By Mike Mullins
Last time, we discussed the basic training that network security administrators need, and we focused on operating systems, firewalls, and clients and servers. With this training, admins should be able to provide basic protection to corporate assets.
But basic protection isn't enough—you need to incorporate the Defense in Depth approach to your security training curriculum. According to this approach, every device on your network has the potential to become a part of your security architecture.
Proper training on policy, switches, and routers is fundamental in layering protection devices throughout your enterprise to create a total defensive perimeter. Advanced training begins with routing and switching, which also provides in-depth instruction in the ports and protocols that operate on the network.
Routing and switching training
A security admin must be trained on all switches and routers that run on your organization's network so he or she will know how to use these devices effectively for network defense. Since both of these hardware items are fundamental in developing your Defense in Depth approach to total security, understanding how switches and routers communicate is essential.
As with firewall training, your best source for router training is usually through the vendor. For example, if you use Juniper routers in your network, the Juniper Networks Technical Certification Program (JNTCP) is an excellent training tool.
If your routers and switches are Cisco devices, Cisco offers a Cisco Certified Security Professional (CCSP) certification. But this certification's training material and content is geared toward an entire suite of Cisco security products, so I recommend the Cisco Certified Network Associate (CCNA) program instead. This entry-level certification is moderately difficult and provides a good assessment of the basic skills admins need to incorporate routers and switches into the network's defensive perimeter.
To complete the advanced training, encourage the admin to look at security's big picture. A new security admin must understand security from a policy perspective and have a broad overview of different functional areas. One of the best industry standard training plans and certifications comes from the Certified Information Systems Security Professional (CISSP) program. This certification covers 10 functional areas and includes these subjects:
Policy is the foundation of network security. Your security admin must understand these subject areas before attempting to create and/or update your organization's security policies.
After studying the basic and advanced training plans, your security admin will be trained to provide a total security solution for your current architecture and to have a vision of the network's future.
As new security tools or devices are added to your network, be sure to train your admin on their function and purpose. It's vital to your organization's security that its admins fully understand how the network communicates with itself and the world.
Although this advanced training plan mentions specific certifications, they're worthless without the education and training needed to achieve the piece of paper. If your advanced training plan ends in certification, that's a bonus—not a goal.
Mike Mullins has served as a database administrator and assistant network administrator for the U.S. Secret Service. He is a Network Security Administrator for the Defense Information Systems Agency.