CISSP Exam Note (Telecommunications and Networking Security Domain) – 5 Common LAN Topologies

March 30, 2010 · Posted in Don's eBook Report, IT Docs, InfoSec Docs, Information Security, Information Systems, Information Technology, eBooks, etc... · Comment 

Topologies – defines the manner in which the network devices are organized to facilitate communication

Bus

  • All transmissions travel full length of the cable and receive by all other stations
  • Single point of failure n the cable
  • If one of the links between any of the computers is broken, the network is down
  • Primarily Ethernet
  • These networks were originally designed to work with more sporadic traffic Read more

Tags: <, , , , , , , , , >

CISSP Exam Note (Telecommunications and Networking Security Domain) – Common Data Network Services

March 26, 2010 · Posted in Don's eBook Report, IT Docs, InfoSec Docs, Information Security, Information Systems, Information Technology, eBooks, etc... · Comment 

File Services – Share data files and subdirectories on the file server

Mail Services – Send and receive e-mail internally and externally

Print Services – Print documents to shared printers

Client/Server Services – Allocate computing resources among workstations Read more

Tags: <, , , , , , , , , >

CISSP Exam Note (Telecommunications and Networking Security Domain) – Data Networking Basics

March 23, 2010 · Posted in Don's eBook Report, InfoSec Docs, Information Security, Information Technology · Comment 

Data Network Types:

  • Local Area Network (LAN)
  • Wide Area Network (WAN)
  • Internet, Intranet and Extranet

You may also want to consider these CISSP resources from Amazon.com

Read more

Tags: <, , , , , , , , , , >

CISSP Exam Note (Domain 2: Telecommunications and Networking Security) – Firewalls

March 12, 2010 · Posted in Don's eBook Report, InfoSec Docs, Information Security, Information Systems, Information Technology · Comment 

Firewalls

Packet Filtering Firewall – First Generation

  • Screening router
  • Operates at Network and Transport Level
  • Examines Source and Destination IP address
  • Can deny based on ACLs
  • Can specify port

You may also want to consider these CISSP resources from Amazon.com

Read more

Tags: <, , , , , , , , , , , , >

CISSP Exam Note (Domain 2: Telecommunications and Networking Security) – Denial of Service Attack

December 10, 2009 · Posted in Information Security, Information Systems · Comment 

A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts of a person or people to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root nameservers.

One common method of attack involves saturating the target (victim) machine with external communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered effectively unavailable. In general terms, DoS attacks are implemented by either forcing the targeted computer(s) to reset, or consuming its resources so that it can no longer provide its intended service or obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately. Read more

Tags: <, , , , , , , , , , , >

CISSP Review Notes – Notes I used to pass the exam

November 18, 2009 · Posted in Don's eBook Report, InfoSec Docs, Information Security, eBooks, etc... · Comment 

I became a Certified Information Systems Security Professional in 2007. I studied for nearly a year. It took so long because I had to self-study and I followed the best process I know (in essence what works for me). I was tempted on getting some of them brain dumps, but I thought better. I also debated whether I should attend one of them bootcamps.  But I don’t think these bootcamps are worth what they are charging, typically $2500.00 for one week.

So I decided to go Spartan and go old school. I read the Shon Harris book and the official CISSP book for at least 2 hours every morning with the target of finishing a Domain per week. All the while highlighting stuff that I thought would be useful and worth highlighting. So you can imagine that process took me at least 20 weeks, reading two books. Read more

Tags: <, , , , , , >

  • Your Shopping Cart

    Your cart is empty

  • Calendar

    February 2012
    M T W T F S S
    « Mar    
     12345
    6789101112
    13141516171819
    20212223242526
    272829  

  • RSS From the National Vulnerability Database

    • CVE-2011-3958 (chrome) February 7, 2012
      Google Chrome before 17.0.963.46 does not properly perform casts of variables during handling of a column span, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document. […]
      nvd@nist.gov
    • CVE-2012-1033 (bind) February 7, 2012
      The resolver in ISC BIND 9 through 9.8.1-P1 does not properly implement a cache update policy, which allows remote attackers to trigger continued resolvability of domain names that are no longer registered via an unspecified "Ghost Names exploit." […]
      nvd@nist.gov
    • CVE-2011-3971 (chrome) February 7, 2012
      Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to mousemove events. […]
      nvd@nist.gov
    • CVE-2011-3954 (chrome) February 7, 2012
      Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (application crash) via vectors that trigger a large amount of database usage. […]
      nvd@nist.gov
    • CVE-2011-3970 (chrome, libxslt) February 7, 2012
      libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. […]
      nvd@nist.gov
    • CVE-2012-0926 (realplayer, realplayer_sp) February 7, 2012
      The RV10 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, does not properly handle height and width values, which allows remote attackers to execute arbitrary code via a crafted RV10 RealVideo video stream. […]
      nvd@nist.gov
    • CVE-2011-3969 (chrome) February 7, 2012
      Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to layout of SVG documents. […]
      nvd@nist.gov
    • CVE-2011-3956 (chrome) February 7, 2012
      The extension implementation in Google Chrome before 17.0.963.46 does not properly handle sandboxed origins, which might allow remote attackers to bypass the Same Origin Policy via a crafted extension. […]
      nvd@nist.gov
    • CVE-2011-3968 (chrome) February 7, 2012
      Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving Cascading Style Sheets (CSS) token sequences. […]
      nvd@nist.gov
    • CVE-2012-1035 (ada_web_services) February 7, 2012
      AdaCore Ada Web Services (AWS) before 2.10.2 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. […]
      nvd@nist.gov
Get Adobe Flash playerPlugin by wpburn.com wordpress themes