Fred Avolio regularly posts on security and other topics to his blog, where you can go to subscribe. He was a member of WatchGuard Technologies, Inc.’s LiveSecurity Advisory Council, and for a few years wrote a column for their LiveSecurity Service, a service that allows their subscribers to stay current on security issues. We republish them with WatchGuard’s permission.
He wrote the “Just the Basics” column for Information Security Magazine as well as writing for searchSecurity.com. He sometimes contributed to LURHQ Corporation’s On the Radar newsletter.
|
Producing Your Network Security Policy. This paper, written for WatchGuard Technologies, Inc., lays out a common-sense approach to writing corporate security policies that makes them easier to draft, maintain, and enforce. Our “question and answer” approach requires no outside consultants. [What was I thinking!?] Instead, you can use your in-house knowledge and resources to yield a brief, usable, and — most importantly — understandable policy document, in a reasonable amount of time. To help you generate such a policy, this paper clears away some misconceptions about the purpose of network security; details the process of writing the policy; then explains how to keep refining the drafted policy.
Painless PGP.
PGP Corp. delivers practical PKI deployment for securing e-mail with PGP Universal.
This is a “Test Center” product evaluation from the December 2003
Information Security Magazine.
A short history of firewalls
Security Review: SSL VPNs.
A whitepaper I wrote for Aventail.
E-mail security—Defending the server,
a Networking tip I wrote for Techtarget.
“Sidewinder Runs the Gauntlet,”
From the April 2003 Information Security Magazine, a review of the Sidewinder G2 Firewall Appliance.
“Gateway Guardians,”
From the January 2003 Information Security Magazine, a review of 5
E-mail firewalls.
The Secure Email collection.
A collection of my papers and articles on the subject.
I reviewed an e-mail security product called
IronMail (from CipherTrust) for
Information Security Magazine
.
Signed, Sealed, and Delivered.
A cadre of new e-mail security applications aims to solve the problems
that have long plagued PGP and S/MIME. Written with Dave Piscitello. The Rise
and Fall of Internet Security. I delivered this paper at the Spring 2000 Internet Security Conference,
in San Jose. I discuss the state of Internet security. It isn’t good. (Well,
the paper is good… you know what I mean.)
“Best Practices in Network Security,”.
Network security policies can touch
on every aspect of every employee’s interaction with the network. This Network
Computing Magazine March 20, 2000 article will provide you with a solid
security framework, built on the right premises. In October 1999, as a guest columnist for
David Strom’s Web Informant email newsletter, I wrote about
Email paranoia, coming out in favor of it. “e-Business and the
Need for ‘Air Gap’ Technology”
is a (PDF format) white paper describing
Whale Communications’
e-Gap™ product, a commmunications “air gap” for e-business.
Buyer’s Guide: Biometrically Speaking
is an article I wrote for
Network Computing Magazine
dated August 23, 1999. It gives an overview of biometric technology.
In July 1999, I was a guest columnist for
David Strom’s Web Informant
e-mail newsletter. It was reprinted in
Byte Magazine.
I was asked to try to break into his new site. The Castle
Defense
A primer for enterprise system and network protection. A Performance Computing
Special Report from the July 1999 issue. Firewalls and
Internet Security, the Second Hundred (Internet) Years
An overview of the evolution of Internet firewalls with a look towards
the future. Published in the June 1999 issue of Cisco’s
The Internet Protocol Journal.
Firewalls: Are We Asking Too Much?
Information Security magazine cover story, May, 1999. Allowing a new service
through a firewall is easy. Doing it while maintaining the same high level
of security isn’t.
Security Axioms. Some are true, some just sound true. It is important to know which is
which.
Software Review: Sendmail Pro.
This is a Performance Computing April 1999 review of Sendmail, Inc.’s
first commercial Sendmail product. (I liked it.) Intrusion
Detection Joins Net Security Arsenal,
Internet World, March 22, 1999. An overview of the passive and active
techniques that work together to help systems administrators stay on top
of intrusion perils.
MailGuardian delivers transparent security to users.
This is an InforWorld February 8, 1999 review of Vanguard Security Technologies’
MailGuardian product. MailGuardian provides e-mail security.
The Foundations of Enterprise Network Security, Originally
published in Data Security Management, February 1999.
