Archive for August, 2010

CompTIA Security+ Certification

Tuesday, August 17th, 2010
The CompTIA Security+ certification course is suitable for students interested in network security and its relationship to other IT areas. It provides a broad introduction to computer and network security. It also provides the knowledge needed to implement security and a foundation for further study of more specific security areas. It’s ideal for those working in database development and administration, as well as those administering network devices and infrastructures.
Students taking this course should be familiar with personal computers and the use of a  keyboard and a mouse. Furthermore, this course assumes that students have completed
the following courses or have equivalent experience:
  • CompTIA A+ Certification
  • CompTIA Network+ Certification

After completing the CompTIA Security+ course, you will know how to:

  • Mitigate threats to network security through core system maintenance, implement virus and spyware management tools, secure Web browsers, and identify social engineering threats.
  • Identify cryptography concepts including algorithms, public keys, security certificates, and single- and dual-sided certificates.
  • Implement authentication systems such as one-, two-, and three-factor authentication, prevent password cracking, and use authentication such as Kerberos and CHAP.
  • Secure e-mail and messaging services.
  • Create security policies to secure file and print resources.
  • Install, enable, and configure public key infrastructure.
  • Install and configure security systems including biometric systems, physical access controls, as well as access to peripherals, computer components, and storage devices.
  • Assess vulnerability to security attacks against TCP/IP ports and protocols.
  • Configure intranet and extranet security zones and use virtualization to protect network security, as well as identify common threats against network devices.
  • Implement a secure wireless network.
  • Create a secure remote access network using RADIUS, TACACS, LDAP, and VPNs.
  • Use auditing, logging, and monitoring techniques to maintain a secure network.
  • Conduct security risks and vulnerability assessment using IPS, IDS, MBSA, and OVAL tools.
  • Establish organizational security through organizational policies, education and training, and the proper disposal and destruction of IT equipment.
  • Create a business continuity plan that prepares the organization to deal with security threats and natural disasters.

Posted in CompTIA Security+ | Comments Off

IT Security Professional Career Path

Monday, August 16th, 2010

If you are looking to embark on a career in IT Security, then you can start as a system administrator with a solid understanding of administration and networking and then pursues certifications such as CISSP and CISM.

Next move on to an information security auditing role by taking the CISA, followed by information privacy and operational risk positions along with associated certifications (i.e., CIPP and CRP).

After gaining expertise in this feld, there are many options, such as moving into management, making a transition into business operations, leaving for another organization, or entering into independent consulting.

How does this sound?

Posted in IT Security Career | Comments Off

Certified Ethical Hacker Exam Objectives

Friday, August 13th, 2010

If you are preparing for the CEH exam, here is a list of exam objectives you need to follow:

Ethics and Legality

  • Understand ethical hacking terminology.
  • Define the job role of an ethical hacker.
  • Understand the different phases involved in ethical hacking.
  • Identify different types of hacking technologies.
  • List the five stages of ethical hacking.
  • What is hacktivism?
  • List different types of hacker classes.
  • Define the skills required to become an ethical hacker.
  • What is vulnerability research?
  • Describe the ways of conducting ethical hacking.
  • Understand the legal implications of hacking.
  • Understand 18 U.S.C. § 1030 US Federal Law.

Footprinting

  • Define the term footprinting.
  • Describe information-gathering methodology.
  • Describe competitive intelligence.
  • Understand DNS enumeration.
  • Understand Whois, ARIN lookup.
  • Identify different types of DNS records.
  • Understand how traceroute is used in footprinting.
  • Understand how email tracking works.
  • Understand how web spiders work

Scanning

  • Define the terms port scanning, network scanning, and vulnerability scanning.
  • Understand the CEH scanning methodology.
  • Understand ping sweep techniques.
  • Understand nmap command switches.
  • Understand SYN, stealth, XMAS, NULL, IDLE, and FIN scans.
  • List TCP communication flag types.
  • Understand war dialing techniques.
  • Understand banner grabbing and OF fingerprinting techniques.
  • Understand how proxy servers are used in launching an attack.
  • How do anonymizers work?
  • Understand HTTP tunneling techniques.
  • Understand IP spoofing techniques.

