Simple Math: Maybe the Difference in your Cert Exam Pass/Fail Chances
Picture this. You locked yourself up in a room for two months or so with no social interaction. You’ve excommunicated your family for that time period. You even missed the Super Bowl and the birth of your first child (okay maybe a little too dramatic, I know you would not dare miss the Super Bowl). In any case, you did all this because you have a goal. You wanted to be certified. You studied and studied. You read the book cover-to-cover. You paid top money for a class. You joined study groups. You took countless of practice exams and even bought several brain dump resources for good measure. You studied ’til the cows came home.
On the day of the exam you were as confident as a porcupine with extended twills (imagine that 
…). You know in your heart you’ve done what you could. You are anxious. You are ready. Then here comes the first question. You think to yourself, “WTF is this? I don’t remember reading about this.” Then the next question was so vague you wondered if it was actually written in English. The third question, seemed like there are two answers instead of one. The fourth was no easier. By the fifth question, all that confidence went down the toilet and by the sixth you are in a near panic. Read more
To CISSP or Not to CISSP – Part 2
Continued from: To CISSP or Not to CISSP – Part 1
Let’s look at what another non-fan of the cert thinks about the cert. In his blog entry he quoted another blog that stated:
“I chose a self study route, and devoted around 2 months for the preparation. Locked myself in and had very little to no time for the family, I’d told them what I was up to, both my wife and son were very supporting. Every weekday I would dedicate 3 to 4 hours, and on weekends 5 to 6 hours for preparation. The last week before exam, I took leave from work and dedicated around 12 hours straight everyday for 7 days. To cope with the physical and mental tensions I did 45 minutes yoga in the morning and 20 minutes meditation in the afternoon. I took a break or stretched for 5 to 15 minutes after every 1 or 2 hours of studies.”
He then followed up by stating:
“That is ridiculous. I would expect someone who wants to be considered as a “security professional” to be well-enough versed in the CISSP material to not require seven straight days of 12 hour studying sessions, beyond the previous seven weeks of study.”
To CISSP or Not to CISSP – Part 1
I had a discussion with a current co-worker over lunch one day on the importance of higher education. Just a week prior, two contractors working with us left without notice and somehow claimed the workplace was pretty hostile to them. Being also a contractor and working with the same group of folks, I (along with the rest of the team) found the claim to be pretty odd. We simply did not see the place as being a hostile one. It was actually a tad dull and boring if you ask me. However, whatever the case may be, this is the reason that they gave their contracting office.
One of the contractors was actually not making the cut. Meaning he fails to meet even the simplest objective that is given to him by our manager and team leads. The other contractor was the one who recommended him for the job and also this contractor apparently has another gig that he believes will bring him tons of cash. So believing that the writing is on the wall, they decided to leave. Why they left without notice and also giving out a false statement as to the reason why left has no viable explanation. The only word that comes to mind is, unprofessional.
These two stories came to mind today as I was searching for ideas for acquiring Continuing Professional Education (CPE) credits to maintain my CISSP (Certified Information Systems Security Professional) certification. Somehow the search landed me into pages asking if whether CISSP is worth it. There are several bloggers who simply believe that the accreditation is nothing but a piece of paper that is not worth the ink it was printed with.
Yeah Boy! I passed the PMP Exam… (Part 1)
Four months of being a near-recluse, self-studying and sometimes overly stressing finally paid off. I passed the Project Management Professional (PMP) exam yesterday. For folks who are not familiar with the certification, Project Management Professional (PMP) is a credential offered by the Project Management Institute (PMI). Click here to learn more about the PMI and its credentialing programs. As of 30 June 2009 (2009 -06-30), there were 359,973 PMP certified individuals distributed globally. Read more
CISSP Certification All-in-One Exam Guide, Fourth Edition (Hardcover)
All-in-One is All You NeedFully revised for the latest exam release, this authoritative volume offers thorough coverage of all the material on the Certified Information Systems Security Professional (CISSP) exam. Written by a renowned security expert and CISSP, this guide features complete details on all 10 exam domains developed by the International Information Systems Security Certification Consortium (ISC²). Inside, you’ll find learning objectives at the beginning of each ch (more…)
CISSP Exam Note (Domain 2: Telecommunications and Networking Security) – Virtual Private Networks
Virtual Private Networks
- Secure connection between two nodes using secret encapsulation method
- Secure Encrypted Tunnel – encapsulated tunnel (encryption may or may not be used)
- Tunnel can be created by the following three methods:
- Installing software or agents on the client or network gateway
- Implementing user or node authentication systems
- Implementing key and certificate exchange systems
CISSP All-in-One Exam Guide, Fifth Edition (Hardcover)
Get complete coverage of the latest release of the Certified Information Systems Security Professional (CISSP) exam inside this comprehensive, fully updated resource. Written by the leading expert in IT security certification and training, this authoritative guide covers all 10 CISSP exam domains developed by the International Information Systems Security Certification Consortium (ISC2). You’ll find learning objectives at the beginning of each chapter, exam tips, practice exam q (more…)
What’s Been Happening
I’ve been away from this blog for quite some time, and really feeling quite guilty for not making the entry. Although not the first time I’ve abandoned this blog, this is the first time that this blog actually has some purpose and structure (sort of). Anyway, I have this little thing about excuses and how I think they are similar to a–holes. Everybody has them and they all stink . However, I do want to explain as to why I have been an absentee blogger since the holidays. One word — BUSY. Yeah, yeah aren’t we all? Read more
CISSP Exam Note (Domain 2: Telecommunications and Networking Security) – Protocols
Protocols – a standard set of rules that determines how computers communicate with each other across networks despite their differences
Layered architecture
- Shows how communication should take place
- Clarify the general functions of a communication process
- To break down complex networking processes into more manageable sub-layers
- Using industry standard interfaces enables interoperability
- To change the features of one layer without changing the code in every layer
- Easier troubleshooting Read more
CISSP Exam Note (Domain 2: Telecommunications and Networking Security) – Availability Concepts / Fault Tolerance
Availability means that the information, the computing systems used to process the information, and the security controls used to protect the information are all available and functioning correctly when the information is needed. The opposite of availability is the lack thereof, one example of this is a common attack known as a denial of service (DoS) attack.
