Earlier this year, Air Canada accused WestJet Airlines Ltd. of corporate espionage, alleging that WestJet used an Air Canada employee intranet. WestJet retorted with a lawsuit of its own, charging Air Canada investigators with unlawful seizure of documents from the trash of a now former WestJet executive.
Frowns probably furrowed the brows of IT managers on both sides.
Veteran network trainer Tom Thomas examines such concerns in book Network Security: First Step, published by Cisco Press. Thomas warns that industrial espionage is widespread, describes how hackers break into information networks and explains how to deal with such threats.
Written in plain language, the book tackles many other aspects of network security, including policies, protocols, routers, virtual private networking and wireless. Readers look over a hacker’s shoulder as Thomas explains the cyber crook’s business, including the tools that electronic evildoers use. These insights may be the most valuable in the book.
For the unconvinced, Thomas gives plenty of reasons why network security must be a top priority. For example, he starts the chapter on wireless security with a hypothetical story of a company whose information was stolen after a tech worker logged into the corporate network from a wireless hot spot.
Despite this introduction, Thomas doesn’t discourage wireless networking. He explains the strengths and limitations of wired equivalent privacy (WEP), various EAP methods, and other tools and practices.
Thomas encourages the development of full security policies in Chapter 2. He covers many facets of his own company’s security strategies and ends the chapter with references that IT managers can use to build their own policies.
The last chapter is an appropriate bookend. “”Tools of the Trade”” lists the basics of security assessments and testing products (although Thomas also sprinkles these throughout the book).
The book’s biggest fans will likely be members of smaller IT shops that don’t have separate security departments. Others will find specific chapters to be of use. One warning: This book covers many topics without going into much depth — hence the words “”first step”” in the title. Thomas’s “”second steps”” include references to Web sites, books, and the movie “”Sneakers.””
REVIEW QUESTIONS NOT NECESSARY
It’s also being marketed as a textbook. Each chapter offers an explanations of security terms, a glossary and review questions and answers. The glossary is fine, but Thomas overshoots the mark with the review questions. IT professionals will use the book as a reference, while teachers already have lots of homework material ready.
More case studies would have been a better use of space. In addition, Thomas could have written more about non-electronic security threats — such as employees taking printouts home and putting them in the recycling bin. A paper shredder probably would have helped the WestJet executive keep his job.
At least Thomas points out that information travels on highways other than the electronic ones IT managers monitor. That and many other useful concepts make this book a great addition to any networking professional’s library.