CISSP Exam Note (Telecommunications and Networking Security Domain) – LAN/WAN Devices, Types and Speeds of Leased Lines, etc.

April 26, 2010 · Posted in Don's eBook Report, Information Security, Information Systems, Information Technology, eBooks, etc... · Comment 

LAN Devices

Repeaters (Layer 1) – amplify signal, no added intelligence, no filtering

Hubs (Layer 1) – used to connect multiple LAN devices, no added intelligence

Bridges (Layer 2)

  • Amplifies signal and adds some intelligence
  • Forwards the data to all network segments if the Media Access Control (MAC) or hardware address of the destination computer is not on the local network segment
  • Automatically forwards all broadcast traffic

Read more

Tags: , , , , , , , , , , , , , ,

The Password Dilemma

April 15, 2010 · Posted in Information Security, Information Systems, Information Technology · Comment 

I heard parts of this topic on the radio the other day and didn’t really understand the guy’s point since I only caught the tail end of the discussion until I read this article from the Boston Globe. In a nutshell, it challenges the notion of using and changing passwords as required by most organizations and as preached by security professionals. The research described in this article also challenges many of the security best-practices advocated by security experts and how they are actually a hindrance to shall we say, progress.

One thing that I’d like to point out though, it does not take a genius to create a strong password, which for all accounts and purposes there is no such thing. It gives as much protection as a locked door knob to your house. It gives you a layer of protection, but not the protection. Just like a door knob, it can help prevent casual intruders, but not those who are really intent in breaking in. But, I digress. Read more

Tags: , , ,

CISSP Exam Note (Telecommunications and Networking Security Domain) – LAN Media Access Methods

April 2, 2010 · Posted in Don's eBook Report, IT Docs, InfoSec Docs, Information Security, Information Technology, eBooks, etc... · Comment 

LAN Media Access Methods

  • Physical & Data Link Layers
  • Controls the use of a network

Ethernet 802.3

  • Uses CSMA/CD
  • Designed for sporadic traffic
  • Defines a bus topology with 3 different cabling standards:
    • Thinnet (10Base2) – coax with segments up to 185 meters
    • Thicknet (10Base5) – coax with segments up to 500 meters
    • Unshielded Twisted Pair (UTP) – all devices connected to a hub or a switch

Read more

Tags: , , , , , , , , ,

Symantec Guide to Scary Internet Stuff – Phishing

March 30, 2010 · Posted in Information Security, Information Systems, The Internet · Comment 

Notwithstanding the ad to buy their product in the last part of the video, this is a little nice informative video on phishing. YES people still fall for this stuff.

The first in a series of video’s looking at common Internet threats. This one looks at Phishing and how to prevent it.

Tags: , , , , ,

CISSP Exam Note (Telecommunications and Networking Security Domain) – 5 Common LAN Topologies

March 30, 2010 · Posted in Don's eBook Report, IT Docs, InfoSec Docs, Information Security, Information Systems, Information Technology, eBooks, etc... · Comment 

Topologies – defines the manner in which the network devices are organized to facilitate communication

Bus

  • All transmissions travel full length of the cable and receive by all other stations
  • Single point of failure n the cable
  • If one of the links between any of the computers is broken, the network is down
  • Primarily Ethernet
  • These networks were originally designed to work with more sporadic traffic Read more

Tags: , , , , , , , , ,

CISSP Exam Note (Telecommunications and Networking Security Domain) – Data Networking Technologies

March 29, 2010 · Posted in Don's eBook Report, InfoSec Docs, Information Security, Information Systems, Information Technology, Internet Docs, eBooks, etc... · Comment 

LAN Cabling Types

Twisted Pair Cable

  • Relatively slow speed
  • Two insulated wires can be shielded (STP0 or unshielded (UTP)
  • UTP is four-pair medium and comes in several categories
  • UTP can be easily tapped by eavesdroppers than the other cable types
  • Category based on how tightly wound the wires are, the tighter the wind the higher the rating and the higher the resistance to interference
  • Cat 1 UTP – was used for telephone lines, not good for data
  • Cat 2 UTP – up to 4 MBps
  • Cat 3 UTP – Used for 10BaseT networks up to 10 MBps
  • Cat 4 UTP – Used in Token Ring Networks up to 16 MBps
  • Cat 5 – Current UTP standard for new installations up to 100MBps
  • Cat 6 UTP – up to 155MBps
  • Cat 7 UTP – up to 1 GBps

