Wednesday, December 28, 2011

Do You Use Wikipedia

Do you use Wikipedia? I do and I love it. So much so that I've donated to them to help them keep providing the service that I value so much. I really like the style of the articles and the way that authors police themselves to prevent problems. It's a great resource and awesome that it's free.

Jimmy Wales (Wikipedia Founder) sent me the following email and asked me to send it out to others. Here it is:



Dear Darril,

Here's how the Wikipedia fundraiser works: Every year we raise just the funds that we need, and then we stop.

Because you and so many other Wikipedia readers donated over the past weeks, we are very close to raising our goal for this year by December 31 -- but we're not quite there yet.

You've already done your part this year. Thank you so much. But you can help
us again by forwarding this email to a friend who you know relies on Wikipedia and asking that person to help us reach our goal today by clicking here and making a donation.

If everyone reading this email forwarded it to just one friend, we think that would be enough to let us end the fundraiser today.

Of course, we wouldn't turn you down if you wanted to make a second donation or a monthly gift.

Google might have close to a million servers. Yahoo has something like 13,000 staff. We have 679 servers and 95 staff.

Wikipedia is the #5 site on the web and serves 470 million different people every month – with billions of page views.

Commerce is fine. Advertising is not evil. But it doesn't belong here. Not in Wikipedia. Wikipedia is something special. It is like a library or a public park. It is like a temple for the mind. It is a place we can all go to think, to learn, to share our knowledge with others.

When I founded Wikipedia, I could have made it into a for-profit company with advertising, but I decided to do something different. We’ve worked hard over the years to keep it lean and tight. We fulfill our mission, and leave waste to others.

Thanks again for your support this year. Please help spread the word by forwarding this email to someone you know.

Thanks,

Jimmy Wales

Wikipedia Founder



If you can afford to share some of your wealth, I encourage you to consider sharing some of it with the people at Wikipedia. We all benefit.

Tuesday, December 27, 2011

Security+ Practice Test Questions for Your Mobile Phone

Study Security+ From Your Mobile Device

CompTIA Security+ (SY0-301) practice test questions and flash cards are now available for your mobile devices. The content was written by Darril Gibson and includes:
  • Over 170 Flashcards
  • Over 275 Interactive Study questions with detailed explanations
  • Organized in seven practice tests based on Security+ objectives
This CompTIA Security+ SY0-301 mobile app includes relevant flashcards, interactive study questions and timed mock exams. Versions are available for your iPhone, iPad, Android phones, and Android tablets. Check it out here:
If you've been studying for this exam and want to test your readiness, this app is for you. This is the only app currently on the market for the SY0-301 exam where every question includes the explanation for the correct choice, and also explains why the other choices are incorrect. Use it to ensure you pass the exam the first time you take it.


If you're looking for a full study guide on the SY0-301 Security+ exam
that will help you pass it the first time you take it, check out this book.
CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide
Sample Reviewer Comment
"I took the exam today and passed with an 874/900. This book gave me all I needed to pass and there wasn't anything that wasn't familiar. "




Mobile App Features

Practice test questions and flashcards are organized in six topics, with a topic dedicated to each of the Security+ domains:

1) Network Security
2) Compliance and Operational Security
3) Threats and Vulnerabilities
4) Application, Data and Host Security
5) Access Control and Identity Management
6) Cryptography

Comments from reviewers on mobile app:

"The app does go through the most current CompTIA objectives. I recommend this app to all CompTIA Security+ candidates."
by ramzsmith
"The flash cards and practice test were very useful. This is a good investment for anyone looking to get certified. Thanks......"
by AARON IRVING

Monday, December 26, 2011

Identification, Authentication, and Authorization

If you're studying for one of the security certifications like CISSP, SSCP, or Security+ it's important to understand the difference between identification, authentication, and authentication. These concepts are intertwined, but have specific differences. When looking at these topics, especially for the SSCP and CISSP exams, it's important to understand the differences between subjects and objects.
  • Subject. A subject is the active entity that accesses an object. For example, when a user accesses a file, the user is the subject. Other subjects include programs, processes, and any entity that can access a resource.
  • Object. An object is a passive entity that is being accessed by a subject. For example, when a user accesses a file, the file is the object. Other objects include databases, computers, printers, or any other resource that can be accessed by a subject.


