Education

Tech Tip: Ensure proper training for network security admins


By Mike Mullins

A network security administrator should have a certain baseline of skills and some specific training. At a minimum, your network security trainee should be able to administer the systems he or she is protecting.

This doesn't mean this person should know each application thoroughly; applications are for systems administrators. Rather, the security admin should be able to administer the operating systems and security-specific devices and applications that lie within your network defense perimeter.

For example, if you run a Windows network, the security admin must be qualified to administer the systems within that network, including everything from server to client. This is necessary because most vulnerabilities are discovered in the operating systems and their components.

Properly training your security admin is important. If you need a financial incentive to provide this training, keep in mind the words "due diligence" and the recent bout of court cases against companies that failed to properly secure their networks.

Developing a training plan isn't that difficult, but I'll make it even easier by outlining a sample training plan. I'll base this sample plan on a Windows 2000 network with Windows XP Professional clients and a Check Point FireWall-1 NG.

This plan mentions specific certifications. While certifications normally mean next to nothing to me, these certification tracks do an excellent job of training and verifying the skill sets that a security admin requires. The key word here is training. In this plan, you're using the certification as an industry standard tool set to train and verify the skills you want your security administrator to have.

Clients and servers training

For the operating systems involved in clients and servers training, the Microsoft Certified Systems Administrator (MCSA) program does an excellent job of training and verifying client- and server-level skills. The MCSA covers the following areas:

  • Installing, configuring, and administering Windows XP Professional and Windows 2000 Server
  • Managing a Windows 2000 network environment
  • Implementing and administering Windows 2000 network security
  • General security concepts
  • Communications security
  • Infrastructure security
  • Cryptography basics
  • Integration of various devices across your organization

Once your new security administrator thoroughly understands what he or she is protecting, it's time to begin training on the device that's most responsible for network security: the firewall.

Firewall training

Your best choice for firewall training is usually directly through the vendor. Check Point Certified Security Administrator (CCSA) is an entry-level certification that confirms the administrator's ability to configure and manage fundamental implementations of Check Point's FireWall-1.

The CCSA training plan verifies that the security administrator possesses the skills to define and configure security policies that enable secure access to information across the corporate network. The CCSA training also teaches the admin how to monitor network security activity and how to implement measures to block intruder access to protected networks.

Final thoughts

This is a basic plan for training a security admin. Advanced training for a new security admin should include training on all switches and routers and on any security-specific tools and applications that are used for your network defense. In addition, training your admin to understand how security impacts the organization as a whole is important to prepare him or her to create effective security policies.

Once you've trained the new admin and as new security devices and software are added to the network, have your security admin review and certify these devices to operate on the network. This builds security into the operations of your network instead of tacking it on at the end.

Mike Mullins has served as a database administrator and assistant network administrator for the U.S. Secret Service. He is a Network Security Administrator for the Defense Information Systems Agency.

2 comments
the_webninja
the_webninja

Okay I have been working on PCs for a while, but now I am running into some things that are a little beyond the scope of my knowledge. More and more people are starting to connect to their Work Servers using their Home PCs and their Employers are letting them Work at Home. Okay My Sister for example works for GM and they use VPN to accomplish this. And the Systems Administrators at GM are Sharp enough to make sure it happens with out causing the User a whole lot of Grief. However the Systems Administrators up at AARP in Washington are not so Bright. They INSIST on Home Users configuring their PCs for Remote Access, by removing all firewalls, and all Spyware and Hacker Prevention Software and essentially making the User run Naked to the World. Now a while back, Tech Republic did a little experiment to see just how Long it would take for a Computer to get Hacked running like this. And the AVERAGE time was only 5 Minutes. Okay so my Brother?s Wife has been running their PC like this for a few Weeks now, and she was given a four page instruction guide of how to completely remove all Security on her PC, and then in the same instruction guide it states they really don?t know what they are doing ?We are still researching this matter? essentially meaning they don?t know what they are doing. Okay so NOW it has become MY PROBLEM. Because I am the one in the Family that Fixes PCs, and in the Past Month between My Brother?s Wife and the Systems Administrators at AARP, they have successfully Screwed up the PC to the point of Not Functioning at all about 3 times in ONE MONTH! And I have had to result in Formatting the Hard Drive and completely re-installing everything, just to get the thing up and running again, 3 TIMES in One Month! I am beginning to Wonder how many more times I am going to have to go through all of this before the Systems Administrators at AARP learn what in the Helll they are doing? I can FIX the PC but Fixing the USER and the Idiot Systems Administrators are a bit more of a Challenge for me. So I figured what the Helll, I will use this as a Learning Experience, so now I am trying to spend some time Learning how to answer the Big Question: HOW CAN YOU CONFIGURE A REMOTE ACCESS PC, AND STILL MAINTAIN SECURITY? That is the Question I would like you guys to help me out with, if you could, and I hope like helll, the People at AARP are reading this so they can get their Shitt Straight and start Creating SOLUTIONS instead of Problems! Thank You. The_webninja@yahoo.com

jdmercha
jdmercha

Microsoft Virtual PC or VMWare