What is the best wireless security mode? There are only four choices, and only one worth using, WPA2. But there are some other settings you have to use in order to make WPA2 secure.
As a security professional, “is DD-WRT safe?” is a question I hear a lot. While there are options that I think are safer, I’m perfectly fine with admitting I use DD-WRT myself. I know a lot of other people like me do as well.
One thing is almost certain: DD-WRT is safer than what shipped on your router from the factory.
I recently saw advice to buy a Cisco RV130W instead of buying an Asus router such as an RT-AC66U and souping it up with Asuswrt-Merlin. I can see both sides of the argument but in the end I favor the Asus solution when I consider Asuswrt-Merlin vs Cisco. Here’s why.
Now, if you’re arguing business vs personal use, there’s no contest. In a business setting, buy the Cisco.
Whether you’ve gotten a tech support scam phone call or not, it can be helpful to know how to clean viruses off your computer for free. And yes, I do mean free.
A lot of people get ripped off due to virus scares and it makes me mad. I’m a computer security professional. I advise large companies on computer security for a living. Today I’ll take a few minutes to advise you.
When you get rid of a computer hard drive, it’s important to get rid of it properly. Your hard drive probably contains a lot of sensitive information on it, like tax returns or loan applications. Here’s how to destroy a computer hard drive when you need to.
Let’s set some expectations here. Making the data impossible to recover isn’t something you can do without a drive shredder. But you can make it so difficult and expensive to recover that nobody will bother. That’s good enough. If it costs $10,000 to recover the data from your drive, a thief isn’t going to do it, due to the risk that you don’t have $10,000 to steal.
Most consumer routers have a feature they call a DMZ, or demilitarized zone. You may hear networking types talk about the DMZ at work. So what is a router DMZ, exactly?
Can I use a CISSP book to study for SSCP? That’s a good question, and a good idea, but I don’t recommend it anymore.
SSCP covers less ground and goes into more depth than CISSP does. SSCP is designed for hands-on security operations types. CISSPs tend to be policy types and/or managers. You’ll do better with a post-2015 SSCP guide, such as SSCP Systems Security Certified Practitioner All-in-One Exam Guide, Second Edition. You might as well get a used copy to save money.
That said, if you know the material, you can pass it using old books. I passed CISSP with old, dated books because the new books weren’t ready yet. I relied on work experience to close the gaps. Work experience is just as important as book knowledge. Perhaps more so. I’ve worked with people with lots of book knowledge who couldn’t solve the problems they encountered on the job. You can’t fake your way through operations.
If you have an old CISSP book from before 2015, read the seven relevant domains from the CISSP book: Access Control; Cryptography; Malicious Code and Activity; Monitoring and Analysis; Networks and Communications; Risk, Response and Recovery; and Security Operations and Administration. Anything that’s fair game in those domains for CISSP always was fair for SSCP too.
Tomorrow is election day. When you vote, use a paper ballot. Paper ballots aren’t flawless either, but they are the less flawed of the two options we have.
So remember two things tomorrow. Go vote. And ask for paper.
Yesterday, half the Internet was broken. I knew something was wrong when I couldn’t get into Salesforce to check on a support ticket for my biggest customer. Another member of my team sent us a warning that a big DDoS attack was happening, and not to count on being able to issue very many quotes today. So what, exactly, is a DDoS attack and how do DDoS attacks work?
I suppose there’s another question to ask too: What can you do to avoid being part of the problem? We’ll save that for the end.