MESSAGE
| DATE | 2015-02-02 |
| FROM | Ruben Safir
|
| SUBJECT | Subject: [LIU Comp Sci] Landing Jobs in the IT Field
|
From owner-learn-outgoing-at-mrbrklyn.com Mon Feb 2 13:52:29 2015
Return-Path:
X-Original-To: archive-at-mrbrklyn.com
Delivered-To: archive-at-mrbrklyn.com
Received: by mrbrklyn.com (Postfix)
id 6E8541612DF; Mon, 2 Feb 2015 13:52:29 -0500 (EST)
Delivered-To: learn-outgoing-at-mrbrklyn.com
Received: by mrbrklyn.com (Postfix, from userid 28)
id 5F0031612E6; Mon, 2 Feb 2015 13:52:29 -0500 (EST)
Delivered-To: learn-at-nylxs.com
Received: from mailbackend.panix.com (mailbackend.panix.com [166.84.1.89])
by mrbrklyn.com (Postfix) with ESMTP id F214E1612DF
for ; Mon, 2 Feb 2015 13:52:28 -0500 (EST)
Received: from [10.0.0.19] (unknown [96.57.23.82])
by mailbackend.panix.com (Postfix) with ESMTPSA id A90F413A7E
for ; Mon, 2 Feb 2015 13:52:28 -0500 (EST)
Message-ID: <54CFC76C.109-at-panix.com>
Date: Mon, 02 Feb 2015 13:52:28 -0500
From: Ruben Safir
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.3.0
MIME-Version: 1.0
To: learn-at-nylxs.com
Subject: [LIU Comp Sci] Landing Jobs in the IT Field
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Sender: owner-learn-at-mrbrklyn.com
Precedence: bulk
Reply-To: learn-at-mrbrklyn.com
this is one experienced voice for how to prepare for the real job market
in IT
This is obviously for Sysadmin and not Development. This is gold advise
that don't come along often so read it.
Ruben
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To get started the best book I've found is this one
http://www.amazon.com/Troubleshooting-Linux-Firewalls-Michael-Shinn/dp/0321227239
In truth I think this should be a must read for all Junior SA's not
because of the parts about IPTables but there is an excelent section
on how to handle emergencies which is oddly enough based on the NSA
field agent hand book. There is one warning I have about this book
some of the information about tools you can use for testing is out of
date for example it calls wireshark ethereal.
The next book after that is this one
http://www.informit.com/store/linux-firewalls-9780672327711?aid=F2EC4C2B-BDE1-4FE7-B36A-6033ED27274A
As far as systemd goes the iptables, iptables6, ebtables, and
arptables commands haven't changed but there are some new wrappers
available like firewalld https://fedoraproject.org/wiki/FirewallD.
That said they are slated to be replaced in the future by nftables
http://netfilter.org/projects/nftables/ the bad news about this is its
really not very well documented yet and not quite ready for production
use.
Next you really have to get to know the ip command well no more using
the oldfasion ifconfig and route commands a lot of older SA's resist
this at first but its not that hard to learn and is really far
superior to the legacy ifconfig and route commands. In general every
one should be familiar with all the commands includes in the iproute2
suite you can go to the website here
http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2
for documentation but its not very well maintained so I advise looking
at the man files which are very well maintained.
"
# rpm -ql iproute|grep man
/usr/share/man/man8/arpd.8.gz
/usr/share/man/man8/bridge.8.gz
/usr/share/man/man8/cbq.8.gz
/usr/share/man/man8/ifcfg.8.gz
/usr/share/man/man8/ip.8.gz
/usr/share/man/man8/lnstat.8.gz
/usr/share/man/man8/nstat.8.gz
/usr/share/man/man8/routel.8.gz
/usr/share/man/man8/rtacct.8.gz
/usr/share/man/man8/rtmon.8.gz
/usr/share/man/man8/ss.8.gz
/usr/share/man/man8/tc-bfifo.8.gz
/usr/share/man/man8/tc-cbq-details.8.gz
/usr/share/man/man8/tc-cbq.8.gz
/usr/share/man/man8/tc-htb.8.gz
/usr/share/man/man8/tc-pfifo.8.gz
/usr/share/man/man8/tc-pfifo_fast.8.gz
/usr/share/man/man8/tc-prio.8.gz
/usr/share/man/man8/tc-red.8.gz
/usr/share/man/man8/tc-sfq.8.gz
/usr/share/man/man8/tc-tbf.8.gz
/usr/share/man/man8/tc.8.gz
"
Also an other thing to look at is ipsets http://ipset.netfilter.org/
its a relatively new addition to the kernel but is supported by most
current distros even if they don't ship with the tool.
finally for any production firewalls you want to look at conntrack
tools http://conntrack-tools.netfilter.org/ specifically conntrackd
which allows you to cluster multiple firewalls connection tracking
data connection tracking state data.
Additionally you may want to look at quagga
http://www.nongnu.org/quagga/ which allows you to configure dynamic
routing protocols. one note there is a section of the documentation
which is wrong which talks about assigning an IP to a loopback device
and binding the proccesses to that IP address. Using the Linux
loopback this way is a massive security violation and SELinux doesn't
like it either instead you should create a dummy network interface
which is akin to what network switches, and traditional firewall
appliances call loopback devices. here is a link to some articles that
describe the Linux dummy network driver
http://wiki.networksecuritytoolkit.org/nstwiki/index.php/Dummy_Interface
and http://www.pocketnix.org/posts/Linux%20Networking%3A%20Dummy%20Interfaces%20and%20Virtual%20Bridges
Also an other think you may want to look at is keepalived which
manages IPVS loadbalancing and can manage VIP's using VRRP heartbeats.
the best documentation is here
https://github.com/acassen/keepalived/blob/master/doc/keepalived.conf.SYNOPSIS
DO NOT follow any of the HOWTO's or example configs or scripts they
are all over a decade out of date and do not follow best practices.
for example almost all of them talk about settin state on one to
"MASTER" and the other one to "BACKUP" this is wrong and causes many
people to have significant problems with failovers not working
correctly or behaving the way they expect. instead both should have
the state set to "BACKUP" and allow them to do an election base on the
priority numbers to determine which should be the master.
As far as entry level work I'm not really sure its been a long time
since Ive looked into entry level positions, but I can tell you that a
lot of large companies are switching to in house built Linux firewalls
because they are cheaper, faster, and more flexible than say a Cisco
PIX firewall for example. Also the cost paying of a few in house Linux
iptables experts a little better than a typical network engineers
still works out cheaper then the support contracts on the appliances
if you have a lot of firewalls. So large companies and retail chains
(which are now starting to pay attention to network security in their
stores) are especially hungry for iptables experts right now.
Paul Marino
On Mon, Feb 2, 2015 at 11:47 AM, Ruben Safir wrote:
> On Thu, Jan 22, 2015 at 11:42:10PM -0500, prmarino1-at-gmail.com wrote:
>> Well this is a typical issue it's called the politician shuffle lol.
>>
>> A politician want to make it seam as though he's doing something so he's blaming an imaginary problem on Linux.truth be told there are tons of Linux jobs out there if you are up to date in the right things. This week alone I've had 15 GUN jobs sent to me by recruiters and on referral from an old friend for an other.
>>
>> So they are out there. Hell for that matter even my current job the are hungry for more Linux admins but they want people familiar with broadcast video and iptable too. And my job. Is a union job which means I get time and a half overtime and they can't call me once I leave the office withou paying me a minimum of $300 just for the phone call.
>>
>> Infact I've seen a lot of iptable jobs recently it seems to be the most common recurring theme in job requirements these days.
>> ?
>>
|
|
