Sales are up, the channel is buzzing, and you are busy catering to whom? Often we tend to forget about ourselves because we are full of activity just keeping up with emerging trends, new products, and decisions what next step to take as a reseller. If you are in this business, you are an entrepreneur who likes working with innovative technology. Thoughts about your next big investment should have your name first on the list.

Invest in your future...the smart way
I first met Mel when I entered his store located on one of the main drags through town needing to purchase computer parts. Shelves were loaded with all sorts of computer paraphernalia, from cases, routers, and memory to fans, wires, cables—you name it, he had it. Mel's hardware sales were going steady, and he had three technicians working for him. Soon, Mel and I were discussing offering a range of services to small businesses, including networking and VPN technology.

According to the Infonetics Research quarterly worldwide market share and forecast service (www.infonetics.com), annual sales in VPN and firewall hardware revenue are projected to grow 16% by the third quarter of 2005. With 44% of the VPN and firewall hardware revenue coming from North America, Cisco remains the overall VPN and firewall appliance leader trailed by Checkpoint and Juniper respectively.

Not surprisingly, the network security market has been one of the few growing areas in the last two years. As a reseller to small businesses, you have probably noticed your customers growing increasingly concerned about security. Due to the attention given to HIPAA compliance and Sarbanes-Oxley (SOX), more small businesses have started to pay attention to security.

Spam, viruses, worms, and other nuisances are being taken more serious by small businesses, and the general mentality towards spending money on prevention technologies has started to change. News about the recent Crowt.a worm, which used subject lines, message content, and attachment names from CNN's Web site to infect the reader's PC with a payload-carrying component that slipped in a keystroke logging backdoor, drove home the point that everyone is at risk. With so much hoopla about Internet security in the news, selling a firewall appliance should be rather simple.

Firewall appliance vendors highlight wireless capability, bandwidth, VPN sessions, concurrent connections, and a myriad of other features. Tim Leow, a rep from Network Engines, explains that the benefits of purchasing an already hardened firewall appliance with a built-in patch agent far outweigh the price. The buyer gets both the firewall features, automatic updates on the operating system, and Network Engines Web server updates (NEWS). After the initial setup, he should never have to think about it.

Out-of-the-box setup wizards and templates greatly simplify setting up network security policies and procedures. The possibility of misconfiguring the firewall, which accounts for a large number of security breaches, is virtually eliminated for the do-it-yourselfer or the less experienced.

After the initial hardware sale, you may ask yourself how much of the annual $500 maintenance fee is going into your pocket. What is your margin of profit and involvement with this client over the next three years with a remotely managed, auto updating appliance?

Another question would be how secure is this firewall realistically? Using wizards and templates for the initial setup will not guarantee that you missed a check box.

When was the last time you tested your solutions by trying to hack your own implementation? Have you considered that you could be held liable for the security implementation at the carwash?

The problem now with most firewall appliances is that they are stateful packet filters inspecting the network layer of the Open System Interconnect (OSI) model, but more sophisticated hackers target the application layer. Figure 1 shows the OSI Model with layers 1 through 7 and the respective filtering technologies.

Let's take a closer look at packet filtering. Operating at layer 3, the static packet filter looks at packets traversing the network, parsing specific fields within the packet's IP and protocol headers and then compares the result with a set of predefined rules. These rules dictate which packets are passed or dropped based on the source/destination IP, source/destination port, and application or protocol information. The filter does not know the difference between a real and a forged address.

A more advanced version, the dynamic (stateful) packet filter, monitors the state of active connections and uses that information to determine which packets can traverse the firewall. The dynamic packet filter is aware of the difference between a new and already established connection, and it keeps this information in a kernel-based rule table. This gives the dynamic packet filter a much tighter security bearing than the static packet filter.

Neither packet filter, static nor dynamic, would be able to recognize a malicious code using a common port number for an authorized application. If someone were to substitute the actual source address on a malicious packet with the source address of a trusted host, the packet filter would let the code pass through the firewall.

Circuit layer filters operate at the transport layer (layer 4) and are found on CheckPoint Firewall-1/VPN-1, Cisco PIX, and NetScreen. These filters can restrict access by source and destination address and port number. They restrict by host machines, not the user, and can therefore prohibit access of specific protocols to specific host machines.

Application layer filtering inspects the application layer protocol and connection state of traffic crossing the firewall. The filter runs proxies that examines and filters individual packets and verifies the contents of each packet up to layer 7 of the OSI model. The filter then decides which packets are allowed to pass through to the application-layer proxy services and secured network circuit. The application filter looks not only at the packet header information, but also at the complete packet. It is able to sort out rogue payloads this way.

Debating which firewall architecture is the best solution has become a mute point as many firewall vendors have decided to add application layer filtering to their product.

Stateful firewall technologies tracked the state of a connection, but they only provided limited analysis of the application data. CheckPoint initially added TELNET, FTP, and HTTP application filtering to their FW-1 product. Cisco's PIX fixup protocol application proxies consist of FTP, HTTP, H.323, ILS, RSH, RTSP, SMTP, SIP, Skinny, and SQLNet. Many vendors also couple their products with Intrusion Detection (IDS) functionality. Deep Packet Inspection (DPI) encompasses IDS functionality into the firewall appliance.

