have dabbled in information security since University, and have been
working full time in the field since 1996. I consider myself an
information security generalist, by have specialized in incident
architecture, security consulting, and security operations.
In my career I have been employed by Nortel Networks (originally Bell Northern Research) where I was designated a top talent. I spent time as a software developer, team leader, manager, technical architect, and senior security analyst. I also was employed as a security consultant in CGI's InfoSec Centre of Expertise in Ottawa, and more recently have returned to my roots in Saskatchwan working in Corporate Security at SaskTel.
I have a Bachelor of Science degree in Computer Science from the University of Regina. I hold a number of certifications including GIAC Security Essentials (GSEC) certification (honours), a GIAC Certified Firewall Analyst (GCFW) certification (honours), a GIAC Certified Incident Handler (GCIH) (honours) as well as a couple of certificates, GIAC Advanced Hacker Techniques (GHTQ) (honours), and GIAC Reverse Engineering Malware (GREM) (honours). I also hold an Information Systems Professional (I.S.P.) designation from the Canadian Institute of Information Processing Society (CIPS).
I am active with the SANS Institute, a non-profit organization which is one of the leading organizations for research, vendor neutral education, and training for information security and system administration professionals. I have had the pleasure of participating in numerous projects for SANS, including as a grader for the GCFW certification, an active member of the GCFW and GSEC advisory boards, the Top 20 Vulnerabilities project, the OpenSSH - A Survival Guide for Secure Shell , as a technical editor for GSEC certification course revisions, and as a local mentor for the GCFW certification.
I also operate a part-time business (Cerberus Security Technology) providing security expertise to home users, and small businesses, mostly in the area of setting up and securing DSL and cable based Internet connections. Lax home networking security is one of the biggest threats to the Internet. More and more home users have always-on high speed connections, and little to no expertise in how to prevent the compromise of their PC. These PCs are being attacked and compromised in record numbers and being used for nefarious purposes such as SPAM relays and zombies for distributed Denial of Service attacks. An investment of less than $100 dollars, and proper PC configuration can virtually eliminate that threat. See the home network paper below if you would like more information on this topic.
I am a life-long learner. I seem to have a need to understand how everything in the world works. I am continually enriching my mind through reading and hands-on experience. My perfect career would be one that challenges me to learn every day. So far in my working career I have been very lucky to work with organizations that are on the cutting-edge of their industries, and provide me with that challenge.
My resume is here: Rick Wanner Resume
Here are a number of papers I
written throughout the years. The majority of these are quick and dirty
documents I threw together to enlighten others. Either because I
was working on something, or because somebody asked me a question. The
remainder are on meaningful topics, or are
summaries of other articles. Either way if they are of use to you, you
welcome to them. Just remember that I retain all copyright to this
and that if you want to distribute or reprint any of this material you
Home Network Security - June 2004I'll tell you a secret...Your home PC may be contributing to the insecurity of the Internet! Truth is a large portion of the extraneous traffic on the Internet comes from infected PCs on always-on, high-speed links. These PCs are used to generate SPAM, scan other PCs, or sometimes they just sit there and spend all their days trying to find other machines to infect. With minimal effort, and minimal expense, home PCs can be secured so that external infection is highly unlikely. This paper describes the strategy I use to secure home computers for my clients.
Securing your Linksys Wireless Router WRT54G - July
The Linksys WRT54G Wireless Access point is a popular consumer grade 802.11g Wireless Access Point. The security abilities of the WRT54G are much better than in previous Linksys Wireless products.. This document describes how to use the integrated security features to harden the Linksys router to maximize the security potential of the device and minimize the risk of intrusion.
Securing your Linksys Wireless Router BEFW11S4 -
The Linksys BEFW11S4 Wireless Access point is a popular consumer grade 802.11b Wireless Access Point. The wireless security abilities of the BEFW11S4 are limited. This document describes how to use these limited security features to harden the Linksys router to maximize the security potential of the device and minimize the risk of intrusion. This document is somewhat dated, but still relevant.
Hardening Windows 2000 Server – August 2003
A hardening document for a Windows 2000 Server to be deployed as an Internet facing server. It assumes you want to run a small number of applications on the server and run stand-alone (i.e. not part of a domain).
Rule Organization For Stateful Inspection Firewalls – October 2003
Too often firewall administrators are cast into that role with their eyes closed and no real good way to get training or experience except trial by fire. This is a short document put together for an acquaintance whose company found themselves in exactly this situation. The document describes some possibilities for how firewall rules should be organized in a stateful inspection firewall. The content is largely an updated version of material from my GCFW practical, and some work I did in a previous job, with some verbiage to make it stand-alone.
SANS GREM Practical - May 2005This is the practical paper I wrote to fulfill one of the requirements for the SANS GIAC Reverse Engineering Malware certificate. The original version of this paper is available at http://www.giac.org/certified_professionals/practicals/grem/0032.php.
SANS GSEC Practical - May 2004
This is the
paper I wrote to fulfill one of the requirements
for the SANS GIAC Security Essentials certification. The original
version of this paper is available at http://www.giac.org/certified_professionals/practicals/gsec/3837.php.
SANS GCFW Practical - May 2001
This is the honors practical paper I wrote to fulfill one of the requirements for the SANS GIAC Certified Firewall Analyst certification. The original version of this paper is available at http://www.giac.org/certified_professionals/practicals/gcfw/0135.php.
The “Value” of Certification – August 2003 (Updated
Originally put together for a Birds of a Feather (BoF) at SAN Parliament Hill 2003, this is a slide deck containing talking points for a moderated discussion on the value of certifications. It is mostly quotes related to certification gathered from all over consolidated into one place. This BoF was done at SANS Parliament Hill 2003, and SANS CDI East 2003.
SANS Institute (SysAdmin, Audit, Network, Security) – http://www.sans.org/
SANS is not
only the best source
hands down for Information Security training (I am biased), but their
is one of the best sources of Information Security reference material
anywhere. The also offer several
free email based e-zines on various security topics.
SANS Reading Room – http://rr.sans.org/
collection of white papers and
research papers written by SANS students.
Great for beginners to Information Security, but I use it as a
source as well.
Symantec’s Virus Hoax Site - http://securityresponse.symantec.com/avcenter/hoax.html
In my mind the worst kind of virus is the email virus hoax. Please help to stomp them out.
All of these are Information Security and Network Security oriented, and provide free subscriptions for qualifying candidates. They also provide some articles and other content and in some case email based e-zines from their websites.
Network Magazine – http://www.networkmagazine.com
Network Computing Magazine - http://www.nwc.com/
In mythology Cerberus (or Cyberus) is the three-headed hound that guards the gates to the underworld. . Of the three heads, one head is a lion, the second a dog, the third a wolf. Cerberus also has lion's claws, a serpents tail and a mane of snakes. A fiercesome creature indeed. Cerberus was eventually captured by Hercules (or Heracles) in his twelfth and final labour and taken to the world above. Eventually Cerberus escaped and returned to the underworld.
Greeks and Romans used to placed a coin and a small cake in the hands of their deceased. The coin was meant as payment for Charon who ferried the souls across the river Styx, while the cake was used to pacify Cerberus.
How does this relate to InfoSec? Cerberus was one of the first security devices. But as awesome and fierce as he was, he could be pacified and was eventually defeated.
This is an appropriate lesson for InfoSec. Information security is not about technology…the best technology can be thwarted or defeated. Information Security is a process of which technology is one small part.
For further information on Cerberus (the mythological monster) please refer to http://monsters.monstrous.com/cerberus.htm.