Yeah Boy! I passed the PMP Exam… (Part 1)

April 25, 2010 · Posted in Information Systems, Life Happens, Project Management, Yeah Boy! Yah Suck! · Comment 

Four months of being a near-recluse, self-studying and sometimes overly stressing finally paid off. I passed the Project Management Professional (PMP) exam yesterday. For folks who are not familiar with the certification, Project Management Professional (PMP) is a credential offered by the Project Management Institute (PMI). Click here to learn more about the PMI and its credentialing programs. As of 30 June 2009 (2009 -06-30), there were 359,973 PMP certified individuals distributed globally. Read more

Tags: <, , , , , >

CISSP Certification All-in-One Exam Guide, Fourth Edition (Hardcover)

March 16, 2010 · Posted in Information Security · Comment 

CISSP Certification All-in-One Exam Guide, Fourth Edition

All-in-One is All You NeedFully revised for the latest exam release, this authoritative volume offers thorough coverage of all the material on the Certified Information Systems Security Professional (CISSP) exam. Written by a renowned security expert and CISSP, this guide features complete details on all 10 exam domains developed by the International Information Systems Security Certification Consortium (ISC²). Inside, you’ll find learning objectives at the beginning of each ch (more…)

Tags: <, , , , , , , >

CISSP Exam Note (Domain 2: Telecommunications and Networking Security) – Virtual Private Networks

March 16, 2010 · Posted in Don's eBook Report, InfoSec Docs, Information Security, Information Technology · Comment 

Virtual Private Networks

  • Secure connection between two nodes using secret encapsulation method
  • Secure Encrypted Tunnel – encapsulated tunnel (encryption may or may not be used)
  • Tunnel can be created by the following three methods:
    • Installing software or agents on the client or network gateway
    • Implementing user or node authentication systems
    • Implementing key and certificate exchange systems

Read more

Tags: <, , , , , , , , , , , , , >

CISSP All-in-One Exam Guide, Fifth Edition (Hardcover)

March 12, 2010 · Posted in Information Security · Comment 

CISSP All-in-One Exam Guide, Fifth Edition

Get complete coverage of the latest release of the Certified Information Systems Security Professional (CISSP) exam inside this comprehensive, fully updated resource. Written by the leading expert in IT security certification and training, this authoritative guide covers all 10 CISSP exam domains developed by the International Information Systems Security Certification Consortium (ISC2). You’ll find learning objectives at the beginning of each chapter, exam tips, practice exam q (more…)

Tags: <, , , , , , >

What’s Been Happening

February 28, 2010 · Posted in Life Happens, Random Stuff · Comment 

I’ve been away from this blog for quite some time, and really feeling quite guilty for not making the entry. Although not the first time I’ve abandoned this  blog, this is the first time that this blog actually has some purpose and structure (sort of). Anyway, I have this little thing about excuses and how I think they are similar to a–holes. Everybody has them and they all stink ;-) . However, I do want to explain as to why I have been an absentee blogger since  the holidays. One word — BUSY. Yeah, yeah aren’t we all? Read more

Tags: <, , , , , , >

CISSP Exam Note (Domain 2: Telecommunications and Networking Security) – Protocols

January 11, 2010 · Posted in Information Security, Information Systems, Information Technology · Comment 

Protocols – a standard set of rules that determines how computers communicate with each other across networks despite their differences

Layered architecture

  • Shows how communication should take place
  • Clarify the general functions of a communication process
  • To break down complex networking processes into more manageable sub-layers
  • Using industry standard interfaces enables interoperability
  • To change the features of one layer without changing the code in every layer
  • Easier troubleshooting Read more

Tags: <, , , , , , , , , , , , , , , >

CISSP Exam Note (Domain 2: Telecommunications and Networking Security) – Availability Concepts / Fault Tolerance

December 1, 2009 · Posted in Information Security, Information Systems · Comment 

Availability means that the information, the computing systems used to process the information, and the security controls used to protect the information are all available and functioning correctly when the information is needed. The opposite of availability is the lack thereof, one example of this is a common attack known as a denial of service (DoS) attack.

For example: In 2000 Amazon, CNN, eBay, and Yahoo! were victims of a DoS attack.

Yahoo Attacked. No one knows what happened except that it was inaccesable for more than 3 hours. It was also known that the attack was co-ordinated and hence the standard firewall algorithms failed to figure out what was happening.

