S 3.43 Training the security gateway administrators

Initiation responsibility: Top Management, IT Security Officer

Implementation responsibility: IT Security Officer, Head of IT

A security gateway is a central element for the protection of a network against external threats. That is why it is essential to ensure that the security gateway administrators have received adequate training so that they are able to optimally use the offered functions and security features.

The training courses must impart sufficient knowledge of the procedures, tools and technologies necessary to configure and operate the components of the security gateway. This also applies to manufacturer-specific aspects of individual products used as components of the security gateway. Regarding the requirements for the training courses on operating systems of computers used as components of the security gateway, as well as regarding active network components (particularly routers part of a security gateway as packet filters), the information in the respective modules of the operating systems and/or in module S 3.2 Routers and switches should be taken into consideration.

In general, the corresponding training courses should include the following elements:

• Basic principles and concepts of administration, knowledge of the commands for the configuration, operation, maintenance, and troubleshooting of each component of the security gateway. A training course should contain a well-balanced combination of theory and practical applications.
• Basic principles of information security, particularly precautionary measures, reaction, analysis, and incident handling (for example, see also module S 1.8 Handling security incidents)
• Attack scenarios (e.g. denial-of-service attacks, ARP spoofing, IP spoofing, DNS spoofing, viruses, and other malware)
• Basic principles of network structures
• ISO/OSI layer model
• Basic principles of IP and the related protocols (IP addressing, subnetting, IP, ICMP, TCP, UDP) and of the different options for filtering based on the header data
• Basic principles of routing, static and dynamic routing, basic principles of the routing protocols used and their security aspects
• Basic principles of the most important application layer protocols used (for example SMTP, HTTP, and HTTPS, Secure Shell, SMB/CIFS) and of the different options for filtering based on protocol commands or command parameters
• Basic principles regarding the topic Virtual Private Networks (VPNs)
• Basic principles regarding the topic Intrusion Detection/Intrusion Prevention (IDS/IPS)
• Basic principles regarding the handling of encrypted data (encryption using HTTPS or IPSec, for example) and options for handling encrypted data
• Operation
  • management of the devices, tools
  • logging
  • securing and administration of configuration data
• Troubleshooting
  • sources of error and their causes
  • measurement and analysis tools, tools for automatically checking the individual components of the security gateway for proper function
  • test strategies for troubleshooting
  • requirements for secure network installations
• Relevant legal aspects such as data protection, legal aspects of network connection (for example, the Remote Services Statute in Germany) and similar regulations

Even when the tasks are distributed among a group of administrators in such a way that each administrator only has a certain area of responsibility, it is essential that all administrators possess general knowledge of all tasks. The different main focuses can then be built up and expanded starting from this general knowledge. For many products, the manufacturer or specialised providers offer a wide range of individual, in-depth seminars and sequences of seminars. The offer of qualified training courses is also a criterion that should be taken into account when deciding which of the manufacturers will be used.

When purchasing IT components, a budget must be planned for the training courses and a training plan for administrators must be created. The contents of a training course must contain the following items:

Review questions:

• Are regular training courses conducted for the security gateway administrators?
• Do the contents of the training courses also cover the manufacturer-specific particularities, along with the general information?