Sunday, January 31, 2010

CompTIA Makes it Official - No Recertification until 2011

CompTIA updated their renewal policy reversing their earlier statements.  You can read about it here.
http://www.comptia.org/certifications/listed/renewal.aspx

If you're certified now or certify sometime in 2010, your certification will be good for life just as it's been in the past.  However, if you get certified in A+, Network+, or Security+ on January 1, 2011 or later the certification will be good for three years from the date you get certified. 

Certifications that expire can be updated by earning continuing education credits.  Expect CompTIA to announce details of the continuing education program sometime before January 1, 2011.

Darril

Friday, January 29, 2010

CompTIA Backs Down

ARS Technica posted a good article titled CompTIA Backs Down.

Even though CompTIA hasn't officially posted a change to the new recertification policy apparently they are changing it.
  • If you certify in A+, Network+, or Security+ in 2010 (or previously), your certification is good for life.
  • If you certify in 2011, you'll need to recertify every three years.
If you want to get certified and keep it for life without requiring renewals, now's the time.

Darril Gibson
CompTIA Security+: Get Certified Get Ahead: SY0-201 Study Guide

Sunday, January 24, 2010

Hashing

When preparing for the CompTIA Security+ SY0-201 exam, you'll come across the following objective related to hashing:
5.2 Explain basic hashing concepts and map various algorithms to appropriate applications.
  • SHA
  • MD5
In short, a hash is a number created by applying an algorithm to a file or a message. The same hashing algorithm will always return the same hash (the same number) when applied to an unchanged file or message.  Hashing is used to verify integrity which is an important element of the security triad.

As an example, imagine that a message of  "Hello" needs to be sent.  Assume that the hashing algorithm calculates the hash as 1234.  Both the message and the hash is sent.

When the message is received, the hash is calculated on the received message.  This results in a hash of 1234 which is then compared to the original hash of 1234.  Since both hashes are the same, the message has not lost data integrity.

What if the message is changed?

Imagine that the message of "Hello" is sent with the hash of 1234.  However, the message is modified in transit and the received message is "Goodbye". 

The hash of "Goodbye" is 5678.  The hash of the received message (5678) is compared to the original hash (1234) and it's apparent the hashes are not the same.  The message has lost data integrity.

Applications can be used to calculate hashes and perform the comparisons automatically.  When the hashes don't match a message appears informing the user of loss of data integrity.

MD5 is a hashing algorithm that produces a 128 bit hash. SHA-1 is a hashing algorithm that produces a 160 bit hash.

Here's a practice question on hashing.

Good luck with your studies.

Darril Gibson

Friday, January 22, 2010

The Security Triad

When studying for the CompTIA SY0-201 exam, you'll come across three core concepts that are commonly referred to as the security triad.  They are:
  • Confidentiality. The goal of confidentiality is to prevent the unauthorized disclosure of information.
    This is accomplished by controlling access to resources and using encryption to protect the data when it's stored or when it's transferred over the network.
  • Integrity. The goal of Integrity is to verify that data has not been modified. Integrity is commonly enforced by controlling data to prevent it from being modified, and by using hashes.  Enforced by controlling data and using hashes.
  • Availability.  The goal of Availability is to ensure that data and services are available when needed. This includes using backups and using different types of redundancies. This blog talks about disk redundancies, but you can also have server redundancies (with failover clusters) and site reduandicies (hot site, warm site, cold site). 
You'll see confidentiality and integrity referenced with cryptography most often.  Confidentiality can be enforced with encryption and hashing is used to verify integrity.

Good luck with your studies.

Darril

CompTIA Security+: Get Certified Get Ahead: SY0-201 Study Guide

Monday, January 18, 2010

List of Security+ Blogs

I've posted close to 50 posts on Security+ topics so though it'd be worthwhile to list many of them to help you in your studies.

This blog lists some of the topics.  If you want to see a few practice test questions, check out this blog

Least Privilege
Mandatory Vacations
Separation of Duties
VOIP Risks
Vulnerability Assessments
CompTIA Makes it Official - No Recertification until 2011
Hashing
The Security Triad

CompTIA Security+: Get Certified Get Ahead: SY0-201 Study Guide

Promiscuous or non-promiscuous
Protocol Analyzers
Faraday cage
Symmetric vs Asymmetric
What's in a CRL
Identity proofing
RADIUS
Redundancy

CompTIA Security+: Get Certified Get Ahead: SY0-201 Study Guide

Phishing
Dumpster diving
Piggybacking or tailgating
Impersonation
Social engineering
Disk redundnacy using RAID
DoS and DDoS attacks
Well-known ports
Understanding ports
Biometrics used in authentication
Digital signatures
Use of virtualization in security

CompTIA Security+: Get Certified Get Ahead: SY0-201 Study Guide

Encryption basics
Qualitative risk assessment
Bluetooth concenrs
SSL, OCSP, vs CRL
Three factors of authentication
Quantitative risk assessments
Intrusion detection systems (HIDS and NIDS)

Good luck in your studies

Darril Gibson

List of practice questions

I've posted close to 50 posts on Security+ topics so thought it'd be worthwhile to list many of them to help you in your studies.

