Columns, Regular and Irregular   

---

Fred Avolio publishes a monthly e-column dealing with current issues in the area of internetwork security. (To receive monthly columns by e-mail, send e-mail from here.) He is a member of the advisory board of LURHQ Corporation, a managed security solutions provider, and writes for their customer newletter, On the Radar.

He used to be a member of WatchGuard Technologies, Inc.’s LiveSecurity Advisory Council, and wrote columns for their LiveSecurity Service. We republish them with WatchGuard’s permission.

For 2 years, he wrote the “Just the Basics” column for Information Security Magazine as well as writing for searchSecurity.com.

In reverse order of publication…

• Smart Scanning. From LURHQ’s On the RadarVolume 7. Implementing an effective, continuous scanning program …
• When the Worst Happens. From LURHQ’s On the RadarVolume 2, what to do when you’ve been rooted.
• Preparing for the Worst. From LURHQ’s On the RadarVolume 1, “… the main steps needed to put together an Incident Response Plan (IRP) and a Computer Security Incident Response Team (CSIRT).”
• NetSec Letter #33, Measuring Security. Can we measure it? Do we?
• NetSec Letter #32, Security Checklist. Covering all the bases.
• NetSec Letter #31, Personal Firewall Day. ‘Tis the season to get infected with a computer virus.
• NetSec Letter #30, The Microsoft Factor, Part 2. What can we do?
• NetSec Letter #29, The Microsoft Factor. How does a “monopoly” affect security?
• Protecting the Home Office. These seven “musts” will help extend protection to home users and road warriors. The November 2003 “Just the Basics” column. (The last one! A collector’s item!!)
• Debunking the Firewall Hype. “Application intelligence” is the latest buzz, but is it really new? The September 2003 “Just the Basics” column.
• NetSec Letter #28, The Vanishing Perimeter. It vanished a long time ago.(Reprinted in VARBusiness Magazine.)
• The Firewall Physical, my “Just the Basics” column, in the July 2003 Information Security Magazine asks “How do you know if your firewall is ‘healthy’?”
• Preparing for the Worst, a column Fred wrote for On the Radar.
• #27, Spam Control.
• DNS 101.
• Just the Basics, May 2003 in Information Security Magazine is entitled “A Firewall for All Occasions,” kicking around which type might be just fine for your situation (dogma not-withstanding).
• #26, Beyond the VA Scan.
• #25, A look at Gilian’s Exit Control.
• My March Information Security Magazine “Just the Basics” column is entitled “Practical Patching,” six steps to help decide when you must patch, and when it’s okay to wait.
• #24, SSL VPNs. Why I like them.
• Belt and Suspends Redux, from the January 2003, Information Security Magazine “Just the Basics” column.
• #23, E-mail Firewalls. Application-specific firewalls.
• #22, Security Awareness Musings-from-the-Friendly-Skies.
• Practical IR, from the October 2002, Information Security Magazine “Just the Basics” column.
• #21, Securing Cyberspace — Comments on the National Strategy.
  