Pass the Security+ exam the first time you take it.
CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide




Identification

Identification occurs when a user (or any subject) claims or professes an identity. This can be accomplished with a username, a process ID, a smart card, or anything else that can uniquely identify a subject. Security systems use this identity when determining if a subject can access an object.


Looking for quality Practice Test Questions for the SY0-301 Security+ exam?
CompTIA Security+: Get Certified Get Ahead- SY0-301 Practice Test Questions




Authentication

Authentication is the process of proving an identity and it occurs when subjects provide appropriate credentials to prove their identity. For example, when a user provides the correct password with a username, the password proves that the user is the owner of the username. In short, the authentication provides proof of a claimed identity.

There are several methods of authentication that I'll cover in another post, but in short they are:
  • Something you know, such as a password or PIN
  • Something you have, such as a smart card, CAC, PIV, or RSA token
  • Something you are, using biometrics


Studying SSCP?
This book covers the new objectives effective Feb 1, 2012.
SSCP Systems Security Certified Practitioner All-in-One Exam Guide




Authorization

Once a user is identified and authenticated, they can be granted authorization based on their proven identity. It's important to point out that you can't have separate authorization without identification and authentication. In other words, if everyone logs on with the same account you can grant access to resources for everyone, or block access to resources for everyone. If everyone uses the same account, you can't differentiate between users. However, when users have been authenticated with different user accounts, they can be granted access to different resources based on their identity.

In summary, it's important to understand the differences between identification, authentication, and authorization when studying for security exams such as the Security+, SSCP, or CISSP exams. Identification occurs when a subject claims an identity (such as with a username) and authorization occurs when a subject proves their identity (such as with a password). Once the subject has a proven identity, authorization techniques can grant or block access to objects based on their proven identities.

Wednesday, December 21, 2011

Single Sign-On (SSO) and Federated Identity Management

If you're studying for one of the security certifications such as CISSP, SSCP, or Security+ it's important to understand single sign-on (SSO) concepts and federated access.

SSO refers to the ability of a user to log on or access multiple systems by providing credentials only once. It enhances security by requiring users to use and remember only one set of credentials for authentication. Once signed on using SSO, this one set of credentials is used throughout a user’s entire session.


Pass the Security+ exam the first time you take it.
CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide

Kerberos

Kerberos is an authentication protocol commonly used to help support SSO in many networks. When users authenticate, a Key Distribution Center (KDC) issues the user an encrypted time-stamped ticket-granting ticket (TGT). The TGT is cached on the user's system and normally has a lifetime of 10 hours but can be renewed. Kerberos uses symmetric cryptography to encrypt tickets and in most current implementations it uses Advanced Encryption Standard (AES). The KDC is also referred to as an authentication server (AS) or sometimes as a Kerberos authentication server (KAS).

When the user later wants to access a resource such as a file on a server, the user's system submits the TGT with a request to access the resource. The KDC validates the TGT and sends the user a ticket (sometimes called a service ticket) for the resource. The user's system then submits this ticket to the host of the resource (in this case the file server) with a request to access the resource. The host checks with the KDC to ensure that the ticket is valid and if so, allows access as long as the user is authorized.

Kerberos requires all systems to be time synchronized and the default in version 5 is for all systems to be within five minutes of each other. If a system is more than five minutes off, the KDC won't issue a TGT or any other tickets, effectively blocking all non-anonymous access on a network. It uses a database of credentials to authenticate users and uses port 88 by default.
A drawback with Kerberos is that it represents a single point of failure. If the KDC fails, all authentication stops. Additionally, if the KDC is compromised, all credentials are compromised.