This blog lists the practice test questions I've written and posted.  If you want to view a list of Security+ topics I've posted, check out this blog.



Incident Response


 Good luck in your studies.

Darril Gibson

Just passed 70-647

OK, I realize it's not related to Security+, but I was happy to finally complete this exam.  I took it about an hour ago and just double-checked that this was my last exam needed for the MCITP Enterprise Administrator certification on Windows Server 2008.  Wooo Hooo!

Next up... Windows 7.

Darril

Friday, January 15, 2010

Will Your Security+ Certification Expire?

I posted a blog about CompTIA's new certification renewal policy and you may be wondering how it affects your Security+ certification.

Here are the basics:

If you certified with the older exam (SY0-101) available before July 31 2009, you will need to retake an exam by December 2011 to stay certified.

  • You can take the SY0-201 exam (100 questions, passing score 750, $258 US)
  • Or you can take the BR-001 bridge exam (50 questions, passing score 560, $190 US)
If you passed the SY0-201 exam, you can keep the certification valid by submitting continuing education credits.

  • The cost to submit the credits is $49. 
  • Details aren't finalized, but you can continuing education credits by attending training, blogging, teaching, writing, and more.  More details here.
  • If you passed the SY0-201 exam in 2009 (say in December 2009), you have until December 2011 to submit the credits.
  • If you passed the SY0-201 exam in 2010 or later, you have three years from the date of your exam.
Darril Gibson

Thursday, January 14, 2010

CompTIA Certification Renewal Policy

Update.
CompTIA has apparently changed their mind. Read about it in this CompTIA Backs Down article. In short, if you certify in 2010 or before, it's good for life, but requires recertification if you certify in 2011 or later.

* * *

CompTIA has modified their certification renewal policy and now setting expiration dates for some certifications.  This change affects the A+, Network+, and Security+ certifications but my focus in this blog entry is only on the Security+ certification.

In the past, CompTIA certifications have been granted for life. In other words, once you became Security+ certified, you remained Security+ certified. Based on this policy, certifications will only last for three years.

As background, the Security+ certification has had two versions:
  • SY0-101 was the original version and it could be taken up until July 2009
  • SY0-201 was released in late 2008 and the current version.
If you earned the original Security+ certification by taking the SY0-101 exam, your certification will expire December 31, 2011.  You must take an exam to retain the Security+ certification. You can take either the SY0-201 exam, or a shorter bridge exam (BR0-001).

If you earned the updated Security+ certification by taking the SY0-201 exam in 2008 or 2009, your certification will expire December 31, 2011. You can retain the Security+ certification through enrollment and participation in a continuing education program which hasn't been defined yet.

If you earned the updated Security+ certification by taking the SY0-201 in 2010 or later, your certification will expire three years from the date it was awarded. You can retain the Security+ certification through enrollment and participation in a continuing education program which hasn't been defined yet.

You can read the details from CompTIA's site here:
http://www.comptia.org/certifications/listed/renewal.aspx

Darril Gibson

Friday, January 1, 2010

Promiscuous or non-promiscuous

A previous blog entry talked about protocol analyzers. When using protocol analyzers you should be aware of the two modes of a protocol analyzer. They are promiscuous and non-promiscuous.

  • Non-promiscuous. In non-promiscuous mode, the protocol analyzer can only capture traffic addressed to the system (including broadcasts), or coming from the system.  In other words, it can't capture unicast traffic between two other hosts.
  • Promiscuous. In pomiscuous mode, the protocol analyzer can capture any and all traffic that reaches it's NIC.  Attackers would use a protocol analyzer in promiscuous mode.
Wireshark is a protocol analyzer that you can download for free and will work in both promiscuous mode and non-promiscuous mode.

As a side note, you should know that when a protocol analyzer is operating in promiscuous mode, it gives telltale signs on the network. Don't just start running it on a live network without permissions.

I remember teaching a Security+ class at a college once. One of the students was in the Army and had admnistrative privileges on his system.  The next day he downloaded Wireshark, installed it, and began sniffing the network.  Within about 15 minutes security administrators were at his desk looking over his shoulder asking what he was doing.  Thankfully, you can't get fired from the Army very easily but the same may not be true at your job. 

Good luck in your studies.

Darril Gibson