Re: Teaching Firewalls (was: Firewall for Pedagogical Purposes)

["neil d. quiogue" <neil () iphil net>]

On Mon, 12 Jan 1998 chuck+fwwiz () snew com wrote:

> Never used Juno.  Remember that the TIS FWTK is a toolkit - not a
> firewall, but a set of proxies that go onto a secure machine.
> Adding it to an unsecure machine means you have an unsecure machine
> running (secure) proxies.

*sigh* yes i know (that's what's the tk stands for).

> For teaching, I'd think it far more important to teach (just an
> off the cuff list):
> - TCP/IP and how it works
> - Filtering techniques (and why);
> - Various (common) protocols and their weaknesses and strengths.
> - Monitoring techniques (with IP security issues in mind)

these are all important foundations in learning to secure your system.  in
fact, each _good_ system administrator should know about these much more a
security consultant (and other titles). but one would question as to the
depth of teaching these @ a particular length of time and how. 

in my experience, it's better to teach the concepts and basics of applying
these in a test system through some set cases (case studies).  let them
gain experience in the 'real world' (with consultation and mentoring)then
it's time to tackle them in depth discussing the rudiments of this
technologies (e.g., protocols, algorithms) which allows the information
gathered to be inculcated instead of just spoon feeding everything within
a limited period of time. 

as such, teaching firewalls would only a subset of a full security course
that would span for quite some time but would not be continuous in the
sense that _students_ would be allowed to gain the prerequisite experience
before going to the next level.  this i believe is the ideal setting for a
_good_ security course but being in a country without the requisite
_experts_ and _training courses_, i don't know about other people's
experience on such courses.

> I offer this because I have cleaned up firewalls set up by "trained"
> people who shouldn't pass a CNE test, who shouldn't be an SA.  To

that is why these tests won't gauge the overall capability of the person
through a certain period of time (i.e., experience).

[RFS]
in any case, this is sort of a plug for a request for speakers for the
joint PHCERT & APNG (Philippine CERT & Asia Pacific Networking Group) 
security conference this november 1998.  this is being finalized and
presented to the APNG meeting this february in Manila, Philippines.  upon
mjr's approval, i'll be sending a proper announcement for the RFS.  fyi,
william church and mjr spoke on the first APNG security conference
together with the national university of singapore.  for this, please
email me personally.

[---]
Neil D. Quiogue <neil () iphil net>
IPhil Communications Network, Inc.
Other: neil () postgresql org