How did you get interested in computer security?
It started while I was attending Purdue University. I was introduced to the COAST (Computer Operations, Audit, and Security Technology) group (now known as CERIAS - The Center for Education and Research in Information Assurance and Security) run by Professor Eugene Spafford. I started attending the security lecture seminar and later did some work for the professor.
I transitioned from student to practitioner when I became a Unix sysadmin. I was responsible for a shell account and NFS server. Among the problems of keeping the machine running smoothly were people who pointed out various security problems by exploiting them, students misbehaving towards each other, and students causing trouble for other Internet connected systems.
Do you have any favourite security tools? Which are they?
My single favourite security tool is a whiteboard. Whether its looking for weak points in data flow or explaining public key cryptography, nothing seems to beat quick impromptu multi-colored diagrams. I have seen everything from stack smashing to entire ISP security architectures explained on its glossy surface. A picture can save you a thousand words of typing.
How long did it take you to write "Secure Shell in the Enterprise" and what was it like? Any major difficulties?
The writing for the first draft took about six months. The entire project from proposal to delivery to the publisher took about nine months. Publishing took another month.
The two major problems encountered were time and the act of writing itself. I was required to fulfill my normal job duties while writing. Mostly late nights and weekends were spent writing the book. Writing is the hardest thing that I have done. I generally wrote each paragraph at least three times before having something that I felt I could build on. My technical writer, Daniel Barnett, deserved much credit for keeping me motivated and on track.
Why did you choose to write this book?
I was asked. Based on the response to the articles Keith Watson and I wrote for the Sun BluePrints OnLine program, the blueprints group approached me to expand the material into a book. Having no actual idea how much work a book took, I agreed.
In your opinion, what are the most important things an administrator has to do in order to keep a network secure?
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.