Columns, Regular and Irregular

Fred Avolio regularly posts on security and other topics to his blog, where you can go to subscribe. He was a member of WatchGuard Technologies, Inc.’s LiveSecurity Advisory Council, and for a few years wrote a column for their LiveSecurity Service, a service that allows their subscribers to stay current on security issues. We republish them with WatchGuard’s permission.

He wrote the “Just the Basics” column for Information Security Magazine as well as writing for searchSecurity.com. He sometimes contributed to LURHQ Corporation’s On the Radar newsletter.

The NetSec Letter

WatchGuard Columns

LURHQ Columns

Magazine Columns

All of them.

Articles, Presentations, & Papers

Producing Your Network Security Policy. This paper, written for WatchGuard Technologies, Inc., lays out a common-sense approach to writing corporate security policies that makes them easier to draft, maintain, and enforce. Our “question and answer” approach requires no outside consultants. [What was I thinking!?] Instead, you can use your in-house knowledge and resources to yield a brief, usable, and — most importantly — understandable policy document, in a reasonable amount of time. To help you generate such a policy, this paper clears away some misconceptions about the purpose of network security; details the process of writing the policy; then explains how to keep refining the drafted policy.

Painless PGP. PGP Corp. delivers practical PKI deployment for securing e-mail with PGP Universal. This is a “Test Center” product evaluation from the December 2003 Information Security Magazine.

A short history of firewalls

Security Review: SSL VPNs. A whitepaper I wrote for Aventail.

E-mail security—Defending the server, a Networking tip I wrote for Techtarget.

“Sidewinder Runs the Gauntlet,” From the April 2003 Information Security Magazine, a review of the Sidewinder G2 Firewall Appliance.

“Gateway Guardians,” From the January 2003 Information Security Magazine, a review of 5 E-mail firewalls.

The Secure Email collection. A collection of my papers and articles on the subject.

I reviewed an e-mail security product called IronMail (from CipherTrust) for Information Security Magazine .

Signed, Sealed, and Delivered. A cadre of new e-mail security applications aims to solve the problems that have long plagued PGP and S/MIME. Written with Dave Piscitello.

The Rise and Fall of Internet Security. I delivered this paper at the Spring 2000 Internet Security Conference, in San Jose. I discuss the state of Internet security. It isn’t good. (Well, the paper is good… you know what I mean.)

“Best Practices in Network Security,”. Network security policies can touch on every aspect of every employee’s interaction with the network. This Network Computing Magazine March 20, 2000 article will provide you with a solid security framework, built on the right premises.

In October 1999, as a guest columnist for David Strom’s Web Informant email newsletter, I wrote about Email paranoia, coming out in favor of it.

“e-Business and the Need for ‘Air Gap’ Technology” is a (PDF format) white paper describing Whale Communications’ e-Gap™ product, a commmunications “air gap” for e-business.

Buyer’s Guide: Biometrically Speaking is an article I wrote for Network Computing Magazine dated August 23, 1999. It gives an overview of biometric technology.

In July 1999, I was a guest columnist for David Strom’s Web Informant e-mail newsletter. It was reprinted in Byte Magazine. I was asked to try to break into his new site.

The Castle Defense A primer for enterprise system and network protection. A Performance Computing Special Report from the July 1999 issue.

Firewalls and Internet Security, the Second Hundred (Internet) Years An overview of the evolution of Internet firewalls with a look towards the future. Published in the June 1999 issue of Cisco’s The Internet Protocol Journal.

Firewalls: Are We Asking Too Much? Information Security magazine cover story, May, 1999. Allowing a new service through a firewall is easy. Doing it while maintaining the same high level of security isn’t.

Security Axioms. Some are true, some just sound true. It is important to know which is which.

Software Review: Sendmail Pro. This is a Performance Computing April 1999 review of Sendmail, Inc.’s first commercial Sendmail product. (I liked it.)

Intrusion Detection Joins Net Security Arsenal, Internet World, March 22, 1999. An overview of the passive and active techniques that work together to help systems administrators stay on top of intrusion perils.

MailGuardian delivers transparent security to users. This is an InforWorld February 8, 1999 review of Vanguard Security Technologies’ MailGuardian product. MailGuardian provides e-mail security.