You may also want to consider these CISSP resources from Amazon.com

Read more

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , ,

CISSP Exam Note (Telecommunications and Networking Security Domain) – Common Data Network Services

March 26, 2010 · Posted in Don's eBook Report, IT Docs, InfoSec Docs, Information Security, Information Systems, Information Technology, eBooks, etc... · Comment 

File Services – Share data files and subdirectories on the file server

Mail Services – Send and receive e-mail internally and externally

Print Services – Print documents to shared printers

Client/Server Services – Allocate computing resources among workstations Read more

Tags: , , , , , , , , ,

CISSP Exam Note (Telecommunications and Networking Security Domain) – Data Networking Basics

March 23, 2010 · Posted in Don's eBook Report, InfoSec Docs, Information Security, Information Technology · Comment 

Data Network Types:

  • Local Area Network (LAN)
  • Wide Area Network (WAN)
  • Internet, Intranet and Extranet

You may also want to consider these CISSP resources from Amazon.com

Read more

Tags: , , , , , , , , , ,

CISSP Domains: Who’s on first?

March 19, 2010 · Posted in Don's eBook Report, InfoSec Docs, Information Security, Information Systems · Comment 

I just realized something today that I found a tad bit annoying. The numbering of the domains of the CISSP Common Body of Knowledge (CBK) is actually trivial (can’t think of a better word at the moment). I am reviewing some items on my CISSP notes today and was looking at Domain 2: Telecommunications and Network Security. I wanted to compare some of my notes (written in 2006) to whatever else I can find in the web.

So I Googled, “CISSP Domain 2”.  The result was TechTarget’s SearchSecurity.com listed at number 1. And it says “CISSP Domain 2 quiz: Access Control.” Access Control? What do you mean Access Control? I thought “Telecommunications and Network Security” is the CBK”s Domain 2? Read more

Tags: , , , , , , , , , , , , , , , , ,

CISSP Certification All-in-One Exam Guide, Fourth Edition (Hardcover)

March 16, 2010 · Posted in Information Security · Comment 

CISSP Certification All-in-One Exam Guide, Fourth Edition

All-in-One is All You NeedFully revised for the latest exam release, this authoritative volume offers thorough coverage of all the material on the Certified Information Systems Security Professional (CISSP) exam. Written by a renowned security expert and CISSP, this guide features complete details on all 10 exam domains developed by the International Information Systems Security Certification Consortium (ISC²). Inside, you’ll find learning objectives at the beginning of each ch (more…)

Tags: , , , , , , ,

Next Page »

  • Your Shopping Cart

    Your cart is empty

  • Calendar

    September 2010
    M T W T F S S
    « Aug    
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  

