How to become a computer security expert

How to become a computer security expert? Part -1

Introduction of computer security.

Hey there! Are you searching for learning computer security? You do not know where to start? But if your mindset that you want to learn it and also want to move forward then this article might help you a lot in some direction. If you are a beginner and you do not know where to start then you are in the right place for the instruction. Today I will try to explain some major steps of how to become a computer security expert step by step.

    a.  What is computer security?

Generally, Computer security, cybersecurity or information technology security is the protection of computer systems and networks from the theft of or damage to their hardware, software, or electronic data. That means keep your data and information with hardware secure from others or hackers. Computer security is also known as cybersecurity or IT security. On the other hand, it can be defined also as controls of security of data and privacy of information from hackers or intruders. So the protection of data and control access from a malicious activity from hackers from doing any damage to our hardware or software. so how to become a computer security expert is not a single question to you now.

    b.  What is hacking?

First of all, I want to start with a simple sentence. Most of the people after hearing the word “Hacking or Hacker” think that it is very bad and who are related to this word are bad people. But the universal truth is that “Hackers are the boss of digital technology” when it is related to the ultimate destination 0 and 1. Here 0 and 1 means the digital signal only which can be recognized in a computer system. Except for these two numbers or digital signal status, the computer is unable to recognize any other voice or words or anything.

Now come to the point, Sometimes Hacking is the technique to break the security system and sometimes it is the process to find out the faults of a system that may be any networking system or software system or hardware system based on computer technology. So it is mainly the practice of modifying the features of a system, in order to accomplish a goal outside of the creator’s original purpose. Computer hacking is the most popular form of hacking nowadays, especially in the field of computer security, but hacking exists in many other forms, such as phone hacking, brain hacking, etc.

    c.  Who is the hacker?

The person who is consistently engaging in hacking activities, and has accepted hacking as a lifestyle and philosophy of their choice, is called a hacker. They are a good programmer and they have strong knowledge of different programming knowledge especially in shell scripting with deep and dark networking methodologies and commands. They seek and exploit weaknesses in a computer system or computer network.

Someone with an advanced understanding of computers and computer networks and that cracker is the more appropriate term for those who break into computers, whether computer criminal (black hats) or computer security expert. So those are a hacker who has advanced knowledge of computer technology and security with practical experience to break the securities of existing security mechanisms. I hope normally you will not get any information from them on how to become a computer security expert. So if you can gain knowledge of computer security then you can identify who is the hacker. So the word computer security and hacker are very familiar with each other.

   d.  Who loves computer security especially?

This portion can be answered in two ways. One is, those who want to know about computer technology at the root level that means deeply they love computer security and another one is those who love challenges and security they love hacking. The purpose of hacking is not bad when it is used for security reasons and testing with debugging the system. When a person works on a system and intends to know that system deeply from that expectation once he may intend to become a hacker.

Good programmers are mainly encouraged themselves to become a hacker when he works with a programming language for many days or months or years. Once his unconscious mind raises some logic like “if I put this one instead of this one then what will happen?”  and from there he may intend to become a security expert. I am saying about the initial level. But who is also expert in networking once they may intend to become a hacker or security expert such as when they work with operating system kernel modification and core networking devices command. If this question appears in his mind how to become a security expert of computer security then it may lead a person to hack.

    e.  Who hates hackers or computer security experts?

Most of the people hate the hackers for their bad activities and stealing. Those who steal other’s personal information and money by illegal transactions and some other online accounts. Who breaks other systems without any permission of the owners. For their bad nature, they are hated by the people. When it violates people’s privacy it then criminal activities and there are many rules and regulations on that for punishment.

    f.  Who are the crackers?

Crackers are also known as a hacker. It is important here to note that although hacking is used interchangeably with cracking, both are different. Both activities are carried on with different objectives. In hacking, the attempt is to create something while in cracking the primary motive is to destroy something. Crackers are only mediocre hackers. A cracker is someone who breaks into someone else’s computer system, often on a network, bypasses passwords or licenses in computer programs, or in other ways intentionally breaches computer security.

A cracker can be doing this for profit, maliciously, for some altruistic purpose or cause, or because the challenge is there. Cracking is generally less harmful than hacking. Crackers usually have an extensive knowledge in code related to Python and .NET (Visual Basic, C, C++, C#) and Objective C (Mac), while hackers are fluent in different forms of web code, like PHP, MySQL, JavaScript, Ajax, and HTML and CSS.

    g.   Different types of hackers and crackers.

There are different types of hackers. But we can differentiate them into three, one is (a) White hat hackers, the second one is (b) Grey hat hackers and the third one is (c) Black hat hackers. They are differentiated by their activities. White hackers are also known as an ethical hacker. They do not do any harm to the people. Basically, those are security researchers and also known as a defender. They find out the bugs of different applications and systems for fixing. They do not test any other property (application or system) without any permission from the owner.