Enumeration

  • What is enumeration?
  • What is meant by null sessions?
  • What is SNMP enumeration?
  • What are the steps involved in performing enumeration?
  • System Hacking
  • Understanding password cracking techniques.
  • Understanding different types of passwords.
  • Identify various password cracking tools.
  • Understand escalating privileges.
  • Understanding keyloggers and other spyware technologies.
  • Understand how to hide files.
  • Understand rootkits.
  • Understand steganography technologies.
  • Understand how to cover your tracks and erase evidence.

Trojans and Backdoors

  • What is a Trojan?
  • What is meant by overt and covert channels?
  • List the different types of Trojans.
  • What are the indications of a Trojan attack?
  • Understand how Netcat Trojan works.
  • What is meant by wrapping?
  • How do reverse connecting Trojans work?
  • What are the countermeasure techniques in preventing Trojans?
  • Understand Trojan evading techniques.

Sniffers

  • Understand the protocols susceptible to sniffing.
  • Understand active and passive sniffing.
  • Understand ARP poisoning.
  • Understand ethereal capture and display filters.
  • Understand MAC flooding.
  • Understand DNS spoofing techniques.
  • Describe sniffing countermeasures

Denial of Service

  • Understand the types of DoS attacks.
  • Understand how a DDoS attack works.
  • Understand how BOTs/BOTNETs work.
  • What is a Smurf attack?
  • What is SYN flooding?
  • Describe the DoS/DDoS countermeasures.

Social Engineering

  • What is social engineering?
  • What are the common types of attacks?
  • Understand dumpster diving.
  • Understand reverse social engineering.
  • Understand insider attacks.
  • Understand identity theft.
  • Describe phishing attacks.
  • Understand online scams.
  • Understand URL obfuscation.
  • Social engineering countermeasures.

Session Hijacking

  • Understand spoofing vs. hijacking.
  • List the types of session hijacking.
  • Understand sequence prediction.
  • What are the steps in performing session hijacking?
  • Describe how you would prevent session hijacking.

Hacking Web Servers

  • List the types of web server vulnerabilities.
  • Understand the attacks against web servers.
  • Understand IIS Unicode exploits.
  • Understand patch management techniques.
  • Understand Web Application Scanner.
  • What is the Metasploit Framework?
  • Describe web server hardening methods.

Web Application Vulnerabilities

  • Understand how a web application works.
  • Objectives of web application hacking.
  • Anatomy of an attack.
  • Web application threats.
  • Understand Google hacking.
  • Understand web application countermeasures.
  • Web-Based Password-Cracking Techniques
  • List the authentication types.
  • What is a password cracker?
  • How does a password cracker work?
  • Understand password attacks—classification.
  • Understand password cracking countermeasures.

SQL Injection

  • What is SQL injection?
  • Understand the steps to conduct SQL injection.
  • Understand SQL Server vulnerabilities.
  • Describe SQL injection countermeasures.

Wireless Hacking

  • Overview of WEP, WPA authentication systems, and cracking techniques.
  • Overview of wireless sniffers and SSID, MAC spoofing.
  • Understand rogue access points.
  • Understand wireless hacking techniques.
  • Describe the methods in securing wireless networks.

Virus and Worms

  • Understand the difference between a virus and a worm.
  • Understand the types of viruses.
  • How a virus spreads and infects the system.
  • Understand antivirus evasion techniques.
  • Understand virus detection methods.

Physical Security

  • Physical security breach incidents.
  • Understand physical security.
  • What is the need for physical security?
  • Who is accountable for physical security?
  • Factors affecting physical security.

Linux Hacking

  • Understand how to compile a Linux kernel.
  • Understand GCC compilation commands.
  • Understand how to install LKM modules.
  • Understand Linux hardening methods.
  • Evading IDS, Honeypots, and Firewalls
  • List the types of intrusion detection systems and evasion techniques.
  • List firewall and honeypot evasion techniques.

Buffer Overfows

  • Overview of stack based buffer overflows.
  • Identify the different types of buffer overflows and methods of detection.
  • Overview of buffer overflow mutation techniques.

Cryptography

  • Overview of cryptography and encryption techniques.
  • Describe how public and private keys are generated.
  • Overview of MD5, SHA, RC4, RC5, Blowfish algorithms.

