CISSP Exam Note (Domain 2: Telecommunications and Networking Security) – Key Concepts and Other Definitions
Rainbow Series
The Rainbow Series (sometimes known as the Rainbow Books) is a series of computer security standards published by the United States government in the 1980s and 1990s. They were originally published by the U.S. Department of Defense Computer Security Center, and then by the National Computer Security Center.
These standards describe a process of evaluation for trusted systems. In some cases, U.S. government entities (as well as private firms) would require formal validation of computer technology using this process as part of their procurement criteria. Many of these standards have influenced, and have been superseded by, the Common Criteria. Read more
CISSP Exam Note (Domain 2: Telecommunications and Networking Security) – Denial of Service Attack
A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts of a person or people to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root nameservers.
One common method of attack involves saturating the target (victim) machine with external communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered effectively unavailable. In general terms, DoS attacks are implemented by either forcing the targeted computer(s) to reset, or consuming its resources so that it can no longer provide its intended service or obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately. Read more
CISSP Review Notes – Notes I used to pass the exam
I became a Certified Information Systems Security Professional in 2007. I studied for nearly a year. It took so long because I had to self-study and I followed the best process I know (in essence what works for me). I was tempted on getting some of them brain dumps, but I thought better. I also debated whether I should attend one of them bootcamps. But I don’t think these bootcamps are worth what they are charging, typically $2500.00 for one week.
So I decided to go Spartan and go old school. I read the Shon Harris book and the official CISSP book for at least 2 hours every morning with the target of finishing a Domain per week. All the while highlighting stuff that I thought would be useful and worth highlighting. So you can imagine that process took me at least 20 weeks, reading two books. Read more
Join Me On Facebook
Business Tech Press Releases- Cambium Learning Group Announces Second Quarter Earnings Call July 29, 2010
- Henry Bros. Electronics' CEO Jim Henry to Speak at the National Sports Safety and Security Conference and Exhibition July 29, 2010
- Brazil: Privalia's Success Story July 29, 2010
- InfiniteGraph 1.0 Released by Objectivity, Inc. July 29, 2010
- eBay Supports Resolution to Protect Small Internet Businesses July 29, 2010
- e-Business News from eCommerceTimes
- AT&T Is Winning Its Catch-Up RaceAT&T Mobility and Apple iPhone have been successful together, but every coin has two sides. The other side has been a wireless data logjam. Could that problem finally be getting under control? AT&T has been working very hard to do just that, said Ralph de la Vega, AT&T mobility and consumer markets president and CEO, at last week's Fortune B […]
- Europe's Tender Words About FOSSThere's no denying that everyone needs a little love from time to time, but for those of us in the FOSS community, that need can be particularly acute. After all, rarely a week goes by without some affront from those we had hoped were our friends. Case in point? Dell. Imagine our surprise, then -- nay, outright joy! -- when none other than Neelie Kroes […]
- PRM: It's Not Just CRM for PartnersCRM is a complex thing. It involves understanding your customers and your own business -- two difficult things to fully grasp under any circumstances -- and then using technology to convert that understanding into a positive impact on your business. Customers, and to a lesser extent your business, are always changing. […]
- Senate Committee Hacks Away at Online Privacy ThicketThe pressure on major Web site operators and online advertisers to do a better job of protecting consumers' privacy continues to mount. On Tuesday, Senator John Kerry, D-Mass., said he plans to introduce legislation that would "give people more control over how their personal information is collected and distributed online." […]