Sometimes they are hired by the people and honored by them. Grey hat hackers are in between white hat hackers and black hat hackers. That means sometimes they play the role of white hat hackers and sometimes as a black hat hackers. They work as security error fixers when needed and security system breakers as wish. But the black hat hackers are fully intended to do bad works. They try to get into other systems or applications through the bug and steal information do some bad works there such as deletion of files and do some misconfiguration and steal money via online illegal transaction. Black hat hackers are very clever because they have many risks.

    h.  Types of different security issues.

Different types of security issues are given below.

  1. Website pages protected through password
  2. Someone else’s computers while they are online.
  3. Company servers.
  4. License software.

    i.  How to start, where to start and prerequisite

If you want to become a computer security expert then you have to mindset first. Then start learning about the computer system and day by day try to increase the programming knowledge. You must have strong knowledge of Assembly language to understand the computer system. How high-level languages are understandable to a machine and how it works. Always keep in mind that the computer system never understands a single word without the true or false electric pulse 0 and 1. Such as when we press a character from the computer it goes to the microprocessor in the digital signal. But how? You have to know that deeply to become a good security specialist.

One simple example is when we press “A” from the keyboard it has a numeric value which is called the ASCII value of 65. In the same way, there is a 0-255 total of 256 values (character) in the whole computer system. So after pressing the capital “A” it gets the value of 65 is converted to hex value than binary by the help of compiler or assembler. A =  (65)10 = (41)16  = (01000001)2. So start learning machine language than any high-level programming language and then read about the security system. This will guide you then step by step. Keep your eyes open in different forums and blogs. Keep in mind that as much as you become an expert in algorithm development as soon as then you will able to learn quickly.

    j.   Decision making of where you want to see yourself

The main thing is to set up your mind first. After 5 years where you want to see yourself. Think about which position you would like to get. How do you want to get admired by others and become honored to become a security researcher? This single sentence can take you a long way. First, decide that you will stay with this or not? Where you want to see after 5 years and plan then.

    k.   Hacker’s language (Leet).

There is a special language for hacker which is called leet. Leet (or “1337”), also known as eleet or leetspeak, is an alternative alphabet for many languages that is used primarily on the Internet. It uses some characters to replace others in ways that play on the similarity of their glyphs via reflection or other resemblance. For example, leet spellings of the word leet include 1337 and l33t; eleet may be spelled 31337 or 3l33t.[Source https://en.wikipedia.org/wiki/Leet ]. You can take the help of this site to convert general language to leet language http://www.1337.me/. Also, leet language is available on Facebook. You may have a look at the language section and change it to leet and enjoy it.

2. Starting up your security works

a. Different paths

There are different ways to get involved in computer security research works. But you have to go ahead step by step. I will describe here about some paths that may be helpful for you. First I will suggest you learn programming, of course, is the fundamental of security works. If you don’t know any computer languages, I recommend starting with Python. It is cleanly designed, well documented, and relatively kind to beginners. Despite being a good first language, it is not just a toy, it is very powerful and flexible and well suited for large projects. The second one should be the PHP programming language. It will be helpful for you if you practice HTML, CSS, JavaScript before. Besides being the most important hacking languages, they represent very different approaches to programming, and each will educate you in valuable ways.

But be aware that you won’t reach the skill level of a researcher or even merely a programmer simply by accumulating languages — you need to learn how to think about programming problems in a general way, independent of any single language. To be a real researcher or security expert, you need to get to the point where you can learn a new language in days by relating what’s in the manual to what you already know. This means you should learn several very different languages. Learning to program is like learning to write good natural language.

Yes, there are other operating systems in the world besides Unix. But they’re distributed in binary — you can’t read the code, and you can’t modify it. Trying to learn to hack on a Microsoft Windows machine or under any other closed-source system is like trying to learn to dance while wearing a body cast.

OS selection

Under Mac OS X it’s possible, but only part of the system is open source — you’re likely to hit a lot of walls, and you have to be careful not to develop the bad habit of depending on Apple’s proprietary code. If you concentrate on the Unix under the hood you can learn some useful things.

Unix is the operating system of the Internet. While you can learn to use the Internet without knowing Unix, you can’t be an Internet security expert without understanding Unix. For this reason, the security expert’s culture today is pretty strongly Unix-centered. (This wasn’t always true, and some old-time hackers still aren’t happy about it, but the symbiosis between Unix and the Internet has become strong enough that even Microsoft’s muscle doesn’t seem able to seriously dent it.)

So, bring up a Unix — I like Linux myself but there are other ways (and yes, you can run both Linux and Microsoft Windows on the same machine). Learn it. Run it. Tinker with it. Talk to the Internet with it. Read the code. Modify the code.

After that try to understand some important things about Networking devices like CISCO Juniper and other firewalls and beside this, you must have knowledge on the web application firewall (WAF). Various networking devices configuration and deep understanding of network technology.

    b.  Which one you should start first?