Source: http://en.wikipedia.org/wiki/Information_assurance

Fault Tolerance is the ability of a system to respond gracefully to an unexpected hardware or software failure. There are many levels of fault tolerance, the lowest being the ability to continue operation in the event of a power failure. Many fault-tolerant computer systems mirror all operations — that is, every operation is performed on two or more duplicate systems, so if one fails the other can take over. Source: http://www.webopedia.com/term/f/fault_tolerance.html Read more

Tags: <, , , , , , , , , , , , , , , , , , , , , , >

CISSP Exam Note (Domain 2: Telecommunications and Networking Security) – Intrusion Detection Systems

November 25, 2009 · Posted in Information Security, Information Systems · Comment 

Intrusion Detection Systems

An Intrusion detection system (IDS) is a network security device that monitors network and/or system activities for malicious or unwanted behavior. (Source: http://en.wikipedia.org/wiki/Intrusion_detection_system)

Terminologies:

  • Alert/Alarm- A signal suggesting that a system has been or is being attacked.
  • True attack stimulus- An event that triggers an IDS to produce an alarm and react as though a real attack were in progress.
  • False attack stimulus- The event signaling an IDS to produce an alarm when no attack has taken place.
  • False (False Positive)- An alert or alarm that is triggered when no actual attack has taken place.
  • False negative- A failure of an IDS to detect an actual attack.
  • Noise- Data or interference that can trigger a false positive.
  • Site policy- Guidelines within an organization that control the rules and configurations of an IDS.
  • Site policy awareness- The ability an IDS has to dynamically change its rules and configurations in response to changing environmental activity.
  • Confidence value- A value an organization places on an IDS based on past performance and analysis to help determine its ability to effectively identify an attack.
  • Alarm filtering- The process of categorizing attack alerts produced from an IDS in order to distinguish false positives from actual attacks. Read more

Tags: <, , , , , , , , , >

CISSP Exam Note (Domain 2: Telecommunications and Networking Security) – Remote Access Security Management

November 24, 2009 · Posted in Information Security, Information Systems · Comment 

Key Concepts:

  • Confidentiality – no disclosure of data
  • Integrity – no alteration of data
  • Availability – no destruction of data

Common Remote Connections

  • xDSL – Digital Subscriber Line
  • Cable Modem
  • Wireless
  • ISDN – Integrated Services Digital Network

Common Tools in Securing External Remote Connections

  • VPN – Virtual Private Network
  • SSL – Secure Socket Layer
  • SSH – Secure Shell Read more

Tags: <, , , , , , , , , , >

CISSP Exam Note (Domain 1: Access Control) – Centralized & Decentralized, etc…

November 23, 2009 · Posted in Information Security, Information Systems · Comment 

Access Control – Centralized and Decentralized

Centralized Access Control – is a facility in which all the core functions for access such as Authentication, Authorization, and Accountability (AAA) are performed from a centralized location.

  • RADIUS – Remote Access Dial-In User Service (incorporates an AS and dynamic password)
  • TACACS – Terminal Access Controller Access Control System (for network applications, static pwd)
  • TACACS+ – Terminal Access Controller Access Control System Plus, supports token authentication

CHAP – Challenge Handshake Authentication Protocol

  • Supports encryption, protects password

Decentralized Access Control – generally require medium to large workgroups of individuals and carry higher administrative overhead accordingly. In a decentralized environment, maintaining a homogeny of equipment and services scales in increasing difficulty with proportion to the number of access control points. Changes effected on individual systems are spread locally, instead of having the wide-reaching consequences and effects of a singular centralized system. Read more

Tags: <, , , , , , , , , , >

Next Page »

  • Your Shopping Cart

    Your cart is empty

  • Calendar

    September 2010
    M T W T F S S
    « Aug    
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  