Copyright © 1999 Auerbach Publications. User by permission. This article
discusses the initial work that must be done to establish a network and
computer security perimeter. Specifically, we discuss business needs analysis,
risk assessments, security policy development, and the selection of mechanisms
and establishment of methods.
Identity Confirmed,
An “Issues and Trends” piece published in
Network World, August 24, 1998. This is a discussion of biometric authentication devices,
such as fingerprint readers, voice recognition systems, and retinal scanners.
Some Important VPN Questions Answered (A CSI Interview with Fred Avolio),
from the Computer Security Alert Number 185, August 1998.
A Multi-Dimensional Approach to Internet Security,
from Volume 2.2 of the ACM netWorker magazine, 1998. This article discusses
all the things that make up the establishment of computer and network security.
Firewalls are not enough.
A Computer and Network Security Primer, 1998.
A short paper written to explain some of the basic terminology.
Application Gateways and Stateful Inspection,
revised January 1998. There has been much discussion and marketing hype
surrounding application gateways and stateful multilevel inspection as architectures
for firewall development. After a lengthy discussion on the firewalls mailing
list, the authors wrote and distributed this paper. It is the result of
experience, observation, and input from the members of the firewalls mailing
list.
An Approach to Computer Security, originally published in the TIS Data Security Letter
in 1996. This is
a short editorial arguing for doing the groundwork of network security.
Firewalls and Virtual Private Networks,
1996. A brief article discussing VPNs and how they are supported by Internet
firewalls.
Tracing Electronic Mail,
1996 Based on a short training session for the US Secret Service on the
methods to use to trace electronic mail, this paper should be helpful for
system managers and postmasters. Security on the
Internet — A Viewpoint .
This editorial appeared in the Proceedings of the 17th National Computer
Security Conference, October 1994. Basic point: firewalls are not enough.
The Seven Tenets of
Good Security. Rules to live by. A brief
history of the TIS Internet Firewall Toolkit (FWTK), copied over from the
“unofficial” user
site.
Network Security: Building Internet Firewalls,
Originally published in the BUSINESS COMMUNICATIONS REVIEW, January 1994.
This magazine articles is an introduction to Internet Firewalls and, though
old by Internet standards, is still useful.
A Toolkit and Methods for Building Internet Firewalls,
proceedings of the summer USENIX conference, June 1994. In this paper,
Marcus Ranum and Fred Avolio discuss one of the results of the DARPA project
to establish and secure WhiteHouse.Gov and the President’s e-mail. Specifically,
it is the first formal description of the TIS Internet Firewall Toolkit
(FWTK).
A Network Perimeter with Secure External Access,
proceedings of the ISOC NDSS Symposium, February 1994. This paper, coauthored
by Marcus Ranum, discusses a research project for DARPA in which two of
the goals were to raise the level of network and computer security for the
White House and to securely put the President on-line for e-mail access.
|
With Paul Vixie, Sendmail Theory and Practice, Second Edition , published by Butterworth-Heinemann, December 2001. This book explains how and why Sendmail does what it does and provides “cookbook recipes” and simplified explanations on how to manage a mail system. The authors progress from the simple to the complex, providing knowledge essential for both the interested user and the experienced system manager. Updated for Sendmail version 8.11.
KNOW IT Security: Secure IT Systems Casino Style
by Jim Litchko. “In this book Jim explains all of the key aspects — the Essentials — of IT security for the manager.”
The Myth of Homeland Security
by Marcus J. Ranum.
Ranum’s book is engaging, unsettling, entertaining, and disturbing. Yet, I think
it is an accurate assessment of the morass that is “homeland security.”
Fred Avolio reviewed this on Amazon.com.
Removing the Spam: Email Processing and Filtering
by Geoff Mulligan. Small but thorough book covering email configuration
with an eye towards stopping spam. This review appeared in Cisco’s The Internet
Protocol Journal, March, 2000.
Information Warfare and Security
, by Dorothy Denning. Denning’s book about all aspects of information warefare
is incredibly informative as well as being an enjoyable read. Fred Avolio
reviewed this for Cisco’s The Internet Protocol Journal, September, 1999.
Internet Cryptography
, by Richard Smith. This is an excellent book covering cryptography and
how it is used in security solutions on the Internet. Written by an expert,
reviewed by Fred Avolio. Originally published in Cisco’s The Internet Protocol
Journal, March, 1999.