Republished with permission from WatchGuard Technologies, Inc. Originally published 29 Jun 2001.

WatchGuard


Foundations: From Zero to Expert in Your “Spare Time”

by Fred Avolio, Avolio Consulting, Inc.

A few years ago, I was the program chairman for a security conference. During my opening remarks, I asked the attendees, “How many of you are now attending your first security conference?” Nearly 80 percent of the six hundred people raised their hands. I then asked, “How many of you were network administrators yesterday, but are now additionally responsible for Internet security?” No surprise — almost the same people raised their hands. The scenario went something like this: their companies were not connected to the Internet, then they connected and realized they needed to worry about security (which meant “get a firewall”), and someone in the company reasoned, “Hey, you know about networking and stuff … the firewall is now your responsibility.”

If you’re in that situation, this column is for you. You are a savvy technologist, know your way around networking and internetworking as a user, and you want to come up to speed on network security basics. You then want to keep current on issues and continue to learn. This is more than a hobby. It is now your job. (Okay, it is part of your job.) There are some things you can do to start down the right path, and make moves towards “expert.”  In this column, I lay out these things, and point to a slew of resources.

First Steps

First off, you will have to exert some effort. You’ll have to work. My idea is to give you work you can do in a reasonable amount of time, while still employed. If your manager gave you responsibility for security, then added, “We’ll pay you to take off the next six months and get some training,” you need not read any further. Pack your bags and head off for school. Otherwise, you need to do some basic reading. Not all at once, and not in every area. Some excellent books and papers will provide a good start. I am only going to point to a few of these, because you are supposed to be able to do this without taking six months off.

While learning all the terminology around security, and all of the technologies that are encompassed by the term “network and computer security,” start by concentrating on the technology areas you need in your current setting.

Basics

For security basics, you should check out:

  • The papers on the SANS Institute’s site.

  • The “Basics” tab at SecurityFocus.com.

  • Articles labeled “Foundations” in WatchGuard’s LiveSecurity archive.

Firewalls

For firewalls, I believe the early papers are still the best, and the technology has not changed substantially since their authors wrote them.  Three of the first and best papers are:

  •  “The Design of a Secure Internet Gateway,” by Bill Cheswick (1990)

  •  “There Be Dragons,” by Steve Bellovin (1992)

  • “Thinking About Firewalls,” by Marcus Ranum (1993).

I’ve reprinted all three on my Web site.

The best books on the subject are also the earliest ones:

  • Firewalls and Internet Security: Repelling the Wily Hacker, by Cheswick and Bellovin;  Addison-Wesley Pub Co; ISBN: 0201633574

  • Building Internet Firewalls, Zwicky, Cooper, and Chapman;  O’Reilly & Associates; ISBN: 1565928717. (This is the more recent Second Edition.)

Intrusion Detection Systems

If you need to come up to speed on “intrusion detection,” start with Robert Graham’s Network Intrusion Detection Systems (NIDS) FAQ. For something more in-depth, see Rebecca Bace’s whitepaper, “An Introduction to Intrusion Detection and Assessment.” She also wrote the book Intrusion Detection (Pearson Higher Education; ISBN: 1578701856). Another excellent book is Terry Escamilla’s Intrusion Detection: Network Security Beyond the Firewall (John Wiley & Sons; ISBN: 0471290009).

Cryptography

The best books on the subject of cryptography for computers and the Internet are:

  • Internet Cryptography, Richard E. Smith, Addison-Wesley Pub Co; ISBN: 0201924803 

  •  Applied Cryptography: Protocols, Algorithms, and Source Code in C, 2nd Edition, Bruce Schneier, John Wiley & Sons; ISBN: 0471117099.  This detailed volume might be too much to handle in your “spare time,” but if you have the need and the interest, it is thorough.

  • The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography, Simon Singh, Anchor Books; ISBN: 0385495323. This book gives valuable background on the history that has led up to encryption, useful more for context than for direct practical application.

Secure E-mail

If you need to learn about e-mail security:

  • Start with some of the papers I have written on the subject

  • Then try the book Internet Messaging: From the Desktop to the Enterprise, Marshall T. Rose and David Strom, Prentice Hall; ISBN: 0139786104.

  • For an overview of the latest secure e-mail products, see the article in Information Security Magazine‘s May 2001 issue that Dave Piscitello and I wrote.

Portals

You can also search for training material at one or more of the many security-related Internet portals. The above-mentioned SANS is an excellent source, as is searchSecurity.com (I write for them), and SecuritySearch.net.

I recommend picking one, just one, and exploring. Each is a bit different. All have pointers to other resources, such as vendor pages, papers, online forums, and collections of security-related news articles and editorials. Which brings us to the next section.

Ongoing

How in the world will you keep up to date on changing technologies and events while still keeping your job (and maybe even having a life)? The answer is, ongoing “update” services. If you received this from WatchGuard, you are already on their LiveSecurity Alert mailing list, which gives you a “heads up” on security issues relevant to most WatchGuard users. In addition to this, you should get all security alerts from the vendors whose products you run. Their web sites or support contacts will be able to get you connected.

Also, sign up for a good “news clipper” service. This can be any of many services that highlight security news on a weekly basis. The above-mentioned portals have them.  Various on-line magazines, the SANS Institute, The Internet Security Conference, and many others have weekly mailings. Check them out and find one that fits. (Some have daily mailings… use them if you want, but I’ll bet you have other work to do.)

There are security-related magazines to read, and my favorites both have electronic and print versions:

Even without having six months to take off, you might be able to get some outside training for on-going growth and development. My favorite security-related conferences are:

  • CSI (the Computer Security Institute), which also runs regional and on-site training

  • The SANS Institute, which also runs regional training

  • The Internet Security Conference, TISC

  • The USENIX Security Symposium.

Are We There Yet?

In this column, I briefly suggested and pointed to resources to help you move from where you are now, towards “expert.” I couldn’t make this exhaustive, so undoubtedly, I have left out some excellent resources. Treat these suggestions as a starting point. Most of these resources will lead to others. With some reading and some trying this and sampling that, you will start down a path that can, eventually, lead you from novice to expert. Bon voyage. ##



Copyright © 1996 – 2001 WatchGuard Technologies, Inc. All rights reserved