Penetration Testing Methodologies

  • Overview of penetration testing methodologies.
  • List the penetration testing steps.
  • Overview of the Pen-Test legal framework.
  • Overview of the Pen-Test deliverables.
  • List the automated penetration testing tools.

Posted in Certified Ethical Hacker | Comments Off

CSSLP Certification

Thursday, August 12th, 2010

The Certified Secure Software Lifecycle Professional (CSSLP) is the only certification in the industry that ensures security is considered throughout the entire lifecycle.   It is designed to establish an industry standard and credential that attests to the holder’s knowledge and ability to apply best practices in delivering secure software. The certification is language neutral and focuses on professionals whose work is related to the software life cycle, including software architects, software engineers, developers, programmers, project managers, quality assurance testers, and analysts.

The impetus behind the CSSLP certification is the ever-increasing losses incurred by all types of organizations from both insider and outsider attacks because of software that is not secure. Also, because of the increased exploitation of software vulnerabilities, additional regulatory and compliance requirements are being imposed by governmental bodies.

Secure software controls should be an integral part of the software life cycle, from conception to disposal, and should address the fundamental security concepts of confidentiality, integrity, availability, authentication, authorization, and auditing.

As defined by (ISC)2, the domains comprising the CSSLP Common Body of Knowledge are:

  • Secure software concepts —Security implications in software development
  • Secure software requirements—Capturing security requirements in the requirements gathering phase
  • Secure software design—Translating security requirements into application design elements
  • Secure software implementation/coding —Testing for security functionality and resiliency to attack, and developing secure code and exploit mitigation
  • Secure software testing—Testing for security functionality and resiliency to attack
  • Software acceptance —Security implications in the software acceptance phase
  • Software deployment, operations, maintenance, and disposal —Security issues around steady state operations and management of software

Posted in CSSLP | Comments Off

CISSP Specializations

Wednesday, August 11th, 2010
Once you have become a CISSP certified, then you have an option to specialize in the following three areas:
  • ISSAP stands for Information Systems Security Architecture Professional and this concentration is suitable for for technical systems security architects
  • ISSEP stands for Information Systems Security Engineering Professional and this concentration demonstrates competence for security engineers
  • ISSMP stands for Information Systems Security Management Professional and this concentration is about security management
Each of the concentrations has its own exams.

Posted in CISM | Comments Off

CISSP Post-Qualification

Tuesday, August 10th, 2010

Once you have achieved your CISSP certification you must do a few things in order to maintain your hard-won CISSP certification:

  1. Keep your contact information current. As soon as you receive your certification, register on the (ISC)2 Web site and provide your contact information. (ISC)2 informs you about your annual maintenance fee, Board of Directors elections, annual meetings, and events, but only if you maintain your contact info.
  2. Pay your annual maintenance fee (AMF). You’re required to pay the annual maintenance fee (AMF — currently US $85) each year in order to continue to hold your CISSP certification. You can easily pay the AMF online at the (ISC)2 Web site
  3. Attending training and conferences to earn CPEs. CPEs are Continuing Professional Education credits. You’re required to continue to earn CPEs through security- and professional-related education opportunities in order to maintain your CISSP certification. During each three-year certification cycle, you have to earn a minimum of 120 CPEs; you must earn at least 20 CPEs each year. (You can’t wait until the last minute in a threeyear cycle to earn all of your CPEs.) To submit your CPEs, log in to the ISC Web site and register your training and other qualified events, one at a time.   You can earn a lot of CPEs by attending conferences and training courses, but you can find many more ways to earn CPEs, such as by providing training, attending chapter meetings, or publishing articles or books.

Posted in CISSP | Comments Off

What is CISM?

Tuesday, August 10th, 2010

Posted in Uncategorized | Comments Off

CISSP is one of the most in-demand certification

Monday, August 9th, 2010

The certification magazine has looked at the most in demand certifications which are attractive to employers.   And guess what? CISSP is one of them.   Other include MCSE, PMP and CCNA.

CISSP is a vendor neutral certification that includes: access control, cryptography, operations security, and security architecture and design. CEOs rank security as the second-hardest functional area to fill.

Posted in (ISC)2 | Comments Off