You can expect any midlevel or higher security certification test to require you to compare and contrast a vulnerability assessment vs pentest. The difference is important. But since I still see people confusing the two, let me explain them.
I conduct vulnerability assessments for a living. I’ve done some light pentesting in the past, but I’m happier doing assessments. I don’t want to be a penetration tester. That seems strange to some people. Maybe that gives me a good perspective to compare and contrast the two, because both have their uses. But they aren’t interchangeable.
I’ve advocated using something other than your ISP’s DNS for years. There’s little if any downside to doing so, and tons of upside. My current favorite third-party DNS is Cleanbrowsing.org because it does so much to improve performance and security. Here’s my Cleanbrowsing.org review.
First things first: Don’t worry about how much Cleanbrowsing.org costs. It has useful tiers available as a free service, even though it’s tremendously valuable.
Should I buy a used Chromebook? I asked myself that question for years. And argued with myself about it. Finally I decided to take the plunge and bought one. Here are the pros and cons to buying a used Chromebook, and what you should look out for to protect yourself.
Overall I recommend them. For less than the price of a year of Lifelock, you can do something that really will make a difference in how secure your personal finance is.
A vulnerability scanner like Nessus or Qualys will record the MAC address of every computer it finds. But Qualys doesn’t output the MAC address in a nice column format. It mixes a lot of other data into the cell. So I had to figure out how to extract a MAC address from Excel data to give an infrastructure team an inventory they wanted.
What is DDoSing? It’s something every system administrator and security professional needs to be concerned about. You can expect to see this concept on certification tests and get questions about it in job interviews. So let’s look at the concept of DDoS, and why I think this is going to get worse before it gets better.
Sometimes you’ll hear insurance professionals, banking professionals, computer security professionals, and other people who deal with risk talk about inherent risk and its counterpart, residual risk. If these are unclear to you, or you just need a refresher, you came to the right place. Let’s take a look at a simple inherent risk definition and example, as well as residual risk.
In computer security circles, you’ll hear the words white hat gray hat black hat thrown around a lot. Everyone just assumes you know what they mean. If you’re unsure about it, here’s what the terms mean, and what the difference is.
Can your computer become infected with a virus via email? It absolutely can. I had one of the worst weeks of my career due to a virus delivered over e-mail. But the good news is, it’s preventable. You can take simple measures to make it much more difficult, if not impossible, to catch a virus via e-mail.
I’ve written about pfSense before. It’s a router project based on FreeBSD, a free Unix project that never gained the popularity of Linux but is perfectly capable in its own right. But it doesn’t run on router hardware. It’s designed to run on a PC. But a lot of pfSense builds get expensive. So let’s look at a budget pfSense build. Let’s see what we can do for around $100-$150.
I see a lot of pfSense builds with price tags of $300. If you’re OK with using used equipment, you can build a nice machine for half that. And you don’t have to give up quality either. In fact, I’ll argue that building one my way gains you quality. Let’s get to it.