Convert a list of hostnames to a list of IP addresses

I had a client with a huge list of hostnames that they needed to convert to IP addresses so they could scan them. That’s common. I used to have a Windows batch file to convert a list of hostnames to a list of IP addresses, so I dug it out of my archives. This isn’t like a ping sweep; they knew the machine names but their tool needed IPs.

I used the file to resolve lists of machines so I could load them into a centralized logging or vulnerability management system. This client had the same need and nobody there had a similar tool. So I shared mine with them. And I present it here so I won’t lose it again, and if you need it, you can use it too.

Read more

Asuswrt-Merlin vs Cisco

I recently saw advice to buy a Cisco RV130W instead of buying an Asus router such as an RT-AC66U and souping it up with Asuswrt-Merlin. I can see both sides of the argument but in the end I favor the Asus solution when I consider Asuswrt-Merlin vs Cisco. Here’s why.

Now, if you’re arguing business vs personal use, there’s no contest. In a business setting, buy the Cisco.

Read more

How to clean viruses off your computer for free

Whether you’ve gotten a tech support scam phone call or not, it can be helpful to know how to clean viruses off your computer for free. And yes, I do mean free.

A lot of people get ripped off due to virus scares and it makes me mad. I’m a computer security professional. I advise large companies on computer security for a living. Today I’ll take a few minutes to advise you.

Read more

How to destroy a computer hard drive

When you get rid of a computer hard drive, it’s important to get rid of it properly. Your hard drive probably contains a lot of sensitive information on it, like tax returns or loan applications. Here’s how to destroy a computer hard drive when you need to.

Let’s set some expectations here. Making the data impossible to recover isn’t something you can do without a drive shredder. But you can make it so difficult and expensive to recover that nobody will bother. That’s good enough. If it costs $10,000 to recover the data from your drive, a thief isn’t going to do it, due to the risk that you don’t have $10,000 to steal.

Read more

Can I use a CISSP book to study for SSCP?

Can I use a CISSP book to study for SSCP? That’s a good question, and a good idea, but I don’t recommend it anymore.

SSCP covers less ground and goes into more depth than CISSP does. SSCP is designed for hands-on security operations types. CISSPs tend to be policy types and/or managers. You’ll do better with a post-2015 SSCP guide, such as SSCP Systems Security Certified Practitioner All-in-One Exam Guide, Second Edition. You might as well get a used copy to save money.

That said, if you know the material, you can pass it using old books. I passed CISSP with old, dated books because the new books weren’t ready yet. I relied on work experience to close the gaps. Work experience is just as important as book knowledge. Perhaps more so. I’ve worked with people with lots of book knowledge who couldn’t solve the problems they encountered on the job. You can’t fake your way through operations.

If you have an old CISSP book from before 2015, read the seven relevant domains from the CISSP book: Access Control; Cryptography; Malicious Code and Activity; Monitoring and Analysis; Networks and Communications; Risk, Response and Recovery; and Security Operations and Administration. Anything that’s fair game in those domains for CISSP always was fair for SSCP too.