Category Archives: security

Asuswrt-Merlin vs Cisco

I recently saw advice to buy a Cisco RV130W instead of buying an Asus router such as an RT-AC66U and souping it up with Asuswrt-Merlin. I can see both sides of the argument but in the end I favor the Asus solution when I consider Asuswrt-Merlin vs Cisco. Here’s why.

Now, if you’re arguing business vs personal use, there’s no contest. In a business setting, buy the Cisco.

Continue reading Asuswrt-Merlin vs Cisco

How to clean viruses off your computer for free

Whether you’ve gotten a tech support scam phone call or not, it can be helpful to know how to clean viruses off your computer for free. And yes, I do mean free.

A lot of people get ripped off due to virus scares and it makes me mad. I’m a computer security professional. I advise large companies on computer security for a living. Today I’ll take a few minutes to advise you.

Continue reading How to clean viruses off your computer for free

How to destroy a computer hard drive

When you get rid of a computer hard drive, it’s important to get rid of it properly. Your hard drive probably contains a lot of sensitive information on it, like tax returns or loan applications. Here’s how to destroy a computer hard drive when you need to.

Let’s set some expectations here. Making the data impossible to recover isn’t something you can do without a drive shredder. But you can make it so difficult and expensive to recover that nobody will bother. That’s good enough. If it costs $10,000 to recover the data from your drive, a thief isn’t going to do it, due to the risk that you don’t have $10,000 to steal.

Continue reading How to destroy a computer hard drive

Can I use a CISSP book to study for SSCP?

Can I use a CISSP book to study for SSCP? That’s a good question, and a good idea, but I don’t recommend it anymore.

SSCP covers less ground and goes into more depth than CISSP does. SSCP is designed for hands-on security operations types. CISSPs tend to be policy types and/or managers. You’ll do better with a post-2015 SSCP guide, such as SSCP Systems Security Certified Practitioner All-in-One Exam Guide, Second Edition. You might as well get a used copy to save money.

That said, if you know the material, you can pass it using old books. I passed CISSP with old, dated books because the new books weren’t ready yet. I relied on work experience to close the gaps. Work experience is just as important as book knowledge. Perhaps more so. I’ve worked with people with lots of book knowledge who couldn’t solve the problems they encountered on the job. You can’t fake your way through operations.

If you have an old CISSP book from before 2015, read the seven relevant domains from the CISSP book: Access Control; Cryptography; Malicious Code and Activity; Monitoring and Analysis; Networks and Communications; Risk, Response and Recovery; and Security Operations and Administration. Anything that’s fair game in those domains for CISSP always was fair for SSCP too.

When you vote, use a paper ballot

I don't mean this image figuratively. Fill out a paper ballot and drop it in the box.
I don’t mean this image figuratively. Fill out a paper ballot and drop it in the box.

Tomorrow is election day. When you vote, use a paper ballot. Paper ballots aren’t flawless either, but they are the less flawed of the two options we have.

So remember two things tomorrow. Go vote. And ask for paper.

How DDoS attacks work

Yesterday, half the Internet was broken. I knew something was wrong when I couldn’t get into Salesforce to check on a support ticket for my biggest customer. Another member of my team sent us a warning that a big DDoS attack was happening, and not to count on being able to issue very many quotes today. So what, exactly, is a DDoS attack and how do DDoS attacks work?

I suppose there’s another question to ask too: What can you do to avoid being part of the problem? We’ll save that for the end.

Continue reading How DDoS attacks work