Network Security: First Steps

Network Security: First Step

CiscoPress
ISBN No.: 1-68720-099-6

Earlier this year, Air Canada accused WestJet Airlines Ltd. of corporate espionage, alleging that WestJet used an Air Canada employee intranet. WestJet retorted with a lawsuit of its own, charging Air Canada investigators with unlawful seizure of documents from the trash of a now former WestJet executive.

Frowns probably furrowed the brows of IT managers on both sides.

Veteran network trainer Tom Thomas examines such concerns in his book Network Security: First Step (Cisco Press, 2004). Thomas warns that industrial espionage is widespread, describes how hackers break into information networks, and explains how to deal with such threats.

Written as conversationally as the topic allows, the book tackles many other aspects of network security – policies, protocols, routers, VPN, and wireless, among others. Readers look over a hacker's shoulder as Thomas explains the cyber crook’s business, including the tools that electronic evildoers use. These insights may be the most valuable in the book.

For the unconvinced, Thomas gives plenty of reasons why network security must be a top priority. Most of these are in the first chapter, aptly titled “Here There Be Hackers!” In the book’s most colorful example, he starts the chapter on wireless security with a made-up story: vacationing “uber tech” logs on to company network through hotel's wireless setup; competitor spy uses link to steal valuable secrets; company loses millions in revenues; tech loses job.

Despite this introduction, Thomas doesn't discourage wireless networking. He explains the strengths and limitations of wireless encryption protocol, various EAP methods, and other tools and practices.

Thomas encourages the development of full security policies in Chapter 2. He covers many facets of his own company’s security strategies and ends the chapter with references that IT managers can use to build their own policies.

The last chapter is an appropriate bookend. “Tools of the Trade” lists the basics of security assessments and testing products (although Thomas also sprinkles these throughout the book).

Thomas is Cisco-certified, a Cisco instructor, and former Cisco course developer. Cisco Press published the book. Does this mean a Cisco slant? Yes and no. Cisco’s competitors aren’t really mentioned in this book and Thomas isn’t shy about his knowledge of Cisco products and partners (like his own company).

However, Thomas would have reduced the value of the book if he wrote it without mentioning brand names, especially those of market leaders like Cisco. Besides, Thomas does mention other company and product names. Citations of 3Com, Addtron, Compaq, DLink, and freeware and open-source products give IT managers shopping for solutions various places to check.

Thomas aims the book at a wide audience. Each member will find it handy to some degree. The book's biggest fans will likely be members of smaller IT shops that don't have separate security departments. Others will find specific chapters to be of use. (Expectation management: this book covers many topics without going into much depth, hence the words “first step” in the title. Thomas’s “second steps” include references to web sites, books, and the movie “Sneakers.”)

It's also being marketed as a textbook. To that end, each chapter offers basic explanations of security terms (and a glossary) as well as review questions and answers. The glossary is fine, but Thomas overshoots the mark with the review questions and answers. IT professionals will use the book as a reference, while teachers already have lots of homework material to assign to students.

More case studies would have been a better use of this book’s pages, as would methods IT managers could use to limit non-electronic types of information leaks. Police in my neighborhood say that overturned recycling boxes on a nearby street are signs of a new type of criminal activity – fishing for documents that thieves can use for identity theft. (Do your employees take home printouts of their work? Buy them paper shredders.)

A shredder probably would have helped the aforementioned former WestJet executive keep his job. That’s why low-tech security breaches such as dumpster diving and social engineering make their way into this book, however briefly.

At least Thomas mentions this – information also travels on highways besides the electronic ones IT managers monitor. That and many other useful concepts make this book a great addition to any networking professional's library.

Originally published here

Top