Re: Training advice

[Pat Wilson <paw () PAWILSON NET>]

I'm going to agree with folks who're saying that you need to step
back a minute and prioritize -
first of all, are there policies in place regarding security?  Is
your central IT group strong?
Is the computing model at your school more centralized or more
distributed?  If it's centralized,
do those sysadmins have a reasonable level of consciousness about
security, or is security
something that someone else does?  If the model is that departments
handle lots of their
computing needs, are _those_ sysadmins reasonably security-clued?

How concerned is the school about their level of security exposure,
and have there already
been problems?  Is this a brand new position, and if so, what
prompted its creation?

There are _lots_ of technical ways to monitor or bolster security,
but without a clear road
map of what you're trying to accomplish, you might spend too much
time working on the
solution to 10% of your problems, and miss the bigger stuff.  The
temptation is to wade right
in and *do* something, but in the long run, it's better to understand
what you're dealing with
and have the policies in place to help other folks (like the
sysadmins) make sure they're
doing the Right Thing first, IMO.  Snort is fun, and can be useful,
but it can also turn into a
huge time sync.

Look at the SANS site, and the EDUCAUSE Security and Policy site.  As
for training, I'd
suggest looking for venues like the recent EDUCAUSE Security Workshop
or one of the
SANS ".edu" courses (which happen from time to time at Universities,
are reasonably
priced), or go farther afield and consider the Usenix LISA conference
(in Dallas this year),
which generally has a good concentration of security topics and a
large .edu attendee pool.

Good luck, and please don't hesitate to contact me directly if I can
help - I was the first
Network Security Manager at UCSD, and know what it's like to walk
into chaos.

--paw

Pat WIlson
paw () pawilson net

On Jun 18, 2007, at 12:01 PM, Vanderbilt, Teresa wrote:

> I recently stepped into the title of Security Manager. We're a
> small school and this is a new position for us. I'd only maintained
> the servers, switches and firewalls before. I have no one to mentor
> me and very little budget for training. I can spend approximately
> $3-5K on formal training this year. I was thinking of a good online
> class so all the money goes toward training rather than hotels and
> travel. Until now, everything I've learned has been mostly on my
> own; although I recently attended Pentration Testing Training. What
> other training, both formal and informal, would benefit me and my
> school the most? I've been thinking of CCNA and I would like to
> learn how to use Snort since it's free. Will CCNA be beneficial or
> should I buy a good beginners book on Snort. Am I way off the mark
> for what I need to study? I need to get up to speed quickly and
> can't afford to guess at what I need. Please help.
>
> Thanks in advance,
> Teresa Vanderbilt
> University of the Ozarks