The following is a list of recommended resources for learning as much as you can about computer security.

To begin with, it is important to know about the underlying network technologies. Since most firewalls and security devices are built on TCP/IP networks, a good reference on TCP/IP is essential. I recommend:

O'Reilly TCP/IP Network Administration
http://www.amazon.com/exec/obidos/AS...002325-3115155

In addition to this, it is always useful to know as much as possible about the systems on which you are working. For Linux/Unix systems, there are assorted O'Reilly books on the topics of system administration and system command references, one of my favourites is Linux in a Nutshell,
http://www.amazon.com/exec/obidos/tg...glance&s=books

If firewalling is your primary concern, another good (O'Reilly) book is:
Building Internet Firewalls
http://www.amazon.com/exec/obidos/tg...glance&s=books
Additionally, the book "Firewalls & Internet Security - Repelling The Wily Hacker" is worth a read:
http://www.amazon.com/exec/obidos/AS...002325-3115155

There are also many online resources, mostly published by emergency response teams like CERT. I recommend the following resources:
ftp://ftp.auscert.org.au/pub/auscert...rity_checklist

The following document also makes an interesting read:
http://www.trouble.org/survey

Once you have all of these resources thoroughly digested, join a few security mailing lists and security related websites (such as this one). For security-related mailing lists, go to www.securityfocus.com

If possible, test some of the security vulnerabilities on your own systems (eg build a small network of old linux computers and test code for vulnerabilities to see the effects)
An advantage of this is that you can see log files and identify patterns, which will help you when looking at real logs during/after an incident.

Some other recommended books include:

Common Sense computer security, Your practical guide to information protection
ISBN: 0077078055

Computer Crime: A crimefighters handbook
ISBN: 1565920864

Computer Secyrity
ISBN: 0750696001

Hacker Proof
ISBN: 188413355X

Internet Firewalls and Network Security
ISBN: 15620563

Maximum Security: A Hacker's Guide To Protecting Your Internet Site And Network
ISBN: 1575212684

Practical Unix And Internet Security
ISBN: 1565921488

UNIX Unleashed
ISBN: 0-672-30402-3

In addition to all of this, some at least basic knowledge of programming will help, preferably in a language suitable for your systems (eg C or C++ in Unix, whatever you want in Windows since its not going to help imrpove its security anyway) Also sockets programming knowledge can be a help.

Moving on to specific security issues, you should know all applicable vulnerabilities in recent versions of the software you run (eg apache, sendmail) and be aware of the patches for them. Also be aware of the web site(s) where notices of new bugs are posted, so that you can check on a daily basis for new security holes in your server software.

You should also learn where on your system the logfiles are kept for each daemon or server application you run, and also logs for system events. In addition to this, you should perform some random tests to get to know the servers you are securing, for example know a rough estimate of the average load at a certain time, how many users you expect to be logged in and at what times, and remember roughly which processes are running during normal operation. This way, if you suspect something is wrong, your suspicion can be checked with simple calls to uptime, who and ps aux (This is assuming a *nix based system). The sooner you can identify the fact that you are under attack, the sooner you can respond to it.

It is also useful to know at least the basics about various forms of cryptography in everyday use, including DES, MD5 and the various public key systems in use (eg PGP and GPG).

Perhaps the most important thing to remember, both when learning about and implementing security measures, is that the security should be as good as possible, but no better. Do not try to stop users from doing something they've always done... they'll just find ways around your security, giving you a false sense of security, and worsening the problem. Talk to your users when implementing and designing a security policy, find out what they want, and explain to them why that particular service might not be secure. Be open to suggestions, however, the users know what they need to do, do not feel that just because a particular protocol or application is insecure you should not implement it, you can always add an extra layer of packet-based security around it, or lo kthe service off from the outside world, or put it on a proxy server or bastion host. There is almost always a way to provide your users with what they need (that is, what they need, not necessarily what they want... most users would want free access to MP3s and games servers, but that is inappropriate in a business environment).

Overall, just remember to think before you act, and use your own common sense and judgement. Also, don't trust absolutely everything you read, false bugs have been known to be reported, and some "fixes" are simply ways to open your system to even more attackers!