security.itworld.com – Merike Kaeo is a consultant focusing primarily on security-related products and network design solutions and an aspiring surfer. Here, she explains what prompted her to write this fundamental guide to security and some critical first steps companies should take before setting out a security strategy.
Title: Designing Network Security, Second Edition
Author: Merike Kaeo
Sample chapter: Threats in an Enterprise Network
Tell us about the Eureka! moment that led you to write this book.
Network folks I talked to kept lamenting about how hard security was and that they couldn't understand how all the varying security technologies fit together. I recall thinking that the confusion arises from people complicating the issue by trying to find a solution before understanding what the problem is in their environment. So, I set out to educate people on the fundamentals of security issues with enough technical depth to get people to start thinking of how to effectively implement security technologies in their individual environments.
Does this book fill a need that others have failed to fill?
The first edition was the first of its kind and provided a solid comprehensive background of security technology fundamentals, specific technology details, the importance of an effective security policy, incident handling procedures, and finally some practical infrastructure security implementation examples. The best compliment was having other books emulate this format of being a single comprehensive security book. The additional information in the 2nd edition, which details technology advances and routing protocol security features and adds details in specific networking environments, including VPNs, wireless and VoIP networks, is unique.
Why this book? Why now?
After taking a year off to travel and do something besides working with computers and networks, I decided to concentrate mostly on security consulting. As I started updating myself on newer developments, I figured I may as well have some incentive to sift through hundreds (literally) of standards documents, and updating the book seemed like a good idea.
What's the one question that no one has asked you about your book that you wish they had?
"How many documents did you read to get all that information in there?" Let's just say that I feel no pangs of guilt for taking some vacations right now to learn how to surf (and I don't mean the Web).
What reading material is on your nightstand?
Surfing magazines, fashion magazines and fun reading such as "Round Ireland With A Fridge" by Tony Hawks. It keeps things in perspective when you realize not everyone's world revolves around computers and networks.
Which websites top your favorites list?
What is your most hated buzzword?
VPN - why do people think that they are inherently secure?
Do you have any predictions for the IT year ahead?
Deploying security functionality will get easier. Then again I've been saying/wishing that for a number of years. Perhaps this is the year it will finally happen.