Sean Convery

[Book] [Research] [Papers] [Talks] [Contact Details] [Blog]


Book


"Network Security Architectures" (Cisco Press, 2004) became available back in April of 2004. My goal was to share my experiences gained while working on SAFE and consulting with customers, in a way that allows the reader to design a security system suited to the specific needs of their organization. There is very little in the way of product specific or introductory information. Instead it focuses on policy considerations, design considerations, best practices, sample designs, and case studies. If you get a chance to check out the book, I hope you enjoy the book and find it helpful in your network security endeavors. Reviews on Amazon have been positive and a review posted to ISN was also commendatory. In February of 2005 the book was favorably reviewed in ACM's magazine "Queue."


  • Brief Table of Contents
  • Book Web Links (by Chapter). This is to save time if you want to check out a link. Some of the URLs are really long so I thought posting them all to the web might be useful. Plus URLs are inclined to change, so I'll do a pass from time to time to check if links have changed.
  • Sample Chapter. This is my favorite chapter (Chapter 6: General Design Considerations) of the book and details a lot of the specific best practices that should feed into all sorts of secure network designs. Take a look at the brief table of contents to understand where the chapter fits in the flow of the book.
  • Book Errata. Any discovered errata will be posted here.
  • Attack Tables and Formulas from Chapter 3-6. This is for folks who want to insert their own values into the same tables I used for the threat and technology values used in the book. If you come up with any interesting results, feel free to drop me a line. I'd be curious to see how you rate the categories based on the technologies your organization uses and the threats you experience.

    Research

  • IPv6 and IPv4 Threat Comparison and Best-Practice Evaluation, March 2004, S. Convery, D. Miller
  • IPv6 Security Page (updated January 2007)
  • BGP Vulnerability Testing: Separating Fact from FUD v 1.1, July 2003 (Updated April 2004) Black Hat USA, S. Convery, M. Franz
  • BGP Testing Tools, July 2003 Black Hat USA, Cisco CIAG
  • BGP Vulnerability Testing: Separating Fact from FUD v 1.1, June 2003 (updated April 2004) NANOG 28, S. Convery, M. Franz
  • An Attack Tree for the Border Gateway Protocol, January 2003 IETF-Draft (Accepted as WG item Feb 2004), S. Convery, D. Cook, M. Franz

    Papers

  • Authenticated Network Architecture, Summer 2008, S. Convery, Identity Engines
  • Roles and Regulations--Taking Back Control of the Network, Fall 2007, S. Convery, ACUTA Journal of Communications Technology in Higher Education
  • Network Authentication, Authorization, and Accounting: Part Two - Protocols, Applications, and the Future of AAA, June 2007, S. Convery, The Internet Protocol Journal [pdf]
  • Network Authentication, Authorization, and Accounting: Part One - Concepts, Elements, and Approaches, March 2007, S. Convery, The Internet Protocol Journal [pdf]
  • SAFE: Wireless LAN Security in Depth, December 2001, S. Convery, D. Miller
  • SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks, June 2001, S. Convery, R. Saville
  • SAFE: A Security Blueprint for Enterprise Networks, November 2000, S. Convery, B. Trudel

    Talks

  • User Directories and Campus Network Authentcation - A Wireless Case Study, December 2007, S. Convery, K. Jones, League for Innovation CIT 2007
  • Identity Management for Networks, April 2007, S. Convery, Network Applications Consortium
  • Identity Management for Networks, April 2007, S. Convery, New York Metropolitan ISSA Chapter
  • RADIUS Grows Up: Identity Management for Networks, March 2007, S. Convery, Secure IT Conference 2007
  • Identity-centric NAC, September 2006, S. Convery, New York Tech-Security Conference
  • 802.1X: An IT Rorschach Test, March 2006, S. Convery, Secure IT Conference 2006 [notes]
  • IPv6 Dual Stack Security Considerations, October 2004, D. Miller, S. Convery, Internet2 Fall 2004 IPv6 Security Panel
  • Secure Enterprise Design, June 2004, S. Convery, R. Rice, Networkers 2004
  • IPv6 Security Threats, June 2004, S. Convery, D. Miller, Networkers 2004
  • IPv6 and IPv4 Threat Comparison, May 2004 NANOG 31, D. Miller, S. Convery
  • Understanding and Preventing Layer 2 Attacks, June 2003, S. Convery, Networkers 2003
  • Hacking Layer 2: Fun with Ethernet Switches, August 2002, S. Convery, Black Hat USA 2002 [rm]
  • Design Principles for Secure Enterprise Networks: Part I (SEC-200), June 2002, S. Convery, R. Rice, Networkers 2002
  • Design Principles for Secure Enterprise Networks: Part II (SEC-201), June 2002, S. Convery, R. Rice, Networkers 2002
  • Layer 2 Attacks and their Mitigation (SEC-202), June 2002, S. Convery, Networkers 2002
  • Deploying Secure Enterprise Networks: Part I (SEC-212), June 2001, S. Convery, R. Rice, Networkers 2001
  • Deploying Secure Enterprise Networks: Part II (SEC-213), June 2001, S. Convery, R. Rice, Networkers 2001
  • Designing Secure Networks (2502), June 2000, S. Convery Networkers 2000

    Contact Details

    Sean Convery

    Email: sconvery@employees.org