- Why That Mountain of Leads Is a Molehill of SalesIn the struggle to grow revenues in tighter markets, most companies are pushing their marketing departments to provide greater market coverage and deliver more sales opportunities. Yet statistics reveal that an astonishing 79 percent of leads generated by corporate marketing departments are never contacted by corporate sales groups. […]
- The Beauty of a Sustainable Supply ChainThe new age of sustainability is like a three-legged stool, and over the last couple of weeks I've discussed my ideas for the first two legs, including customers and energy or transportation. The third leg involves products, and this idea takes some thinking to fully comprehend. Most of us don't think a lot about products because they are ubiquito […]
- Yahoo Japan May Succeed Where Yahoo FailedYahoo Japan has announced that it will begin a relationship with Google to power its search functions and also administer ads that appear on the site. In this deal, the company is not following in the steps of its U.S. counterpart, Yahoo, which cut a deal with Microsoft's Bing, announced last year. […]
- Citigroup Upgrades Careless iPhone Banking AppCitigroup customers who do mobile banking on an iPhone should head to the Apple App Store immediately for an upgrade. A flaw in the Citigroup mobile banking iPhone app released in March 2009 causes personal information to be saved in a hidden file on the mobile device, the banking giant revealed in a letter to customers dated July 20, a day after it released […]
- Doctoring the Customer ExperienceRetailers' worst nightmare has indeed come to bear: American consumers have permanently changed their buying habits, according to research by several firms. Gone are the days of shopping as a pastime. And, for all practical purposes, brand loyalty has just about evaporated. […]
- IBM's Next-Gen 'System of Systems' MainframeFor most systems vendors, the launch of a next-generation server platform qualifies as a pretty big deal. After all, such occasions provide vendors multiple opportunities to strut their visionary stuff, roll out a host of satisfied customers, and highlight their current/future strategies. However, some next-gen platforms are -- literally and figuratively -- […]
- AT&T Is Winning Its Catch-Up Race
- From the National Vulnerability Database
- CVE-2009-4960 (lanai-core) July 27, 2010Directory traversal vulnerability in modules/backup/download.php in Lanai Core 0.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter. […]nvd@nist.gov
- CVE-2010-1577 (content_delivery_system, internet_streamer) July 27, 2010Directory traversal vulnerability in Cisco Internet Streamer, as used in Cisco Content Delivery System (CDS) 2.2.x, 2.3.x, 2.4.x, and 2.5.x before 2.5.7 allows remote attackers to read arbitrary files via a crafted URL. […]nvd@nist.gov
- CVE-2009-4973 (totalcalendar) July 27, 2010SQL injection vulnerability in rss.php in TotalCalendar 2.4 allows remote attackers to execute arbitrary SQL commands via the selectedCal parameter in a SwitchCal action. […]nvd@nist.gov
- CVE-2010-2703 (openview_network_node_manager) July 27, 2010Stack-based buffer overflow in the execvp_nc function in the ov.dll module in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53, when running on Windows, allows remote attackers to execute arbitrary code via a long HTTP request to webappmon.exe. […]nvd@nist.gov
- CVE-2009-4972 (simpleid) July 27, 2010Cross-site scripting (XSS) vulnerability in index.php (aka the log in page) in SimpleID before 0.6.5 allows remote attackers to inject arbitrary web script or HTML via the s parameter. […]nvd@nist.gov
- CVE-2010-0211 (openldap) July 27, 2010The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, […]nvd@nist.gov
- CVE-2009-4971 (vjchat) July 27, 2010SQL injection vulnerability in the AJAX Chat (vjchat) extension before 0.3.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. […]nvd@nist.gov
- CVE-2009-4958 (emo_breeder_manager) July 27, 2010SQL injection vulnerability in video.php in EMO Breader Manager allows remote attackers to execute arbitrary SQL commands via the idd parameter. […]nvd@nist.gov
- CVE-2009-4970 (t3m_affiliate) July 27, 2010SQL injection vulnerability in the t3m_affiliate extension 0.5.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. […]nvd@nist.gov
- CVE-2010-2529 (iputils) July 27, 2010Unspecified vulnerability in ping.c in iputils 20020927, 20070202, 20071127, and 20100214 on Mandriva Linux allows remote attackers to cause a denial of service (hang) via a crafted echo response. […]nvd@nist.gov
- CVE-2009-4960 (lanai-core) July 27, 2010