Five steps to becoming the local security guru
5步成为本地安全导师
《endurer注:guru:n.古鲁(指印度教等宗教的宗师或领袖),领袖》
Blogger: Chad Perrin
博客:Chad Perrin
翻译:endurer
Category: Security, Security Solutions
分类:安全,安全解决方案
Tags: Security, It, Chad Perrin
标签:安全,IT,Chad Perrin
英文出处:http://blogs.techrepublic.com.com/security/?p=256&tag=nl.e101
It’s not difficult to become the local security expert — the guy to whom others look when they need network resources secured, the guy they point to when they want to source someone in their attempts to reform security policy, and the guy organizations like TechRepublic ask to write about security. In other words, barring perhaps the ability to compose a well-written essay without grammatical and spelling errors, it’s not too difficult to be me. There are really only five steps to it.
成为本地安全专家-就是其他人需要网络资源安全时要找的人,他们在试图改善安全策略时所指望的人,像TechRepublic这样的组织要求其写与安全有关的东东的人-并不困难。换句话说,除了写无语法和拼写错误的短文的能力外,要成为我这样的人并不是非常困难。实际就只有5步:
《endurer注:too...to do...:如此...以致于不能》
1. Get outside of your comfort zone. Use software that isn’t familiar to you. Learn about new technologies. I don’t mean you should try a different antivirus solution — I mean you should use something fundamentally different.
1. 超越你熟悉的领域。使用你不熟悉的软件,学习新技术。我不是说你应该尝试不同的抗病毒解决方案-我是说你应该使用一些有着根本区别的东东。
《endurer注:1。Get outside of:吃(喝)
2。comfort zone:(气候、温度)宜人的地区》
If you’re an MCSE who’s done nothing but manage Active Directory domains professionally, set up a network at home using Linux and FreeBSD systems. If you’re a multi-OS geek who has Linux, Windows, and MacOS X desktops at home — and maybe even an old BeOS or Amiga system — take a shot at setting up a backup server and an automated logging server, and then go on to build a firewall and router from scratch.
如果你是专门管理活动目录域的MCSE,在家里使用Linux 和 FreeBSD 系统,甚至更老的BeOS或Amiga系统,建立一个网络,试着去安装一个后备服务器和一个自动登录服务器,然后从零开始建立防火墙和路由器。
《endurer注:1。take a shot at sth.:试着去做…》
I’ve done much of that already, but I’ve got my eye on Plan 9 as a new operating system challenge. Just as I have, if you get out of your comfort zone and learn about different technologies, you’ll start to learn things about the technologies you already use when you find your old assumptions about how things work don’t hold up to scrutiny.
我已经做了很多,但我已将Plam 9视为新操作系统的挑战。像我这样,如果你越出你熟悉的领域,学习不同技术,当你发现你原先的想法不堪一击时,你将开始学习与你已经使用的技术相关的东东。
《endurer注:1。got the eye:被看着(被盯着)
2。got my eye:吸引了我的注意》
2. Learn some programming. Even just a little bit will help you understand more about how software architecture plays a major role in overall system security. More than a little bit will teach you even more about it.
2. 学习一些编程。就是一丁点也将帮助你更能理解软件体系结构如何在全体系统安全中扮演主要角色。学得越多,受益越多。
When you learn how to write drivers for a given operating system, for instance, you’ll learn something about the security weaknesses of that OS. When you learn how to write code that interacts with the file system, you’ll learn something about how file system design and OS privilege separation matters where the rubber meets the road, so to speak.
例如,当你学习如何为给定操作系统写驱动程序时,你将学到一些与操作系统的安全缺陷相关的东东。当你学习如何利用文件系统接口写代码时,你将学到如何设计文件系统和操作系统特权分离,可以这么说,橡胶遇到道路。
《endurer注:1。so to speak:可谓(好比,如同)
2。no matter where:无论何处》
3. Read voraciously. Join some mailing lists, for a start. Good lists to join include open source community lists, programming lists, and the Security-Basics list at SecurityFocus.
3. 多读。加入一些邮件列表,以此为启点。要加入的好的列表包括开源社区列表,编程列表和安全焦点的安全概要列表。
That’s for learning principles of security. To keep up with what’s shaking in the security realm, so you’re always on top of the latest security news, almost nothing can beat the BugTraq list. While you’re at it, read what other security experts such as have to say.
这是学习安全原则。要跟上要安全领域变化,这样你总位于最新安全新闻顶端,几乎没有什么能胜过BugTraq列表。在这儿,阅读其它安全专家,如Bruce Schneier,不得不说的内容。
《endurer注:1。keep up with:跟上
2。BugTraq是由SecurityFocus公司管理的Internet邮件列表,现在归Symantec公司所有。
3。Bruce Schneier是Counterpane Systems公司的总裁,该公司是一个密码学和计算机安全方面的专业咨询公司。并在主要的密码学杂志上发表了数十篇论文,他是《Dr Dobb's Journal》责任编辑之一,同时担任《Computer and communications Security Reviews》的编辑,是国际密码研究协会的理事会员、电子隐私信息中心的顾问团成员和新安全范例工作组程序委员会成员。此外他还经常举办密码学、计算机安全和隐私保护方面的学术讲座。 》
Get your hands on some good books about security and read them. Security “cookbooks” are surprisingly useful, and a keen mind can grow to understand quite a lot about security principles from the “recipes” in these books by considering why and how they work.
把一些关于安全的好书弄到手并阅读。安全“食谱” 惊人地派用场,一个敏锐的头脑通过思考他们为什么和如何工作,能够从这些“秘诀”中逐渐理解了不少安全原则。
《endurer注:1。get one's hands on:把...弄到手
2。keen mind:敏锐的头脑》
4. Check your assumptions at the door. Secrecy does not equal security, you don’t always get what you pay for, and security features don’t always make you more secure. I’m not saying you should ignore everything you think you know — just double-check it, triple-check it, and always be open to the idea that what you think you know may be wrong.
4.在门口检查你的假设。保密不等于安全,你不并总是一分钱一分货,而且安全特性不总是使你更安心。我不是说你要忽略你思考和你知道的每件事——只是双重检查之,三重检查之,并且开放接受你所想和你所知道的可能是错误的理念。
《endurer注:1。You get what you pay for.:一分钱一分货》
5. Finally, think for yourself. Don’t just take someone’s word for it when you’re told something about security. Think it through, consider it carefully, and verify it for yourself, if at all possible. Consider what might be missing from what you’re told, and consider the source. Everyone has an agenda, so you need to consider the goals of your sources. You also need to be aware of your own agendas, so you can avoid the trap of confirmation bias.
5.最后,独立思考。当你被告知一些与安全相关的东东时不要立即相信。尽可能自己深入思考,仔细推敲,并检验。考虑你听到的东东有什么可能被遗漏了,并考虑来源。每个人都有议事日程,所以你需要考虑你的来源的目标。你也需要注意你自己的议事日程,这样可以避开的陷阱。
《endurer注:1。think for yourself:自己作出决定(独立思考,有主见)
2。take one's word for it:相信了…的话
3。missing from:在...中缺少的》
Here’s a bonus, a sixth item to add to your list: Stay tuned. I’ll be providing a lot more for the would-be security guru to think about right here in the TechRepublic IT Security blog in the near future.
这是花红,第六项添加到你的列表:请继续看。我将为希望成为安全导师者提供更多,就在这里,在近期的TechRepublic IT 安全博客。