The Password Dilemma

April 15, 2010 · Posted in Information Security, Information Systems, Information Technology · Comment

I heard parts of this topic on the radio the other day and didn’t really understand the guy’s point since I only caught the tail end of the discussion until I read this article from the Boston Globe. In a nutshell, it challenges the notion of using and changing passwords as required by most organizations and as preached by security professionals. The research described in this article also challenges many of the security best-practices advocated by security experts and how they are actually a hindrance to shall we say, progress.

One thing that I’d like to point out though, it does not take a genius to create a strong password, which for all accounts and purposes there is no such thing. It gives as much protection as a locked door knob to your house. It gives you a layer of protection, but not the protection. Just like a door knob, it can help prevent casual intruders, but not those who are really intent in breaking in. But, I digress. Read more

Tags: Microsoft, password, research, Security

CISSP Exam Note (Telecommunications and Networking Security Domain) – LAN Media Access Methods

April 2, 2010 · Posted in Don's eBook Report, IT Docs, InfoSec Docs, Information Security, Information Technology, eBooks, etc... · Comment

LAN Media Access Methods

Physical & Data Link Layers
Controls the use of a network

Ethernet 802.3

Uses CSMA/CD
Designed for sporadic traffic
Defines a bus topology with 3 different cabling standards:
- Thinnet (10Base2) – coax with segments up to 185 meters
- Thicknet (10Base5) – coax with segments up to 500 meters
- Unshielded Twisted Pair (UTP) – all devices connected to a hub or a switch

Tags: ARCnet, CSMA/CD, ethernet, FDDI, LAN, media access methods, thicknet, thinnet, token ring, UTP

Symantec Guide to Scary Internet Stuff – Phishing

March 30, 2010 · Posted in Information Security, Information Systems, The Internet · Comment

Notwithstanding the ad to buy their product in the last part of the video, this is a little nice informative video on phishing. YES people still fall for this stuff.

The first in a series of video’s looking at common Internet threats. This one looks at Phishing and how to prevent it.

Tags: Guide, internet, phishing, prevent, Symantec, Threats

CISSP Exam Note (Telecommunications and Networking Security Domain) – 5 Common LAN Topologies

March 30, 2010 · Posted in Don's eBook Report, IT Docs, InfoSec Docs, Information Security, Information Systems, Information Technology, eBooks, etc... · Comment

Topologies – defines the manner in which the network devices are organized to facilitate communication

Bus

All transmissions travel full length of the cable and receive by all other stations
Single point of failure n the cable
If one of the links between any of the computers is broken, the network is down
Primarily Ethernet
These networks were originally designed to work with more sporadic traffic Read more

Tags: bus, CISSP RE, CISSP reviewer, LAN, LAN topologies, mesh, ring, star, topologies, tree

CISSP Exam Note (Telecommunications and Networking Security Domain) – Data Networking Technologies

March 29, 2010 · Posted in Don's eBook Report, InfoSec Docs, Information Security, Information Systems, Information Technology, Internet Docs, eBooks, etc... · Comment

LAN Cabling Types

Twisted Pair Cable

Relatively slow speed
Two insulated wires can be shielded (STP0 or unshielded (UTP)
UTP is four-pair medium and comes in several categories
UTP can be easily tapped by eavesdroppers than the other cable types
Category based on how tightly wound the wires are, the tighter the wind the higher the rating and the higher the resistance to interference
Cat 1 UTP – was used for telephone lines, not good for data
Cat 2 UTP – up to 4 MBps
Cat 3 UTP – Used for 10BaseT networks up to 10 MBps
Cat 4 UTP – Used in Token Ring Networks up to 16 MBps
Cat 5 – Current UTP standard for new installations up to 100MBps
Cat 6 UTP – up to 155MBps
Cat 7 UTP – up to 1 GBps

You may also want to consider these CISSP resources from Amazon.com

Tags: ARCnet, baseband, broadband, broadcast, CAT 5, CAT 6, CISSP Exam Notes, coaxial cable, CSMA, CSMA/CA, CSMA/CD, FDDI, firber optic cable, LAN, LAN cabling types, LAN transmission methods, LAN transmission protocols, multicast, Polling, thicknet, thinnet, token passing, token ring, twisted pair, unicast, unshielded, UTP

CISSP Exam Note (Telecommunications and Networking Security Domain) – Common Data Network Services

March 26, 2010 · Posted in Don's eBook Report, IT Docs, InfoSec Docs, Information Security, Information Systems, Information Technology, eBooks, etc... · Comment