DPI technology was developed to address the limitations of packet filtering, stateful inspection, and application filtering limitations. Operating at level 3 through 7 in the OSI model, DPI technology is effective against buffer overflow attacks, denial of service (DoS) attacks, single packet worms, and more sophisticated intrusion attempts.

Despite the advances in filtering technology, no system can be completely secure. Exploits in the system are found frequently because this is a continuously emerging and multifaceted technology.

Recent vulnerabilities were found in Cisco H.323 and CheckPoint FireWall-1 H.323 protocols affecting Voice-over-Internet Protocol (VoIP) and multimedia applications, which are embraced more and more by small businesses. How many more exploits are there that we have not been informed of yet?

If you decide to make security an add-on niche, then not only implement the firewalls but secure-prove your solutions by hack-auditing them. This is where your client will come to understand and appreciate your value-add. It's one thing to plug in a firewall appliance and tell your client they are secure, but having the ability to come back and demonstrate actual attempted and foiled penetration results will speak for themselves.

As a reseller for a specific product or products, you will continuously have to go through vendor specific certification programs based on the flavor of the month, and you will be dependant upon their success, their reseller programs, and their conditions. If you are in this business, you are an entrepreneur who likes working with innovative technology. Being a channel partner and pursuing vendor certifications will give you a fine and rapid start into the market, but what follows after that? Have you thought about where your business will be ten years from now? What services you will be offering? In order to keep a successful business, you must pick your direction. This requires focusing on a value-add service that you can offer without having to rely on vendor influence. You are more than someone else's reseller.

Multiple streams of income will help you expand your business and you should build your expertise in diverse areas around your current knowledge based on coming market trends. I recommend adding non-vendor specific knowledge to your skill set. This will sustain you for years to come. Building a foundation that lets you speak authoritatively on security across platforms and product lines will carry you through any unexpected market swing. You will look more professional in front of your customers not because you are selling a hardware appliance where you passed vendor specific testing, but because you can recommend this hardware appliance as the current best option based on your specific knowledge. Being able to introduce this twist to your sales effort will be appreciated tenfold by customers that now start to trust you and become your clients.

You have to build a relationship and consider what it will take to have an ongoing revenue stream from the same client. Selling services to an already established client requires less effort and marketing expense than having to continuously bring in new clients. An entrepreneur will thrive on the opportunities that could never have opened up before the relationship. The relationship is the key that unlocks these doors, but getting the key requires a unique skill.

What can you offer that the competition can't? You could learn to be a bona-fide grade A hacker for a good cause and be considered a "white hat hacker." The EC Council (www.eccouncil.org) is releasing a new certification for ethical hacking, Exam 312-50 CEHv4 (Certified Ethical Hacker), that will become available in March 2005.

This exam endorses ethical hacking from a vendor-neutral perspective. Passing this eam will certify you as a skilled individual who understands and finds the vulnerabilities in a target system by using the same tools a malicious hacker would. It differs from the other offerings, which only teach defensive techniques. The Certified Ethical Hacker offers offensive strategy coupled with defensive countermeasures.

The course outline includes:
Ethics and Legality, Footprinting, Scanning, Enumeration, System Hacking, Trojans and Backdoors, Sniffers, Denial of Service, Social Engineering, Session Hijacking, Hacking Web Servers, Web Application Vulnerabilities, Web Based Password Cracking Techniques, SQL Injection, Hacking Wireless Networks, Virus and Worms, Physical Security, Linux Hacking, Evading Firewalls, IDS and Honeypots, Buffer Overflows, Cryptography, Penetration Testing.

The knowledge you will acquire covers exposure to business risks and damage resulting from negligence. The course will give you a well-rounded understanding of security threats, risks, and countermeasures.

You will become more than a penetration tester. Your newly gained knowledge and understanding of security checklists will help you audit organizations, give you the methodology to assess security bearings, and provide you the tools to check for vulnerabilities Several schools offer a five-day training class to prepare you for the CEH exam. You can do a search on the Web for "CEH training" to find a training location. The class retails at $2,600 and is a great investment.

The prerequisites for the course are basic networking knowledge, Windows administration, TCP/IP, DNS, NetBios and WINS, and Linux. A recommended on-ramp certification for the CEH training would be either the CompTIA Security+ or Microsoft Fundamentals of Network Security Course 2810.

If you think that five days and $2,600 are to much, or whatever objection you have had in the past for attending any sort of training class, think again.

My friend Mel was a white box builder.He started his entrepreneurial dream years ago. Mel pursued servicing businesses by providing hardware solutions. Recently, he found himself in a predicament. His wife became pregnant, and he needed both adequate insurance coverage and a steady income to care for his family. He had to sell the shop and now installs routers for the local cable company. Mel says he is much happier now. He makes about $18 an hour and gets full medical benefits. He also has regular work hours, fewer headaches, and free weekends.

Mel was in business for four years before he gave up his entrepreneurial dream for a steady paycheck. He had never gone beyond being a reseller. A non-vendor certification would have helped focus his business on a unique area of service offerings unmatched in town. After the sale of the business, a non-vendor certificate would have made Mel much more attractive to prospective employers, he would have had more employment options, and could have landed a far better paying job.

If you are in a similar situation, do not ignore the power of value-add services. Services like networking and penetration testing are in great demand. Security will continue to be a growing field, and having a true understanding of network and security architecture will accelerate your career on whichever path you chose to take.

Just remember to invest in your future the smart way, by investing in yourself first.