  • RSS e-Business News from eCommerceTimes

    • HP's Wallet-Busting Win
      The insane tug-of-war between Dell and HP for enterprise storage company 3Par has finally drawn to a close. We have a winner, if you want to call it that -- the final sale price is more than double the figure Dell initially put forward when it announced its intentions to buy 3Par a couple weeks ago, so who knows how much of that is real value and how much is […]
    • Making Change Happen Every Day: Q&A With GSA's David McClure
      The U.S. government spends $80 billion annually on information technology. The U.S. General Services Administration is directly involved in nearly 25 percent of federal IT procurement activities through its Schedule 70 acquisition program, including nearly $9 billion directly for information technology investments. GSA has emerged as a leader in guiding fede […]
    • Marketers, Let's Get Personal
      On Aug. 13, IBM and Unica Corporation announced they had entered into a definitive agreement for IBM to acquire Unica, a leading provider of marketing software solutions that focuses on streamlining marketing program development, execution and management to achieve improved marketing effectiveness. […]
    • 3Par Sale Frenzy Ends With HP the Presumed Winner
      HP has won the bidding war it waged with Dell for data-storage company 3Par, whose shares were trading at $9.65 when Dell first tried to acquire it in mid-August. Dell decided not to match HP's $2.4 billion ($33 per share) offer, which topped Dell's bid of $32 per share. Dell first tried to acquire 3Par with an $18 per share offer on August 16, whi […]
    • Intel, Infineon and the Winds of Change
      Intel has focused solely on the computer business for so long, we forget it can pursue other avenues of growth as well. Tomorrow, all our devices will be connected and talk to each other and share information. In that new world, Intel has been looking around for another business to acquire to help expand its reach, and it chose Infineon. […]
    • In iTunes, All App Reviews Are Not Created Equal
      I like walled gardens. They are safe and, for the most part, keep out the predators. However, when one sneaks over the wall, the results can be ugly, to say the least. With the iTunes App Store, one of the key supposed advantages for end-users is that it is a walled garden, and Apple is providing a safe, secure environment you can trust in. […]
    • How to Build a Better Business Blog
      About the easiest way for companies to dip their toes into the social media waters is the blog. There are few technical burdens to setting them up, the time needed to create posts can flex with the workloads of the assigned writers, and they can become a conduit for customer conversations through the comments section. So every business is leaping eagerly int […]
    • Do E-Readers Spell the End of Print Media?
      Recently, library chief Helen Josephine of Stanford University's Engineering Library said that the students' search through volumes of books to get to a formula that they want is basically at an end because "with books being digitized and available through full text search capabilities, they can find that formula quite easily." […]
    • Sony's New Touchscreen Readers Unlikely to Shake Up Market
      Sony has updated its e-reader family of devices: the Reader Pocket, Reader Touch and Reader Daily. The new Readers offer touchscreen functionality based on infrared sensors that read taps made by a finger or a stylus. They are smaller and lighter, and have redesigned user interfaces. […]
    • Will Wednesday's Big Show Put More Spring in AAPL's Step?
      Shares of Apple closed up 60 cents on Tuesday to hit $243.10. However, Cupertino is still smarting from the downward spiral of the past few weeks, when its stocks took a beating along with the rest of the market. The Dow on Tuesday recovered a fraction of what it lost after a Monday drubbing, and the Nasdaq fell nearly six points. […]

  • RSS From the National Vulnerability Database

    • CVE-2010-2364 (moobbs) August 30, 2010
      Cross-site scripting (XSS) vulnerability in Free CGI Moo moobbs before 1.03 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. […]
      nvd@nist.gov
    • CVE-2010-3188 (bugtracker.net) August 30, 2010
      SQL injection vulnerability in search.aspx in BugTracker.NET 3.4.3 and earlier allows remote attackers to execute arbitrary SQL commands via a custom field to the search page. […]
      nvd@nist.gov
    • CVE-2010-3196 (db2) August 30, 2010
      IBM DB2 9.7 before FP2, when AUTO_REVAL is IMMEDIATE, allows remote authenticated users to cause a denial of service (loss of privileges) to a view owner by defining a dependent view. […]
      nvd@nist.gov
    • CVE-2010-3190 (visual_studio) August 30, 2010
      Untrusted search path vulnerability in ATL MFC Trace Tool (AtlTraceTool8.exe), as used in Microsoft Visual Studio, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a TRC, cur, rs, rct, or res file. […]
      nvd@nist.gov
    • CVE-2010-3195 (db2) August 30, 2010
      Unspecified vulnerability in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 on Windows Server 2008 allows attackers to cause a denial of service (trap) via vectors involving "special group and user enumeration." […]
      nvd@nist.gov
    • CVE-2010-2365 (moobbs2) August 30, 2010
      Cross-site scripting (XSS) vulnerability in Free CGI Moo moobbs2 before 1.03 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. […]
      nvd@nist.gov
    • CVE-2010-3194 (db2) August 30, 2010
      The DB2DART program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows attackers to bypass intended file access restrictions via unspecified vectors related to overwriting files owned by an instance owner. […]
      nvd@nist.gov
    • CVE-2010-3191 (captivate) August 30, 2010
      Untrusted search path vulnerability in Adobe Captivate 5.0.0.596, and possibly other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .cptx file. NOTE: the provenance of this information is unknown; the details are ob […]
      nvd@nist.gov
    • CVE-2010-3193 (db2) August 30, 2010
      Unspecified vulnerability in the DB2STST program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 has unknown impact and attack vectors. […]
      nvd@nist.gov
    • CVE-2010-3189 (internet_security) August 30, 2010
      The extSetOwner function in the UfProxyBrowserCtrl ActiveX control (UfPBCtrl.dll) in Trend Micro Internet Security Pro 2010 allows remote attackers to execute arbitrary code via an invalid address that is dereferenced as a pointer. […]
      nvd@nist.gov
Get Adobe Flash playerPlugin by wpburn.com wordpress themes
My Highlights powered by RoohIt (for WordPress)