File Services – Share data files and subdirectories on the file server

Mail Services – Send and receive e-mail internally and externally

Print Services – Print documents to shared printers

Client/Server Services – Allocate computing resources among workstations Read more

Tags: CISSP Exam, CISSP reviewer, client/server, client/server services, data network services, DNS, domain name service, file services, mail services, print services

CISSP Exam Note (Telecommunications and Networking Security Domain) – Data Networking Basics

March 23, 2010 · Posted in Don's eBook Report, InfoSec Docs, Information Security, Information Technology · Comment

Data Network Types:

Local Area Network (LAN)
Wide Area Network (WAN)
Internet, Intranet and Extranet

You may also want to consider these CISSP resources from Amazon.com

Tags: asynchronous communications, CISSP reviewer, data network types, extranet, internet, intranet, LAN, local area network, synchronous communications, WAN, wide area network

CISSP Domains: Who’s on first?

March 19, 2010 · Posted in Don's eBook Report, InfoSec Docs, Information Security, Information Systems · Comment

I just realized something today that I found a tad bit annoying. The numbering of the domains of the CISSP Common Body of Knowledge (CBK) is actually trivial (can’t think of a better word at the moment). I am reviewing some items on my CISSP notes today and was looking at Domain 2: Telecommunications and Network Security. I wanted to compare some of my notes (written in 2006) to whatever else I can find in the web.

So I Googled, “CISSP Domain 2”. The result was TechTarget’s SearchSecurity.com listed at number 1. And it says “CISSP Domain 2 quiz: Access Control.” Access Control? What do you mean Access Control? I thought “Telecommunications and Network Security” is the CBK”s Domain 2? Read more

Tags: Access Control, Application Development Security, Business Continuity and Disaster Recovery Planning, CISSP Domains, CISSP Exam, Common Body of Knowledge, Cryptography, Information Security Governance and Risk Management, Investigations and Compliance, ISC2, Legal, Official CISSP Book, Operations Security, Physical (Environmental) Security, Regulations, Security Architecture and Design, Shon Harris, Telecommunications and Network Security

CISSP Certification All-in-One Exam Guide, Fourth Edition (Hardcover)

March 16, 2010 · Posted in Information Security · Comment

All-in-One is All You NeedFully revised for the latest exam release, this authoritative volume offers thorough coverage of all the material on the Certified Information Systems Security Professional (CISSP) exam. Written by a renowned security expert and CISSP, this guide features complete details on all 10 exam domains developed by the International Information Systems Security Certification Consortium (ISC²). Inside, you’ll find learning objectives at the beginning of each ch (more…)

Tags: AllinOne, Certification, CISSP, Edition, Exam, Fourth, Guide, Hardcover

CISSP Exam Note (Domain 2: Telecommunications and Networking Security) – Virtual Private Networks

March 16, 2010 · Posted in Don's eBook Report, InfoSec Docs, Information Security, Information Technology · Comment

Virtual Private Networks

Secure connection between two nodes using secret encapsulation method
Secure Encrypted Tunnel – encapsulated tunnel (encryption may or may not be used)
Tunnel can be created by the following three methods:
- Installing software or agents on the client or network gateway
- Implementing user or node authentication systems
- Implementing key and certificate exchange systems

Tags: CISSP, CISSP Exam, Firewall-based VPNs, IPSec, IPSec Compatible, L2TP, Layer 2 Tunneling Protocol, Non-IPSec Compatible, Point-to-Point Tunneling Protocol, PPTP, Virtual Private Networks, VPN, VPN Devices, VPN Protocal Standards

« Previous Page — Next Page »

Join Me On Facebook

Trehb101 - Got Geek?

Promote Your Page Too
Entry Categories
- All Other Items (1)
- Biz Mgt & Dev (8)
- Blog-keeping (1)
- Bum-A-Post (3)
- Don's eBook Report (22)
- eBooks, etc… (9)
- eCommerce / eBiz (22)
- Entrepreneurship (21)
- Geek Mail (4)
- Information Security (49)
- Information Systems (46)
- Information Technology (34)
- InfoSec Docs (11)
- Internet Docs (3)
- Internet Marketing (44)
- IT Docs (4)
- Life Happens (22)
- Project Management (28)
- Random Stuff (13)
- The Demondaynizer (4)
- The Internet (75)
- Web Design / Development (34)
- Yeah Boy! Yah Suck! (5)
Recent Posts
Follow Me on Twitter
Business Tech Press Releases
- How to Get Bloggers to help in Your Press Release Distribution May 20, 2012
- Companies Cash In With Their Unwanted Computers, Electronics & Inventory May 20, 2012
- Sea Launch Prepares for the Launch of Intelsat-19 May 20, 2012
- Irosoft anuncia la exitosa implementación de sus soluciones LIMS en Barbados May 19, 2012
- El nuevo Barneys.com es más que comprar, es comprar con una historia May 19, 2012
Archives
Tags

