
Ask HN: Best resources to understand enterprise networking and security? - geewee
Currently I&#x27;m working on a project on a consultancy basis for a large enterprise. There&#x27;s a lot of talk about private clouds, private endpoints, virtual networks, security zones and a lot of things I&#x27;ve never really come into contact with as a regular application developer. I&#x27;d like to understand more of the problems we&#x27;re facing so I can participate in the discussions.<p>What are some good resources for learning about enterprise networking and security?
======
nicolaslem
If you have a bit of cash to spare you could get yourself a router, managed
switch and an access point. This would allow you to build a "homelab" and play
with VLAN, NAT, VPN, firewall, DMZ... which are the basis of networking and
probably required notions to approach bigger enterprise networks.

~~~
zerkten
I followed this approach to solve a similar problem to that posed by the OP
(dev wanting to refresh on TCP/IP and networking for k8s) and I can confirm it
works. I got some second-hand gear which was useful because they didn't have
any niceties, but basic Ubiquiti kit will blow away consumer-grade kit.

Setting up some WireGuard VPNs is pretty useful and easy to practice with too.
I wanted to replace my existing gear, so I didn't choose to go with pfSense.
If you have some free computers that can accept additional network cards, then
that might be a good outlet. People were pretty enthusiastic about it.

People on the reddit.com/r/homelab and WillieHowe.com Discord channels were
pretty friendly when I had questions.

TCP/IP Illustrated is a really good book for a developer to have. It might not
be as useful for someone without a dev background.

~~~
C1sc0cat
Depends on area but I did an evening class at my local community college on
the CCNA - this is a real Cisco course and very hands on with real hardware.

------
grantlmiller
This podcast episode with the founder of ScaleFT goes into the history of
enterprise networking so you can understand the reasons for why they are like
they are: [https://www.enterpriseready.io/podcast/paul-querna-
scaleft/](https://www.enterpriseready.io/podcast/paul-querna-scaleft/)

------
open-source-ux
This site has some guides on security that might be a helpful starting point:

 _The EnterpriseReady SaaS Feature Guides_

[https://www.enterpriseready.io](https://www.enterpriseready.io)

~~~
unixhero
It's missing one key point GDPR compliance and awareness of the solution.

edit: Nope, it seems its all there! Awesome folks :)

~~~
grantlmiller
What else would you like to see? We launched a few GDPR resources a year or
two ago:
[https://www.enterpriseready.io/gdpr/](https://www.enterpriseready.io/gdpr/)

------
dijit
These are all systems administration topics, might be worthwhile picking up
some of the media from that realm.

'The Practice of Cloud System Administration'[0] by Limmoncelli is a good
jumping off point. His works are often very good.

[0]: [https://www.amazon.com/Practice-Cloud-System-
Administration-...](https://www.amazon.com/Practice-Cloud-System-
Administration-Practices/dp/032194318X/)

~~~
fauria
I haven't read it, but also heard good things about "The Practice of System
and Network Administration", by the same author:
[https://www.amazon.co.uk/Practice-System-Network-
Administrat...](https://www.amazon.co.uk/Practice-System-Network-
Administration-Enterprise/dp/0321919165)

------
prosaic-hacker
I have the same info need in spite of the fact I have been in IT for decades
as a developer and system admin I have never been exposed to the day to day
network needs of the enterprise. I am unsure of even the questions to ask as I
have unknown unknowns. I need case studies of business with sizes like
100,500,1000,1000+ endpoints with their corresponding application and security
needs.

------
jasonv
You can also review PCI, SOC, and other compliance and audit practices to
understand why enterprise production environments are built the way they tend
to get built. Also, look at some reference architecture plans and then imagine
how you’d host 3-4 orthogonal designs in one enterprise. The overlaps will
yield insights into complexity.

I’m in enterprise architecture and cloud migrations for big, highly regulated
institutions, and came from $B e-com. We build for security and resilience
across everything. Business, dev, security and operations teams don’t always
have alignment and equal input in these designs (as in, enterprise security
affects everyone, inside and out). That creates a certain kind of baseline for
what you’re researching.

------
freehunter
I’m an information security consultant so I live in this world every day. I
think a good starter would be CompTIA’s Security+ and Network+ study guides.
You don’t need to sit for the exam, but they are both entry level
certifications that were required by my college when I was attending (although
I studied for them in school, I had the actual certification requirement
waived so ymmv) so the education materials should be pretty accessible by
anyone who works in IT. I think the Network+ is recommended before Security+
and you can find decent study material recommendations online.

------
crypt1d
The term 'enterprise networking' is a bit ambiguous, as there is nothing
inherently specially about networks in enterprises - its just a different
layer of abstraction than what you are used to, probably packaged into
hardware and software offerings you didn't have exposure to.

That said, you could learn a lot from resources that focus on networking
certification. My favourite have always been the CCNA courses from CBT Nuggets
done by Jeremy Cioara.

------
sealthedeal
Check out cbtnuggets.com. Build your own home lab. Reddit has plenty of people
that recommend the best routers and switches for you to play with. As you are
a developer, there is no better way to learn than to do. Have fun! Also, worst
case scenario your lab turns into a great white noise machine haha.

------
kureikain
I found this list has some good self studying for netowkr:

[https://siliconsprawl.com/2020/05/10/network-programming-
sel...](https://siliconsprawl.com/2020/05/10/network-programming-self-
study.html)

------
BinaryBuddha
We had a guest on the podcast recently recommend the free tool, Security
Onion, which you might find useful for this purpose.

------
BrandoElFollito
> I'd like to understand more of the problems we're facing so I can
> participate in the discussions.

There are two very different contexts for "discussions about security" in
large enterprises.

1\. discussing security with management / C-whatever

You need to discuss risk. You must show that there are some things which are
important , and other less important. This is not an easy discussion because
it requires experience and the ability to say "if this is hacked, never mind"
and at the same time fight like your life depended on it to have the small XSS
on your corporate site fixed. Not because it is insecure but because it does
not look good in newspapers.

You also need to discuss awareness. First for them, then for the rest of the
company. Because the weak link today is John in accounting who will open the
enlarge your penis email end download the attached binary.

→ it is difficult to find good resources to learn about these things. Of
course there are zillions of books about the subject, usually written by
people who have never actually ran the security of a company. At best they
were "consultants" who had great ideas, which were unfortunately in another
galaxy realism-wise.

I would say the best would be to have the opportunity to work with a good CISO
and watch him or her belly dance to make their point with management. If they
are good you will quickly understand what is important and what is not.

2\. discussing with technical teams

You can expect a competency ratio of 1:4. That is 1 person who knows what they
are talking about for 4 others who are either neck deep in technical problems
and need to solve these problems, or the ones who learned security as part of
their general systems/networking curriculum.

The best way to integrate such a team is to become a jack of all trades a
master of all trades as well. In technical teams, raw technical knowledge
counts a lot - especially in technology companies. You get credibility points
exponentially when you help to solve a hard technical issue. Best is to look
around authentication, machine to machine traffic (and how to secure it) and
application security.

→ best is to try it out yourself at home. You can run a docker server on a
home server and start a few containers. Play with authentication, automated
TLS, reverse proxies and filtering, logging.

Large enterprise security, technically speaking, is either the same as small
enterprise security (multiplied by n servers and services), or really specific
(peering, centralized authentication, ...). The first you learn at home, the
second you learn by reading about that very specific subject on Internet.