The Foundations of Enterprise Network Security, Originally published in Data Security Management, February 1999. Copyright © 1999 Auerbach Publications. User by permission. This article discusses the initial work that must be done to establish a network and computer security perimeter. Specifically, we discuss business needs analysis, risk assessments, security policy development, and the selection of mechanisms and establishment of methods.

Identity Confirmed, An “Issues and Trends” piece published in Network World, August 24, 1998. This is a discussion of biometric authentication devices, such as fingerprint readers, voice recognition systems, and retinal scanners.

Some Important VPN Questions Answered (A CSI Interview with Fred Avolio), from the Computer Security Alert Number 185, August 1998.

A Multi-Dimensional Approach to Internet Security, from Volume 2.2 of the ACM netWorker magazine, 1998. This article discusses all the things that make up the establishment of computer and network security. Firewalls are not enough.

A Computer and Network Security Primer, 1998. A short paper written to explain some of the basic terminology.

Application Gateways and Stateful Inspection, revised January 1998. There has been much discussion and marketing hype surrounding application gateways and stateful multilevel inspection as architectures for firewall development. After a lengthy discussion on the firewalls mailing list, the authors wrote and distributed this paper. It is the result of experience, observation, and input from the members of the firewalls mailing list.

An Approach to Computer Security, originally published in the TIS Data Security Letter in 1996. This is a short editorial arguing for doing the groundwork of network security.

Firewalls and Virtual Private Networks, 1996. A brief article discussing VPNs and how they are supported by Internet firewalls.

Tracing Electronic Mail, 1996 Based on a short training session for the US Secret Service on the methods to use to trace electronic mail, this paper should be helpful for system managers and postmasters.

Security on the Internet — A Viewpoint . This editorial appeared in the Proceedings of the 17th National Computer Security Conference, October 1994. Basic point: firewalls are not enough.

The Seven Tenets of Good Security. Rules to live by.

A brief history of the TIS Internet Firewall Toolkit (FWTK), copied over from the “unofficial” user site.

Network Security: Building Internet Firewalls, Originally published in the BUSINESS COMMUNICATIONS REVIEW, January 1994. This magazine articles is an introduction to Internet Firewalls and, though old by Internet standards, is still useful.

A Toolkit and Methods for Building Internet Firewalls, proceedings of the summer USENIX conference, June 1994. In this paper, Marcus Ranum and Fred Avolio discuss one of the results of the DARPA project to establish and secure WhiteHouse.Gov and the President’s e-mail. Specifically, it is the first formal description of the TIS Internet Firewall Toolkit (FWTK).

A Network Perimeter with Secure External Access, proceedings of the ISOC NDSS Symposium, February 1994. This paper, coauthored by Marcus Ranum, discusses a research project for DARPA in which two of the goals were to raise the level of network and computer security for the White House and to securely put the President on-line for e-mail access.


With Paul Vixie, Sendmail Theory and Practice, Second Edition , published by Butterworth-Heinemann, December 2001. This book explains how and why Sendmail does what it does and provides “cookbook recipes” and simplified explanations on how to manage a mail system. The authors progress from the simple to the complex, providing knowledge essential for both the interested user and the experienced system manager. Updated for Sendmail version 8.11.

Book Reviews

KNOW IT Security: Secure IT Systems Casino Style by Jim Litchko. “In this book Jim explains all of the key aspects — the Essentials — of IT security for the manager.”

The Myth of Homeland Security by Marcus J. Ranum. Ranum’s book is engaging, unsettling, entertaining, and disturbing. Yet, I think it is an accurate assessment of the morass that is “homeland security.” Fred Avolio reviewed this on Amazon.com.

Removing the Spam: Email Processing and Filtering by Geoff Mulligan. Small but thorough book covering email configuration with an eye towards stopping spam. This review appeared in Cisco’s The Internet Protocol Journal, March, 2000.

Information Warfare and Security , by Dorothy Denning. Denning’s book about all aspects of information warefare is incredibly informative as well as being an enjoyable read. Fred Avolio reviewed this for Cisco’s The Internet Protocol Journal, September, 1999.

Internet Cryptography , by Richard Smith. This is an excellent book covering cryptography and how it is used in security solutions on the Internet. Written by an expert, reviewed by Fred Avolio. Originally published in Cisco’s The Internet Protocol Journal, March, 1999.

[ Home | Services | Curriculum Vitae | Papers | Calendar | Testimonials ]