Book Building business CISSP CISSP Exam CISSP reviewer Development Dummies eBusiness Edition Engine Entrepreneurship Exam facebook From Google Guide Hardcover Information Information Security internet Joomla Maceo MAD MAC Management marketing Media Online Optimization Paperback PMP Exam Professional Project Search Secrets Security Social strategies Technology Trehb101 Tweets Twitter with Wordpress Your

Your Shopping Cart
Your cart is empty
Calendar

May 2012

M T W T F S S

« Mar

1 2 3 4 5 6

7 8 9 10 11 12 13

14 15 16 17 18 19 20

21 22 23 24 25 26 27

28 29 30 31
From the National Vulnerability Database
- CVE-2012-1090 (linux_kernel) May 16, 2012
  The cifs_lookup function in fs/cifs/dir.c in the Linux kernel before 3.2.10 allows local users to cause a denial of service (OOPS) via attempted access to a special file, as demonstrated by a FIFO. […]
  nvd@nist.gov
- CVE-2012-2123 (linux_kernel) May 16, 2012
  The cap_bprm_set_creds function in security/commoncap.c in the Linux kernel before 3.3.3 does not properly handle the use of file system capabilities (aka fcaps) for implementing a privileged executable file, which allows local users to bypass intended personality restrictions via a crafted application, as demonstrated by an attack that uses a parent process […]
  nvd@nist.gov
- CVE-2012-0044 (linux_kernel) May 16, 2012
  Integer overflow in the drm_mode_dirtyfb_ioctl function in drivers/gpu/drm/drm_crtc.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 3.1.5 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted ioctl call. […]
  nvd@nist.gov
- CVE-2012-2121 (linux_kernel) May 16, 2012
  The KVM implementation in the Linux kernel before 3.3.4 does not properly manage the relationships between memory slots and the iommu, which allows guest OS users to cause a denial of service (host OS crash) by leveraging administrative access to the guest OS to conduct hotunplug and hotplug operations on devices. […]
  nvd@nist.gov
- CVE-2012-0207 (linux_kernel) May 16, 2012
  The igmp_heard_query function in net/ipv4/igmp.c in the Linux kernel before 3.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and panic) via IGMP packets. […]
  nvd@nist.gov
- CVE-2012-1601 (linux_kernel) May 16, 2012
  The KVM implementation in the Linux kernel before 3.3.6 allows host OS users to cause a denial of service (NULL pointer dereference and host OS crash) by making a KVM_CREATE_IRQCHIP ioctl call after a virtual CPU already exists. […]
  nvd@nist.gov
- CVE-2011-4621 (linux_kernel) May 16, 2012
  The Linux kernel before 2.6.37 does not properly implement a certain clock-update optimization, which allows local users to cause a denial of service (system hang) via an application that executes code in a loop. […]
  nvd@nist.gov
- CVE-2012-1179 (linux_kernel) May 16, 2012
  The Linux kernel before 3.3.1, when KVM is used, allows guest OS users to cause a denial of service (host OS crash) by leveraging administrative access to the guest OS, related to the pmd_none_or_clear_bad function and page faults for huge pages. […]
  nvd@nist.gov
- CVE-2012-0879 (linux_kernel) May 16, 2012
  The I/O implementation for block devices in the Linux kernel before 2.6.33 does not properly handle the CLONE_IO feature, which allows local users to cause a denial of service (I/O instability) by starting multiple processes that share an I/O context. […]
  nvd@nist.gov
- CVE-2012-1146 (linux_kernel) May 16, 2012
  The mem_cgroup_usage_unregister_event function in mm/memcontrol.c in the Linux kernel before 3.2.10 does not properly handle multiple events that are attached to the same eventfd, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by registering memory threshold events. […]
  nvd@nist.gov

May 2012
M	T	W	T	F	S	S
« Mar
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30	31

Information Security : Information Technology Project Management : Life

Join Me On Facebook

Entry Categories

Recent Posts

Follow Me on Twitter

Archives

Tags

Your Shopping Cart

Calendar

Information Security : Information Technology
Project Management : Life