• #20, The Need for Web Security. It’s not just how big a target you are…
• The Real Deal on Wireless, from the August 2002 Information Security Magazine “Just the Basics” column.
• Wireless at Home. And you thought all you had to worry about was what they did at work!
• Five “Must Have” Defenses for Mobile Computer Users.
• #19, 31 May 2002 It’s Not Just for Security Guys Anymore
• Practical Firewalling. The virtual network perimeter has changed the rules of the game for firewalls –and that means changing our tactics.
• Using Your Firebox’s Optional Interface. The title refers to the WatchGuard Firebox Firewall, but this column is applicable to anyone who has or is thinking about setting up a DMZ.
• Rethinking IDS. How to get what you want…and what you need.
• #18, 10 April 2002 . Using Network VATs for Verification
• #17, 5 March 2002 . The Nefarious “Any”
• Watch out for hotel broadband vulnerabilities . Originally published for searchSecurity.com .
• Basic Router Security A WatchGuard editorial.
• Security Tokens: Why Aren’t You Using Them? A WatchGuard editorial.
• What Are Intrusion Detection Systems (IDS)? A “Foundations” WatchGuard editorial.
• #16, 1 February 2002 . “On September 11, everything changed, forever…” NOT!
• “Simmering Security”. January 2002 “Just the Basics” column in Information Security Magazine. Cutting through security clutter.
• Your New Firebox: Day 8 . Though the title is WatchGuard-centric, this column deals with what every new firewall administrator should do on the 8th day.
• NetSec Letter #15, 23 December 2001 . 2001 Letter to Santa from a Security Administrator
• NetSec Letter #14, 23 November 2001 . Do We Really Need VPNs?
• E-mail Headers and SMTP Commands, written for WatchGuard as a follow-up to Introduction to WatchGuard’s SMTP Proxy, but never published.
• Introduction to WatchGuard’s SMTP Proxy. Even if you don’t have a Firebox, you’ll learn why you really want an application gateway (proxy) dealing with this stuff.
• Secrets of Security Policy Development Revealed! At the risk of hurting my consulting business, I reveal secrets heretofore known only to the “Arch Mages” of Internet Security. (Please don’t tell.)
• Afterthoughts and Lessons to Learn after September 11, 2001. NetSec Letter #13, October 23, 2001.
• Smart Card Smarts . What are smart cards, and what makes them think they’re so smart, anyway? A searchSecurity.com “Executive Briefing.”
• From Zero to Expert in your “Spare Time.” A WatchGuard “Foundations” column. What? No spare time? Read on…
• Before You Pull the Plug . NetSec Letter #12, 13 September 2001. I wrote this as a follow-on to my friend David Strom’s Web Informant #258 , which discusses the human side of down-sizing. In this, I look at this problem from a computer and network security angle, and suggest some safeguards.
• Foundations: Cryptography 101 . Data and information residing on computers and flowing over telephone and network connections are vulnerable to theft, modification, and forgery. This article, aimed at the neophyte, looks at a technique used to secure transmissions over a network or to protect data files as they reside on a computer. The technique is called cryptography .
• Internet Security and Usability: Who’s Winning? NetSec Letter #11, 8 August 2001. Reflections from vacation on the state of Internet Security.
• When Access Control Goes Bad . NetSec Letter #10, 14 July 2001. Access control and the May 2001 reported trade secret theft at Lucent Technologies.
• PKI Qs and As . As a follow-on to my June 2001 tutorial on PKI for searchSecurity, I answered some leftover questions.
• After the Storm . A column I wrote for Camelot’s newsletter on the subject of cleaning up after an inside attack. I use the trade secret theft at Lucent Technologies as a starting point.
• Certification of Security Professionals . Who will you trust? A brief introduction to the topic with some pointers.
• Defense in Depth A WatchGuard column discussing what defense in depth means and ways to achieve it.
• Other Solutions For Secure E-mail . A look at an alternative product, A-Lock, along with pointers to some other reviews of other products. We’re just too tired of waiting for PKI, and PGP still causes grown men to cry.
• Can We Trust Digital Signatures?” . A WatchGuard column on digital signatures and the US e-signature legislation.
• Remote E-mail Access . A searchSecurity.com column discussing various ways to allow remote access to corporate e-mail for the telecommuter and the road-warrior.
• Firewalls, VPNs, and Remote Offices , a look at how we connect them and how we should .
• Corporate E-mail: What’s Your Policy? A WatchGuard column discussing the need for e-mail acceptable use policies.
• Virus Hoaxes, A Plea and a Plan . A pet peeve with some guidelines and suggestions.
• E-mail security — Defending the server . A searchSecurity.com editorial.
• Network Applications: A Security Guy’s Wishlist . A request to application developers, pointing out the dangerous things they do.
• One Size Never Fits All . Tighten up that firewall!
• Regarding “Security Through Obscurity” is a viewpoint I wrote for Information Security Magazine .
• IPsec and VPNs: The Sad/Glad State of Affairs . Where we are with Virtual Private Networks (in February 2001).
• Think your e-mail is secure? Think again. A searchSecurity.com editorial. There is a related searchSecurity.com “Live Expert Q&A” transcript .
• Security Product Certification . A discussion of different ways to certify security products.
• The Ordo Cautela: Steps to Security . The logical and practical order to security deployment.
• E-mail Security, Part 2: Speed Bumps . Observations and recommendations.
• It’s a matter of trust: Digital certificates and e-signatures , a searchSecurity.com editorial.
• Intruder Alert… Or is it? Don’t you wish you had an incident response plan?. A WatchGuard editorial.
• E-mail Security, Why Don’t We Bother?
• Biometrics: Coming of Age .
• Staying Alive: Keeping Current on Security Issues (While Still Having A Life) , a searchSecurity.com editorial.
• Extending the Perimeter: Protecting the Telecommuter and the Road Warrior (Part 2)
• Extending the Perimeter: Protecting the Telecommuter and the Road Warrior (Part 1)
• Benefits and Drawbacks of Open Source for Security Solutions
• PC Disk Encryption: A Lesson Learned and Recommendations
• Deploying Crypto, What Are You Waiting For?
• Securing the Corporate Network — Two Simple Things Every PC User Can Do
• Melissa: Have We Learned Anything Yet?
• Appreciating the Importance of History in Network Security. The Institute for Applied Network Security, September 2004.