A ball of XDR Profile picture
Mar 11, 2018 11 tweets 3 min read Read on X
#infosecstaples = Time for a new hashtag to help out our #infosec students. Asked some remedial questions that anyone going into a tech field should know and was surprised they hadn't been taught these things in school.
I know my own college degree didn't prepare me at all for the work that I would be doing after I graduated, but I thought maybe it had gotten a little bit better at this point. I guess not. They seem to be failing the participants still.
One of the main reasons @synackpse & I wrote the Defensive Security Handbook was to put staple information all down into one place as well as we could, but it doesn't even come close to covering everything someone may need to know, that's what universities should be trying to do.
I still remember my first tech interview, and how embarrassed I was to not know a single one of the answers of the questions being asked. The one that sticks out in my mind still to this day was "Explain what happens when you sit down at a computer and go to a website"
I absolutely love this question. Mostly because it has such a depth of possibility. Are they going to start the answer with the physical interaction of the keyboard with the operating system? Will they describe how the browser works? How DNS works? Anything about Webservers?
During interviews I've seen anything from the basics, to extremely technical "where should I start and how long do you take" answers.
There are already so many articles and so much help on advice of how to get into our field, but I'm not sure how many of them have the technical additions to them. Maybe a hashtag would help, it could always snowball into a course or two as well.
I'm interested to see what staples that you think may help any type of technical student coming into the workforce. If you want to use #infosecstaples or maybe have a better idea. Let's ask the questions and see if they need help with the answers.
The better anyone new is prepared the faster they'll start to become accustomed and kicking ass for us day to day.
So here we go.... 1. Explain how DNS works. 2. What is an RFC1918 address? 3. What is a VPN and how does it work? 4. What does a 169.254.x.x address tell you? 5. What is the difference between hashing and encryption? #infosecstaples
What are these ports for?
21, 22, 23, 53, 80, 443, 8080, 3389, 6667-7000

What is the difference between FTPS and SFTP? #infosecstaples

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with A ball of XDR

A ball of XDR Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @InfoSystir

May 25, 2018
Here are 50 FREE things you can do to improve the security of most environments:
Access control lists are your friend (deny all first)
AD delegation of rights
App Whitelisting
Best practice GPO (NIST GPO templates)
Block browsing from servers. Not all machines need internet access
Block Dns zone transfers
Change ilo settings/passwords
Close open mail relays
Diff. local admin passwords (LAPS)
Disable LLMNR/NetBios
Disable ports that are unused, & setup port security
Disable telnet & other insecure protocols or alert on use
DMZ behind separate firewall
DNS servers should not be openly recursive
Don't forget your printers (saved creds aren't good)
Egress Filtering (should be just as strict as Ingress)
EMET (when OSes prior to 10 are present)
Read 7 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

:(