  • RSS e-Business News from eCommerceTimes

    • HP's Wallet-Busting Win
      The insane tug-of-war between Dell and HP for enterprise storage company 3Par has finally drawn to a close. We have a winner, if you want to call it that -- the final sale price is more than double the figure Dell initially put forward when it announced its intentions to buy 3Par a couple weeks ago, so who knows how much of that is real value and how much is […]
    • Making Change Happen Every Day: Q&A With GSA's David McClure
      The U.S. government spends $80 billion annually on information technology. The U.S. General Services Administration is directly involved in nearly 25 percent of federal IT procurement activities through its Schedule 70 acquisition program, including nearly $9 billion directly for information technology investments. GSA has emerged as a leader in guiding fede […]
    • Marketers, Let's Get Personal
      On Aug. 13, IBM and Unica Corporation announced they had entered into a definitive agreement for IBM to acquire Unica, a leading provider of marketing software solutions that focuses on streamlining marketing program development, execution and management to achieve improved marketing effectiveness. […]
    • 3Par Sale Frenzy Ends With HP the Presumed Winner
      HP has won the bidding war it waged with Dell for data-storage company 3Par, whose shares were trading at $9.65 when Dell first tried to acquire it in mid-August. Dell decided not to match HP's $2.4 billion ($33 per share) offer, which topped Dell's bid of $32 per share. Dell first tried to acquire 3Par with an $18 per share offer on August 16, whi […]
    • Intel, Infineon and the Winds of Change
      Intel has focused solely on the computer business for so long, we forget it can pursue other avenues of growth as well. Tomorrow, all our devices will be connected and talk to each other and share information. In that new world, Intel has been looking around for another business to acquire to help expand its reach, and it chose Infineon. […]
    • In iTunes, All App Reviews Are Not Created Equal
      I like walled gardens. They are safe and, for the most part, keep out the predators. However, when one sneaks over the wall, the results can be ugly, to say the least. With the iTunes App Store, one of the key supposed advantages for end-users is that it is a walled garden, and Apple is providing a safe, secure environment you can trust in. […]
    • How to Build a Better Business Blog
      About the easiest way for companies to dip their toes into the social media waters is the blog. There are few technical burdens to setting them up, the time needed to create posts can flex with the workloads of the assigned writers, and they can become a conduit for customer conversations through the comments section. So every business is leaping eagerly int […]
    • Do E-Readers Spell the End of Print Media?
      Recently, library chief Helen Josephine of Stanford University's Engineering Library said that the students' search through volumes of books to get to a formula that they want is basically at an end because "with books being digitized and available through full text search capabilities, they can find that formula quite easily." […]
    • Sony's New Touchscreen Readers Unlikely to Shake Up Market
      Sony has updated its e-reader family of devices: the Reader Pocket, Reader Touch and Reader Daily. The new Readers offer touchscreen functionality based on infrared sensors that read taps made by a finger or a stylus. They are smaller and lighter, and have redesigned user interfaces. […]
    • Will Wednesday's Big Show Put More Spring in AAPL's Step?
      Shares of Apple closed up 60 cents on Tuesday to hit $243.10. However, Cupertino is still smarting from the downward spiral of the past few weeks, when its stocks took a beating along with the rest of the market. The Dow on Tuesday recovered a fraction of what it lost after a Monday drubbing, and the Nasdaq fell nearly six points. […]

  • RSS From the National Vulnerability Database

    • CVE-2010-2364 (moobbs) August 30, 2010
      Cross-site scripting (XSS) vulnerability in Free CGI Moo moobbs before 1.03 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. […]
      nvd@nist.gov
    • CVE-2010-3188 (bugtracker.net) August 30, 2010
      SQL injection vulnerability in search.aspx in BugTracker.NET 3.4.3 and earlier allows remote attackers to execute arbitrary SQL commands via a custom field to the search page. […]
      nvd@nist.gov
    • CVE-2010-3196 (db2) August 30, 2010
      IBM DB2 9.7 before FP2, when AUTO_REVAL is IMMEDIATE, allows remote authenticated users to cause a denial of service (loss of privileges) to a view owner by defining a dependent view. […]
      nvd@nist.gov
    • CVE-2010-3190 (visual_studio) August 30, 2010
      Untrusted search path vulnerability in ATL MFC Trace Tool (AtlTraceTool8.exe), as used in Microsoft Visual Studio, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a TRC, cur, rs, rct, or res file. […]
      nvd@nist.gov
    • CVE-2010-3195 (db2) August 30, 2010
      Unspecified vulnerability in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 on Windows Server 2008 allows attackers to cause a denial of service (trap) via vectors involving "special group and user enumeration." […]
      nvd@nist.gov
    • CVE-2010-2365 (moobbs2) August 30, 2010
      Cross-site scripting (XSS) vulnerability in Free CGI Moo moobbs2 before 1.03 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. […]
      nvd@nist.gov
    • CVE-2010-3194 (db2) August 30, 2010
      The DB2DART program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows attackers to bypass intended file access restrictions via unspecified vectors related to overwriting files owned by an instance owner. […]
      nvd@nist.gov
    • CVE-2010-3191 (captivate) August 30, 2010
      Untrusted search path vulnerability in Adobe Captivate 5.0.0.596, and possibly other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .cptx file. NOTE: the provenance of this information is unknown; the details are ob […]
      nvd@nist.gov
    • CVE-2010-3193 (db2) August 30, 2010
      Unspecified vulnerability in the DB2STST program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 has unknown impact and attack vectors. […]
      nvd@nist.gov
    • CVE-2010-3189 (internet_security) August 30, 2010
      The extSetOwner function in the UfProxyBrowserCtrl ActiveX control (UfPBCtrl.dll) in Trend Micro Internet Security Pro 2010 allows remote attackers to execute arbitrary code via an invalid address that is dereferenced as a pointer. […]
      nvd@nist.gov
Get Adobe Flash playerPlugin by wpburn.com wordpress themes
My Highlights powered by RoohIt (for WordPress)