By Mike Mullins
A network security administrator should have a certain baseline of skills and some specific training. At a minimum, your network security trainee should be able to administer the systems he or she is protecting.
This doesn't mean this person should know each application thoroughly; applications are for systems administrators. Rather, the security admin should be able to administer the operating systems and security-specific devices and applications that lie within your network defense perimeter.
For example, if you run a Windows network, the security admin must be qualified to administer the systems within that network, including everything from server to client. This is necessary because most vulnerabilities are discovered in the operating systems and their components.
Properly training your security admin is important. If you need a financial incentive to provide this training, keep in mind the words "due diligence" and the recent bout of court cases against companies that failed to properly secure their networks.
Developing a training plan isn't that difficult, but I'll make it even easier by outlining a sample training plan. I'll base this sample plan on a Windows 2000 network with Windows XP Professional clients and a Check Point FireWall-1 NG.
This plan mentions specific certifications. While certifications normally mean next to nothing to me, these certification tracks do an excellent job of training and verifying the skill sets that a security admin requires. The key word here is training. In this plan, you're using the certification as an industry standard tool set to train and verify the skills you want your security administrator to have.
Clients and servers training
For the operating systems involved in clients and servers training, the Microsoft Certified Systems Administrator (MCSA) program does an excellent job of training and verifying client- and server-level skills. The MCSA covers the following areas:
Once your new security administrator thoroughly understands what he or she is protecting, it's time to begin training on the device that's most responsible for network security: the firewall.
Your best choice for firewall training is usually directly through the vendor. Check Point Certified Security Administrator (CCSA) is an entry-level certification that confirms the administrator's ability to configure and manage fundamental implementations of Check Point's FireWall-1.
The CCSA training plan verifies that the security administrator possesses the skills to define and configure security policies that enable secure access to information across the corporate network. The CCSA training also teaches the admin how to monitor network security activity and how to implement measures to block intruder access to protected networks.
This is a basic plan for training a security admin. Advanced training for a new security admin should include training on all switches and routers and on any security-specific tools and applications that are used for your network defense. In addition, training your admin to understand how security impacts the organization as a whole is important to prepare him or her to create effective security policies.
Once you've trained the new admin and as new security devices and software are added to the network, have your security admin review and certify these devices to operate on the network. This builds security into the operations of your network instead of tacking it on at the end.
Mike Mullins has served as a database administrator and assistant network administrator for the U.S. Secret Service. He is a Network Security Administrator for the Defense Information Systems Agency.