security Archives

Home » security » Page 59

How to pass CISSP: Test taking strategies

Dave Farquhar security February 26, 2012September 28, 2016cissp, isc, ISO, OSI, osi model

The CISSP is a 250-question, multiple-choice test. You have six hours to complete it. It’s not like any college final I ever took, though cramming all of finals week into a six-hour session is almost a fair comparison. If you’re wondering how to pass CISSP, I can’t guarantee my method, but I’m glad to share what worked for me.

Dave Farquhar

David Farquhar is a computer security professional, entrepreneur, and author. He started his career as a part-time computer technician in 1994, worked his way up to system administrator by 1997, and has specialized in vulnerability management since 2013. He invests in real estate on the side and his hobbies include O gauge trains, baseball cards, and retro computers and video games. A University of Missouri graduate, he holds CISSP and Security+ certifications. He lives in St. Louis with his family.

dfarq.homeip.net

How to study for CISSP

Dave Farquhar security February 25, 2012August 6, 2018CBK, christmas, cissp, isc, New Year, reference book, trenches

I got the letter this week. The one from (ISC)². If the first word is “congratulations,” it means you passed. But if the first two words are “thank you,” you didn’t. If you want the letter that says “congratulations” in your future, it helps to know how to study for CISSP. Here’s how I studied for mine. Hopefully it will help you. It’s a long road. But it’s doable.

Dave Farquhar

dfarq.homeip.net

Studying for a certification?

Dave Farquhar security February 8, 2012

Studying for a certification? Here’s a useful site: http://www.techterms.com/quiz/

They post a new tech term every day. You may not necessarily see questions just like them on any given certification, but they’ll help you keep your vocabulary current. Understanding the questions is more than half the battle.

Dave Farquhar

dfarq.homeip.net

Open-source licenses, the CISSP, and the real world

Dave Farquhar Copyright, security February 4, 2012July 14, 2017BSD, buffer overflow, cissp, cissp exam, debian, demonstration, firewall, project management, vulnerability

You may have a question about open-source licenses on your CISSP exam. I don’t remember the specifics and wouldn’t be able to repeat them anyway, but I had a question on my exam where knowing the differences was helpful in finding the right answer.

And I had to deal with an issue this past week involving open-source technologies where the licenses made a big difference.

Dave Farquhar

dfarq.homeip.net

CISSP melted my brain

Dave Farquhar security January 28, 2012December 5, 2015cissp, OSI, osi model, UDP

Five and a half hours ago, I turned in my test and departed the CISSP test site. It took me four hours to answer the nastiest 250 test questions I’ve ever seen in my life.

I felt better about it than the other guys milling around the lobby, but….

Dave Farquhar

dfarq.homeip.net

The contractor who built systems via P2P

Dave Farquhar security January 20, 2012January 23, 2022firewall, wi-fi

Today I was helping one of my coworkers study for the Security+ exam, and one of his study questions reminded me of a story.

I wrote a few days ago about spending some time in an unhealthy IT shop. One of my cohorts supported one of the departments that decided to outsource its IT to a contractor, rather than use the internal IT department. It was a form of shadow IT on a large scale. The hand-off didn’t exactly go as it should.

Dave Farquhar

dfarq.homeip.net

Don’t reuse your Zappos.com password

Dave Farquhar security January 16, 2012passwords, spam

Online shoestore Zappos.com got hacked. Among other things, the hackers got names, addresses, e-mail addresses, and encrypted passwords. That’s not as bad as getting unencrypted passwords, but there are some things you need to do immediately if you shop at Zappos.com.

Dave Farquhar

dfarq.homeip.net

The upside of the brave new Windows Server GUI-less world

Dave Farquhar security, Windows January 16, 2012turnkey, Turnkey Linux, unix, vulnerability, windows 2000, windows 8, Windows Server

So the server version of Windows 8 is losing the GUI. And some people aren’t happy about it.

Let’s talk about upside.
Read more

Dave Farquhar

dfarq.homeip.net

UEFI on ARM illustrates why we still have to watch Microsoft

Dave Farquhar security, Software January 14, 2012android, apple, Bill Gates, cisco, IOS, Steve Ballmer, UEFI

UEFI is a technology that forces a computer to only load a digitally signed operating system. This has some security benefits, as it makes parts of the operating system unbootable if they become infected, since the viruses won’t be digitally signed by a reputable vendor.

Great idea, right? From a security perspective, absolutely. The more attack vectors for viruses we can eliminate, the better off we’ll be. But Microsoft’s policy on ARM systems shows how it can be abused.

Dave Farquhar

dfarq.homeip.net

Disabling WPS by upgrading to DD-WRT

Dave Farquhar DD-WRT, security January 13, 2012August 14, 2016Broadcom, linksys, VLAN, wrt54g

Tom Gatermann told me he succeeded in disabling WPS by upgrading his Linksys router–I didn’t ask what model and probably shouldn’t post that anyway–with DD-WRT.

Explicitly disabling WPS in DD-WRT is unnecessary because DD-WRT doesn’t implement WPS at all–which is a good thing. There’s no setting to look for, it’s just automatic.

Dave Farquhar

dfarq.homeip.net