For example: In 2000 Amazon, CNN, eBay, and Yahoo! were victims of a DoS attack.
| “ | Yahoo Attacked. No one knows what happened except that it was inaccesable for more than 3 hours. It was also known that the attack was co-ordinated and hence the standard firewall algorithms failed to figure out what was happening. |
Fault Tolerance is the ability of a system to respond gracefully to an unexpected hardware or software failure. There are many levels of fault tolerance, the lowest being the ability to continue operation in the event of a power failure. Many fault-tolerant computer systems mirror all operations — that is, every operation is performed on two or more duplicate systems, so if one fails the other can take over. Source: http://www.webopedia.com/term/f/fault_tolerance.html Read more
Join Me On Facebook
Business Tech Press Releases- Advocacy Groups Embrace "Extreme Data Mining" to Prove Clout on Capitol Hill February 6, 2012
- AJRR Announces Launch of National Joint Replacement Registry Using Remedy Informatics' Next-Generation Registry Software February 6, 2012
- Faruqi & Faruqi, LLP Announces Investigation of JDA Software Group, Inc. February 6, 2012
- ZTE Honors Xilinx With '2011 Best Comprehensive' Performance Award For Outstanding Technical Support, Quality & Delivery February 6, 2012
- Express Scripts, Inc. Announces Pricing of $3.5 Billion Senior Notes Offering February 6, 2012
- From the National Vulnerability Database
- CVE-2011-4872 (desire_hd, desire_s, droid_incredible, evo_3d, evo_4g, glacier, sensation_4g, sen...) February 4, 2012Multiple HTC Android devices including Desire HD FRG83D and GRI40, Glacier FRG83, Droid Incredible FRF91, Thunderbolt 4G FRG83D, Sensation Z710e GRI40, Sensation 4G GRI40, Desire S GRI40, EVO 3D GRI40, and EVO 4G GRI40 allow remote attackers to obtain 802.1X Wi-Fi credentials and SSID via a crafted application that uses the android.permission.ACCESS_WIFI_STA […]nvd@nist.gov
- CVE-2011-4512 (wincc_flexible, simatic_hmi_panels, wincc_runtime_advanced, wincc_flexible_runtime) February 2, 2012CRLF injection vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary HTTP headers and conduct HT […]nvd@nist.gov
- CVE-2011-4879 (wincc_flexible, simatic_hmi_panels, wincc_runtime_advanced, wincc_flexible_runtime) February 2, 2012miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime does not properly handle URIs beginning with a 0xfa character, which allows remote attac […]nvd@nist.gov
- CVE-2011-4514 (wincc_flexible, simatic_hmi_panels, wincc_runtime_advanced, wincc_flexible_runtime) February 2, 2012The TELNET daemon in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime does not perform authentication, which makes it easier for remote attackers to obtain access via a TCP session. […]nvd@nist.gov
- CVE-2011-4510 (wincc_flexible, simatic_hmi_panels, wincc_runtime_advanced, wincc_flexible_runtime) February 2, 2012Cross-site scripting (XSS) vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary web script or H […]nvd@nist.gov
- CVE-2011-4878 (wincc_flexible, simatic_hmi_panels, wincc_runtime_advanced, wincc_flexible_runtime) February 2, 2012Directory traversal vulnerability in miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to read arbitrary files via […]nvd@nist.gov
- CVE-2011-4877 (wincc_flexible, simatic_hmi_panels, wincc_runtime_advanced, wincc_flexible_runtime) February 2, 2012HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to cause a denial of service (application crash) by sending crafted […]nvd@nist.gov
- CVE-2011-4513 (wincc_flexible, simatic_hmi_panels, wincc_runtime_advanced, wincc_flexible_runtime) February 2, 2012Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allow user-assisted remote attackers to execute arbitrary code via a crafted project file, related to the HMI web server and runtime loader. […]nvd@nist.gov
- CVE-2011-4876 (wincc_flexible, simatic_hmi_panels, wincc_runtime_advanced, wincc_flexible_runtime) February 2, 2012Directory traversal vulnerability in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to execute, read, create, modi […]nvd@nist.gov
- CVE-2011-4511 (wincc_flexible, simatic_hmi_panels, wincc_runtime_advanced, wincc_flexible_runtime) February 2, 2012Cross-site scripting (XSS) vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary web script or H […]nvd@nist.gov
- CVE-2011-4872 (desire_hd, desire_s, droid_incredible, evo_3d, evo_4g, glacier, sensation_4g, sen...) February 4, 2012