Important is really understating it. I would say it is near critical. I often like to compare a network analyst working on a computer network to a doctor working on a human body. Regardless of whether you are seeing a cardiac, neurological, or orthopedic specialist, all of these doctors start with basic measurements of your overall well being. Where as a doctor might complete a blood culture, a network analyst will view a protocol hierarchy; where a doctor would complete a full medical history to get baseline of the patients overall health, a network analyst will perform a few packet captures to get a baseline of the networks overall health. The idea here is that you have to know what makes something tick before you can focus in on a specific problem. Visualizing a problem on a network isn't as easy as capturing a couple of packets and looking for the word "ERROR" in big bold print. You have to know what things look like when they are working properly to find the small subtleties that make the difference between a network in optimal health and one that creeps along at an alarming pace. The ONLY way to do this effectively is to be able to interpret the packets that are flowing across the wire.
Based on your experience, what advice would you give to users that are considering deploying wireless networks?
There are two big mistakes I see wireless network administrators make when they deploy a new wireless network.
The first of these is not planning for the future. The wireless administrator will deploy hundreds of access points and entirely blanket a company so that it's employees can have wireless access. This works fine for a while, but what happens when this is a public service entity, such as a hospital or government location, and management decides they want to offer a separate point of wireless connectivity (a hotspot) for non-employees to connect to? In lots of cases, the wireless administrator did not purchase his wireless equipment with this type of growth in mind, and therefore has to bare a lot of expense to upgrade his hardware.
The second and MOST deadly mistake I see made is delaying security. Typically, management wants to implement a wireless deployment as fast as possible. So fast, that they don't want to deal with deploying a proper security configuration. If I had a dollar for every time I've heard someone say, "Let's just throw some standard WEP security on it until its up and running for a while and then we can add more security later." Unfortunately, later usually never comes, and by the time it really matters it may be too late. If you are in an organization that transmits sensitive data over a wireless link, look into security now rather than later. Implementing 802.1x, WPA, Certificate Services, etc may take some initial legwork in the beginning of a deployment but it may very well be your saving grace further on down the road.
How long did it take you to write "Practical Packet Analysis" and what was it like? Any major difficulties?
Start to finish, writing PPA took about eight months. This was my first in print book and it really was a lot of work. I used to think that I wrote to teach people, but I've come to learn that I probably learn just as much writing about technical topics as people do reading them. The guys at No Starch were absolutely fantastic to work with and they let me work at my pace and do things my way, which made it that much better for a first time writer. It was a really fun project and I met a lot of really great people in the Wireshark community while doing it. I can't wait to write a follow up to it.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.