Today s information technology professional has to deal with security events as a matter of course ”from worms and viruses to rogue users, down to the stereotypical black t-shirt “clad intruder. This book contains valuable here s-what-to-type information ”not just theory ”and that s very handy for an administrator who has to do real work. The examples in the book are all helpful for using at the command prompt.
The more proactively you set up your security, the less reactively you ll have to patch, update, and recover from security events. One mindset that may help to ease the transition to proactive security is to think in terms of reducing risk, instead of increasing security. Ask questions like how can I reduce the most risk? often, and the reward will be more security. Remember that perfect is the enemy of good enough. Don t worry about putting in the perfect solution, but rather concentrate on the most practical one.
When it s all said and done, an effective and sustainable security strategy is not possible without the help of your network s users. Tackling management and resource issues can often be more challenging than tackling IPsec configuration issues. Fortunately, Wes has covered both sets of issues in this book.
Finally, know that you re not alone. We defenders must all work together if we re to have a greater effect on the security of our networks, users, and data. Forums like the Firewall-Wizards Mailing List allow helpful folks like the author of this book to assist people with specific problems. It may not be our fault that things weren t set up correctly, that someone did something they shouldn t have, or that someone attacks our systems. But it is our responsibility to do what we can to make our networks safe and to help others do the same.
Paul D. Robertson
Director of Risk Assessment, TruSecure Corporation
Moderator, Firewall-Wizards Security Mailing List
Paul Robertson has been in information technology and security over 20 years ; highlights include being stationed at The White House while in the United States Army and putting USA Today s website on the Internet. Paul currently helps manage risk for hundreds of corporate clients at TruSecure , and he participates in computer forensics, advocating www.personalfirewallday.org and moderating the Firewall-Wizards Mailing List.