security Archives

Home » security » Page 23

SSCP vs CISSP

Dave Farquhar security June 30, 2016August 11, 2018certifications, cissp, cissp exam, isc, SSCP

SSCP and CISSP are both (ISC)² certifications. I get a lot of questions about the two of them, especially about SSCP, as CISSP overshadows it. So let’s look at SSCP vs CISSP.

CISSP definitely pays better, but that’s not to say SSCP doesn’t have merit.

Dave Farquhar

David Farquhar is a computer security professional, entrepreneur, and author. He has written professionally about computers since 1991, so he was writing about retro computers when they were still new. He has been working in IT professionally since 1994 and has specialized in vulnerability management since 2013. He holds Security+ and CISSP certifications. Today he blogs five times a week, mostly about retro computers and retro gaming covering the time period from 1975 to 2000.

dfarq.homeip.net

Pros and cons of RightTrack or SnapShot devices

Dave Farquhar security June 20, 2016November 26, 2018Charlie Miller, computer security, Debit card, insurance companies, insurance company, Jeep, turkey

Insurance companies are starting to offer discounts if you plug one of their devices, often called a RightTrack or SnapShot, into your car’s ODB2 port.

One of my college buddies asked me about them when his insurance company offered his family a 5% discount to plug these into their cars, and then make them eligible for up to another 25%. Those are compelling numbers. So what are the potential drawbacks?

Dave Farquhar

dfarq.homeip.net

Do I have enough CISSP work experience?

Dave Farquhar security June 15, 2016October 8, 2016antivirus, CERT, cissp, firewall, passwords, vulnerability

It seems like about once a month an aspiring coworker asks me how to get enough CISSP work experience. I think this shows a misunderstanding of the requirement, so I’m going to try to clear it up.

You don’t have to get your five years of work experience in one big lump. And that’s a good thing, because that would be hard to do. Sometimes you can get a security job without a cert and work your way toward it, but a lot of employers want you to come in with the certification already.

But that’s OK. As long as you’re doing something more than selling computers at retail, odds are you have some security experience that can count toward the requirement.

Dave Farquhar

dfarq.homeip.net

Catch up on Microsoft patching fast

Dave Farquhar security May 23, 2016April 24, 2017vulnerability, windows 7

Last week, Microsoft quietly released its convenience update pack for Windows 7, 8.1., and Server 2008R2. This is a great opportunity to catch up on Microsoft patching, as it incorporates all of Microsoft’s OS-level updates from the release of Service Pack 1 to April 2016.

Here’s how to use this to clear your corporation’s backlog of Microsoft patches. No, I haven’t seen your corporate network, but I’ll bet you have one.

Dave Farquhar

dfarq.homeip.net

Microsoft Security Essentials alerts – don’t call “Microsoft”

Dave Farquhar scams, security May 16, 2016August 22, 2017Fraud, Microsoft Security Essentials

Last Tuesday night my oldest son came into the room and told me he thought one of our computers was being hacked. So I kicked into incident response mode and walked into the other room to be greeted with a computer loudly telling me that Microsoft Security Essentials was unable to clean a virus and to immediately call Microsoft.

Instead I immediately shut down the computer. Here’s why.

Dave Farquhar

dfarq.homeip.net

Moving SSH off port 22 doesn’t do much for security

Dave Farquhar security May 12, 2016July 15, 2017SSH

A week or two ago, a stranger approached me with some advice about securing routers: move SSH off port 22.

Since arguing with strangers is what the Internet was apparently invented for, I’ll argue against the benefits of moving SSH off port 22.

Dave Farquhar

dfarq.homeip.net

My first blog post for Qualys

Dave Farquhar security May 11, 2016May 11, 2016vulnerability

A chance conversation with a Qualys customer a few weeks ago veered off topic really fast, but it led to another conversation, which caught a manager’s attention and led to my first blog post for them.

Dave Farquhar

dfarq.homeip.net

Find PHP malware in Linux

Dave Farquhar security April 12, 2016October 15, 2023ASCII, malware, PHP, unix

A lot of people seem to be looking for help cleaning up hacked or infected web sites lately, so here’s a trick I used in the past to find PHP malware in Linux and clean up the infected files.

Dave Farquhar

dfarq.homeip.net

Double-check your security with Qualys Browser Check

Dave Farquhar security April 8, 2016April 3, 2016firefox, psi, vulnerability

In the past, I’ve recommended Secunia PSI as a way to keep your systems up to date. I know from my own experience that it helps, but I also know it doesn’t work 100 percent of the time.

When it comes to security, nothing is more critical than making sure your updates are applying correctly. That’s where my employer comes in, with Qualys Browser Check.

Dave Farquhar

dfarq.homeip.net

Solve the Java problem

Dave Farquhar security March 25, 2016November 25, 2016JRE, vulnerability, Whitelist

I met with a client earlier this week who asked me to go over their vulnerability scans for a bit of a sanity check. He asked some important questions, but one in particular seems worth sharing. What can we do with Java? Can we solve the Java problem?

Dave Farquhar

dfarq.homeip.net