Andrew has 11 years experience in the networking industry and is currently consulting for the largest ISP in the UK. He is involved in the design and implementation of complex secure hosted solutions utilizing products from the Cisco Secure family. Andrew also holds CCSA, A+, Network+, CNA, and MCSE+Internet certifications.
How did you gain interest in computer security?
My interest in computer security is really an evolution that occurred with my career. I started off like many, working on a helpdesk fixing desktop type problems and heavily investing my time studying Microsoft products. I then made the move to Cisco when I was looking for a deeper challenge and the job I was involved in luckily was doing a Token Ring to Ethernet migration for a large UK bank. I quickly became interested and focussed on Internet technologies and I guess that security just came hand in hand with that. I have been involved with Firewalls and Intrusion Detection devices for quite a while and luckily I have had first hand experience of the growth of these products working for the largest European ISP. One thing that I like about the security marketplace is that it is constantly changing. No sooner do you learn one technology, another one becomes prominent.
What are your favourite security tools?
I have quite a few security tools that I use on a daily basis. Nmap and Cain & Able are superb tools for testing your security policy and configurations. I also use the products from Sam Spade for network information. Ethereal gives me everything I need from a network analyser.
What operating system(s) do you use and why?
I must admit that I am a power user of Windows XP, due mainly to the fact that all of the applications I use on a daily basis are Windows based. I also use Linux and Solaris for other tools that are not yet ported to the Windows environment.
How long did it take you to complete “Cisco Secure Virtual Private Networks (CSVPN)” and what was it like?
CSVPN was my forth book that I have been involved with and my second for Cisco Press. The CSVPN book was a pleasure to write and I really enjoyed the research that went with the book. It took my approximately six months to complete the chapters and then about another three months in development before it hit the shelves.
In your opinion, what are the most important things an administrator has to do in order to keep a network secure?
Now this is a question! Security is no longer a single product solution. You cannot just install a firewall and presume that your network is secure. What about internal threats? What about DoS attacks? The most important aspect of network security is the term “defence in depth”. You have to look at every aspect of your computer network, starting with a written security policy and identify the risks that exist within the network. There are numerous products that can be mapped to each risk and these have to be implemented synonymously in order to fully protect your network. I also come across a lot of companies with security equipment that is installed and configured very badly. Security is a specialised area that really does require expert assistance in order to configure it to work safely and securely.
What is, in your opinion, the biggest challenge in protecting information at the enterprise level?
The biggest challenge statistically is protecting your internal resources from internal users. People seem to always forget about protecting their systems from internal users. The easiest way to attack a companies electronic resources is to apply for a job within the company and attack them from the inside. More often than not, there is little if NO protection from internal users. It is important to create security zones and only give users access to the information they require.
What are your future plans? Any exciting new projects?
I have just finished the CCIE Practical Studies: Security book for Cisco Press. It is a hands-on based book for the Security CCIE lab exam. I am just starting work on the second edition of “Cisco Secure Virtual Private Networks”. This new book is more focussed on the Cisco VPN 3000 range of products and covers them in far greater details than the old book did. I am also studying hard for the Security CCIE.