home news blogs forums events research newsletter whitepapers careers


Network Computing Network Computing Powered by InformationWeek Business Technology Network

IMMERSE YOURSELF:

SOA

  |

Data Center

  |

802.11n

  |

Data Privacy

  |		 APO  |

Virtualization

  |

NAC

  |

Security

  |

Network Mgmt

  |

Enterprise Apps

  |

Storage & Servers



Rik Farrow Biography Page

I grew up in Maryland and attended the University at the College Park campus. I enjoyed psychology, physics, and computer science courses almost as much as the anti-Vietnam war demonstrations. The occasional riots taught me more about group behavior than any psych course, and marketing people who weren't there really missed something.

In the late seventies, after two consecutive winters featuring weeks of freezing rain, I moved to San Francisco. There I lived in a commune, worked for North Star Computer, and built my first computer from a kit. Later, I worked as a consultant, getting exposed to UNIX by working with Dual Systems, an early (System III) multiuser (four serial ports) UNIX system vendor. By 1984, I was running UNIX at home.

Tiring of the city's noise and lack of parking, I settled in Marin county, with a creek and a hot tub in the back yard. There I met my wife, Rose Moon, and worked with Becca Thomas on my first book, Unix Administration Guide to System V (Prentice-Hall, 1989). Besides the hot tub, Marin offered many miles of bicycle trails, which forced me to replace my racing bike with a mountain bike. Later, I wrote Unix System Security (Addison-Wesley, 1991).

In 1991, realizing that California was a bit crowded, I moved my family to Sedona, in Northern Arizona, where my office looks out over the red rocks and the Mogollon Rim to the North. I still enjoy mountain biking (try Mountain Bike Heaven in Sedona for info and rentals), flying small aircraft, and peace and quiet when not on the road teaching or consulting.

Rik Farrow's On-site Internet and Unix Security Courses

Rik Farrow is available as an on-site instructor for Internet and UNIX security, particularly in the Western United States. Farrow has been teaching courses in UNIX security since 1987, and has presented courses for UniForum, Usenix, Interex (HP users), UNIX Expo, Danish, Norwegian, and Swedish UNIX user groups, Europen, NSA, US West, the IRS, the US Courts, and US Dept. of Agriculture. He is the author of UNIX System Security (Addison-Wesley, 1991, ISBN XXX). He has also been Technical Editor of UNIXWorld's Open Computing magazine, a McGraw-Hill publication.

Farrow can provide either a short (two hour) management overview of the Internet with a focus on security issues, or a one to three day course on Internet and UNIX security. The Internet and UNIX security course provides in-depth information about improving the security of UNIX systems, auditing UNIX system security, network security, and information about setting up firewalls.

Mr. Farrow is also available for consulting on the security of Internet connections.

The Internet and Security

Management Overview

The Internet has been around in some form for over twenty years, but has only gained prominence recently. What was once the domain of researchers has become a testing ground for the National Information Infrastructure, with businesses starting to dominate Internet use. The current administration has encouraged agencies of the U.S. Government to connect to the Internet, and to provide on-line services today.

With an organizational structure best described as an anarchy, the Internet can most easily be understood by examining its overall structure and the basis of its communication principles. As a low cost, international networking infrastructure, the Internet has become as attractive to many businesses as it already is to hackers. It costs no more to communicate with a local university than it does with a business overseas.

This high-level presentation examines both the promise and the threat of Internet connectivity, with a focus on the ``dark side.'' When the Internet was a research network, hackers were a minor nuisance. But that is no longer true. Technologies for making Internet connectivity safer and more secure are available, and groups are working on the next generation of the Internet, which will include much better security.

The presentation includes:

  • Organization of the Internet
  • Practical uses
  • Hackers and their attacks
  • Defending Internet connections
  • Authentication and encryption
  • The future of Internet security

UNIX and Internet Security

This course can be presented in two days, or easily take place over three days, depending on the level of the attendees. Designed for the UNIX-literate, the course proceeds from basic UNIX security (file permissions, ownership, passwords, set-user-id), to defending entire networks with firewalls. Tools for securing and testing UNIX systems and TCP/IP networks, which are freely available from the Internet, are emphasized. Commercial security software is also listed and described.

Course attendees will leave this course not only with a better understanding of security issues, but also with an action list. The tools described in the course provide a means for improving site security, and for securely connecting a network to the Internet.

