources to help you get started.