Go step by step that I mentioned in the above section. I hope, that will guide you in a proper way. Start learning programming->some web topologies and technologies->Start learning Networking then Read about security server hardening.

    c.   Start Your Programming.

My suggestion is for beginners to learn python first and do some projects and then when you will acquire enough knowledge on it you can easily move to any other language. But python is very easy to learn and it is strongly recommended for the security experts. You will be able to learn and write your own shell script in python and also in PHP. Other languages are also suite as well from their position.

     d.   Test your Application or learn Software testing.

If you want to learn from sketch so then it is better to start from the unit testing or software testing. Software testing or unit testing will give you a good logical development and concept about the functionality of the software. This will help you in the future about building packages and software and functionality. This encourages developers to modify the source code without immediate concerns about how such changes might affect the functioning of other units or the program as a whole. Once all of the units in a program have been found to be working in the most efficient and error-free manner possible, larger components of the program can be evaluated by means of integration testing.

    e.   Learn Assembly language for better understanding?

If you want to go deeply to hacking then you must have good skills in Assembly Language programming. Sometime it may seem to you that this is a very old language and unnecessary but the main fact is without knowing you can’t go deeply to programming and computer machine learning. This will exactly change your concept of computer learning. Not only learning but also it will inspire you to be habituated with command line interfacing in the future while you will move to Linux or any other Unix system.

    f.   Learn about a complete IT environment.

To know about hacking deeply you must have good knowledge of an IT environment. How the environment setup. That means from ISP internet connection to the router then firewall then various distribution switches and VLAN also bandwidth controller and many more. They provide static IP or DHCP IP to their host or not? Is anything is shared on the local LAN or WAN or globally. Any kinds of transactional systems in that environment or not? Where the servers are placed under the firewall or any separate DMZ Zone?

They are using any private IP by NAT with public IP or not? Where the applications are placed? Which operating system is being used by the system and which version besides this you may search for router configuration various backup files for much important information. This type of information will help you much more to track the system.

    g.  Next to future step from basic learning

After learning these basics steps then you have to go ahead to the deep level of networking and programming. Then you should practice the different kernel modification of different open-source operating systems. Basic understanding of programming to deep level to modifying the kernel of the operating system. Then you can go for the DOS command and some basic commands of Unix based systems. This will help you in the future a lot. When you enter into the deep level of learning then you must have to habituate of the command line.

Without the practice of the command line, you will not be able to do better in this filed. So this is my advice to you that start practice of DOS command but it is better if you can adopt you with the Unix based operating system. As soon as possible left the Windows operating system and start with a Unix based system. As you are a newbie so that you can start with the Ubuntu Operating system this operating system provide you both UI based and command-line based utility and very easy to learn for the newer.

    h.  Work simultaneously

For better result use many operating systems within one computer and work simultaneously. The different operating system has a different utility. For some tools, you must have to use a Windows-based operating system and for some tools, you must have to go for a Linux based operating system. Never depend on a single operating system. Depending on your requirement you have to move one operating system to another operating system. Never bind yourself with one.

    i.    What are the requirements for becoming system analytics?

If you have any idea about a system analyst then this will help you a lot. An individual in charge of designing, modifying, or analyzing various systems to ensure compatibility and user effectiveness. System analysts may work independently but are often part of a larger information technology unit that keeps technical aspects of a company running smoothly. System analysts do not focus on hard-coding, but more on evaluating the code and making suggestions.

    j.   Hacking environment setup

After acquiring knowledge on the above-mentioned topics you may now go for the environment setup for start your own pen-testing. Welcome to the starting on practical. From now, the rest of the part, I will talk about the practical part. But the above theory is not enough to learn. Keep your eyes open and adopt yourself with the new technology. Keep yourself up to date. Encourage yourself always to learn a thing very deeply. It is better to be a master in one topic than acquiring knowledge on many topics slightly. I will go through the process both in Windows operating system and Linux. So prepare yourself to run with me. First, choose a good computer that has Good memory capacity and good processing capability. This is very important because I will use some tools for testing that are very heavy and need more memory to execute.

Now run the Windows operating system and first install Java in it. Then install python for windows. It is highly recommended to use the x64 bit windows operating system. Install putty, WinScp, Tor Browser, Mantara Browser, Hackbar plugin for browser and firebug plugin. Then install Filezilla on it. XAMPP or WAMPP for the localhost to make your own computer as a virtual server to run some server-side codes. Such as for shellcode to understand it deeply. Make the computer IIS server ready for run ASP codes. Search on google if you do not understand how to do that.

     k. Some important tools to start:

Now go to your web browser and download and install kali Linux for Linux based operating system. Kali Linux is a strong and highly recommended operating system for security experts. You may use any other Unix based operating system but in Kali Linux, many tools are pre-installed and configured. But if you use any other one then you have to install tools manually and configure. So if you are familiar with other Unix based operating system then you can use that. Also then install the mantra browser and hack bar there. After doing that you are now ready for the basic operations.

To be continued……