Topics include:

  • Basic UNIX security
  • Recent attack strategies
  • Security within local networks
  • Identifying/testing for dangerous network services
  • Network security policy
  • Auditing UNIX systems with COPS, Tripwire and other tools
  • TCP/IP services and protecting individual hosts with wrappers
  • Firewalls--screening routers, bastion hosts, proxy and application servers
  • Hiding internal networks
  • Responding to attacks

Advanced UNIX and TCP/IP Security

Course Outline:

Introduction
Motivation and Network Security Policy
Network probes
Using DNS to probe networks
Using software to probe addresses
Network-based attacks
Gaining entry using network utilities
Using sendmail to gain entry
Recent exploits (NFS, Binmail, Rootkit)
Mitnik's attacks, SATAN
Hardening UNIX systems to prevent successful attacks
Login accounts and the passwd file
Restricted accounts
User and system file permissions and ownership
Setting up and Using COPS and Tripwire
Securing Individual Systems Network Configuration
Configuring /etc/inetd.conf
Setting up and using TCP Wrappers
Portmapper replacement
Detecting intruders and watching logs
Understanding TCP/IP Protocols
Internet Protocols and Network Layer
IP layer and related security issues
The transport layer and sequence number attack
Application layer protocols and problems
The future of TCP/IP
Firewalls
Firewall designs
Using routers in firewalls
Other packet filtering solutions
Bastion hosts, application and proxy servers
Monitoring tools, getting help
Encryption and authentication
References
Appendix
A: Example of simple TIS proxy server
Rik Farrow / Internet Security Consultant / +1 520 282 0242 (MST) / rik@spirit.com
Print This Page





Ready to take that job and shove it?

Function:

Keyword(s):

State:
SPONSOR
RECENT JOB POSTINGS
CAREER NEWS
10 Search Engines You Don't Know About
Go beyond Google and get vertical. These specialized search sites will help you find the business information you need -- fast.

Yahoo Profits Fall 23%, Cuts 1,000 Jobs
Ari Balogh was named to the post of chief technology officer as the companys for a "realignment" of employees.

More articles from our career center










InformationWeek U.S. IT Salary Survey 2008
Salaries for business technology professionals are falling. Here's what you need to know in order to make good hiring decisions and personal career choices. Download Today
 
ROLLING RIGHT ALONG
Follow key Network Computing Reviews from conception to completion. This Week: Holistic APM.



Network Computing Reports Emerging Enterprise Podcast Series: Secrets to Success








TechSearch
Microsite of the Week


Powerful Information at Your Fingertips



InformationWeek Business Technology Network
InformationWeekInformationWeek 500InformationWeek 500 ConferenceInformationWeek AnalyticsInformationWeek CIO
InformationWeek EventsInformationWeek ReportsInformationWeek MagazinebMightyByte and SwitchDark Reading
Digital LibraryIntelligent EnterpriseInternet EvolutionNetwork ComputingNo Jitter
space
Techweb Events Network
InteropVoiceConWeb 2.0 ExpoWeb 2.0 SummitEnterprise 2.0 ConferenceMobile Business ExpoSoftware ConferenceCSI - Computer Security Institute
Black HatGTECEnergy CampMashup CampStartup Camp
space
Light Reading Communications Network
Light ReadingLight Reading EuropeUnstrungLight Reading's Cable Digital NewsConstantinopleInternet Evolution
Heavy ReadingLight Reading Live!Light Reading InsiderEthernet ExpoOptical ExpoTeleco TVTower Technology Summit
space
Financial Technology Network
Advanced TradingBank Systems & TechnologyInsurance & TechnologyWall Street & TechnologyAccelerating Wall StreetBank Systems & Technology Executive SummitBuyside Trading SummitInsurance & Technology Executive Summit
space
Microsoft Technology Network
MSDN MagazineTechNetThe Architecture Journal
space
App Infrastructure   |   Messaging & Collaboration   |   Network & Systems Mgmt   |   Network Infrastructure   |   Security  |   Storage & Servers   |   Wireless   |   Enterprise Apps
About Us  |  Contact Us  |  Site Map  |  Technology Marketing Solutions  |  Advertising Contacts  |   Briefing Centers
Copyright © 2008  United Business Media LLC  |  Privacy Statement  |  Terms of Service  |  Your California Privacy Rights