Well, what can I say about today. At the end of it, we will be halfway through our course books. Today was a lot of fun for me. We talked about a lot of stuff that I did not know anything about. So let’s just jump into it.
Day 3 - Internet Security Technologies
Well, another day, another 500+ book to go through in Security Training.
Today was Defense-In-Depth day at Security Essentials Bootcamp. I really enjoyed today a lot. We finished the fundamental stuff yesterday and started hitting the ground cracking (literally).
We started with a discussion of what Defense-In-Depth entailed. We hit on multiple layers of protection, the CIA Triad, risk management and the differences between threat and vulnerabilities. Then we began a rather lengthy talk about the differences between viruses, worms and trojans, and hit on some of the big hitters from years past…Melissa, Sasser, Slammer…ahhh, the good ole days. After a brief overview of malware and it effects, we moved on to the next section.
I am spending this week traveling to Birmingham, Alabama to attend the SANS Community Event that is teaching SEC401 - Security Essentials Bootcamp. The class is me and 23 others from all over the country. Most are from Alabama, but there are some from my home state of Louisiana (Louisiana Lottery Corp.) a couple from Georgia (including one gent who had to wear his University of Georgia Coachs shirt today, argh!), and then individuals from Arkansas, North and South Carolina, Florida, and Tennessee. The class is being taught by Matt Pierce who is the Security Administrator at AdTran in Huntsville, AL.
When we each arrive at the hotel, we are greeted with a black zippered bag with the SANS logo on it. When I lifted mine up, I thought that I had thrown my back out again. I looked down and saw 6 books that are each at least 2″ thick in them. Upon closer inspection, there was one book for each day, and they are each at least 500 pages. WOW! That is over 3000 pages of documentation for this training course.
I just wanted to give a quick CONGRATS to Alan and Mitchell at StillSecure. While perusing my copy of WindowsIT Pro last night, I ran up on the article “Guard Your Network with Software NAC”. I read the opening and found that StillSecure’s Safe Access product was being reviewed against offerings from Sophos, InfoExpress and McAfee.
The article shows the strengths and weaknesses of using a software-based NAC (that is Network Access Control) to protect your network. NACs evaluate each device plugged into a network against a set of rules/filters and decide if that device is allowed full access to your network. If it does not meet the standards that you have set for the network, the device is quaranteened until it can be brought up to standards.
It has been awhile since I have posted here, and since I have been pinged a couple of times in the last couple of weeks, I figured that i needed to start posting here again. So a quick recap of things that have been happening to me since I posted last.
I have decided to lay out some of the basics of my network at my job. Read forth with caution because it is not pretty. Please leave and and all suggestions that you have for me to make my network better and especially more secure. I have a Grand Vision in my head of what I want the network to be like. Now it is just getting the money, time and knowledge to get it all in place.
I have been at my job since Jan 2006. It is the first network administration job that I have had. I have come from the desktop support arena that dabbled in the network area. When I got here, our entire City Hall network was running on an old Compaq Proliant ML350 with 40GB hard drive. It had Novell 5.1 as the NOS, Groupwise 6.5 for email for 85+ users, Symantec Anti-Virus Corporate 8, ARCserve 6 for our single tape backup and the file server for 30+ users. The backup had not for the 2+ months prior to my arrival, which was revealed when our Sales Tax database got corrupted before my arrival [who would have thought a 300+MB Access database would corrupt!].
Over the past month, I have been fascinated with the Information Security (InfoSec) aspect of Information Technology (IT). I have been in IT for a long time, and have finally become a Network Administrator (NetAdmin) as my job. I have begun reading a number of security blogs and listening to security podcasts. My main source for security blogs is the Feedburner network, Security Bloggers Network, an aggregated feed of (currently) 66 security blogs in the blogosphere. There are a lot of great writer on that feed, and I have already learned a lot from this great resource.
This blog is a brand new venture for me. It will complement my other blogs: Black Belt Productivity, a blog I co-author about Getting Things Done, The Art of Stress-Free Productivity, and Rammblings, my personal blog.
This will be my blog that deals with my life in Information Technology. I am now the Network Administrator for the City of Northport, a small municipality in Central Alabama. I am also beginning to realize that my IT passion lies in Information Security (InfoSec).
Currently, I am pursuing a number of certifications. I am going to get my CompTIA A+, Network+ and Security+ certifications in my initial stages.
I am a new MacBook Pro owner, as well as a long time Microsoft Windows user. My decision to get the Mac was made in part so that I could learn a lot more about Linux, as well as my noticing that a lot more Security Professionals are moving to the Mac OS X platform. I have moved my main desktop machine at home to Windows Vista. I do like it a lot, and I will be talking about more later.
© 1-Man IT Department. Powered by WordPress using the DePo Clean Theme.