Studying SSCP?
This book covers the new objectives effective Feb 1, 2012.
SSCP Systems Security Certified Practitioner All-in-One Exam Guide

Federated Identity Management

Identity management refers to the management of user identities and their credentials. For example, usernames and passwords are stored in a database that can be accessed by Kerberos to authenticate users. Users claim an identity and prove their identity by authenticating, such as with a password. In federated identity management, organizations join a group of organizations called a federation. All the organizations within the federation agree on a method to share identities between the organizations.
Once the federation is configured, users are able to log on one time within their organization and then access resources in other organizations without logging on again. This is usually transparent to the user.

As an example, I have worked in an organization where we logged on with smart cards. We had access to training sites hosted by other organizations but part of a federated identity management system. All we had to do was access the web site using a web browser, and our credentials were automatically recognized without requiring us to take any additional steps.

In summary, SSO methods can increase security by reducing the number of passwords users must remember. Federated access allows an organization to share identities between different organizations in a common group, or federation of organizations.

Friday, December 9, 2011

Free Security+ Books from Amazon Prime

Two Security+ books are now available through the Kindle lending library, a new feature of Amazon Prime. If you have any version of a Kindle and Amazon Prime, you can check out any available book for free for a month. Books for both the SY0-201 and SY0-301 Security+ exams are available to check out.

Two Security+ Books Available

The following two Security+ books are a part of this program so you can checkout either one without charge.
While Amazon has created Kindle applications to run on just about any platform, the lending library doesn't currently work with these applications. I really don't know if they plan to add it later or not. However, if you don't have a Kindle, you can still get these two books for only $9.99 using one of these free applications.

These Security+ books are also available in paperback versions.

Amazon Prime Benefits

I've had Amazon Prime for quite a while and have been very happy with it. It costs $79 annually but you can try it out for a free one month trial. It has the following benefits:
  • Free two-day shipping on products shipped from Amazon
  • Instant streaming of movies and TV shows
  • Instant access to thousands of books

Kindle Versions

There are several versions of Kindles available and for reading books, I've been very happy with it. I have an iPad but don't find it as easy to read books from the iPad as the Kindle.

Also, I recently purchased the new Kindle Fire and have been impressed with it too. It works very similar to the iPad. I don't think it'll be an iPad killer but it has a lot of similar functionality and has great potential.

If you're studying for the Security+ exam and you have a Kindle and Amazon Prime, be sure to check out the new lending library. If you don't have these though, you can still get some good quality Security+ study materials. Best of luck in your studies.

Sunday, November 27, 2011

Security+ Practice Test Question Hardware Device

Here's a practice test question for anyone planning on taking the SY0-301 Security+ exam.

Security+ Practice Test Question

Your organization has an existing server and you want to add a hardware device to provide encryption capabilities. What is the easiest way to accomplish this?

A. TPM
B. HSM
C. DLP
D. IaaS

Answer below:

If you're looking for a Study Guide on the SY0-301 exam that can help you take and pass the Security+ exam the first time you take it, check out the CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide. It covers 100 percent of the CompTIA Security+ SY0-301 objectives using real-world examples of security principles in action to help you master the important concepts. It also includes over 450 realistic practice questions with in-depth explanations. You'll know why the correct answer is correct, why the incorrect answers are incorrect, and be able to pass this exam the first time you take it.
If you think you're ready for the exam, but just want some realistic practice questions to test your readiness, check out this book instead: CompTIA Security+: Get Certified Get Ahead- SY0-301 Practice Test Questions. It includes 275 practice test questions with in-depth explanations and is available for only $9.99 on the Kindle.

Answer

Your organization has an existing server and you want to add a hardware device to provide encryption capabilities. What is the easiest way to accomplish this?

A. TPM
B. HSM
C. DLP
D. IaaS

The correct answer is B.

A hardware security module (HSM) is a hardware device you can add to a server to provide encryption capabilities.

A Trusted Platform Module (TPM) is a chip embedded into a motherboard that also provides hardware encryption, but you can’t easily add a TPM to an existing server.

A Data Loss Prevention (DLP) device can reduce the risk of employees e-mailing confidential information outside the organization.

Organizations use Infrastructure as a Service (IaaS) to rent access to hardware such as servers via the cloud to limit their hardware footprint and personnel costs.

TPM, HSM, and DLP are covered in depth in Chapter 5 of CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide. IaaS and other cloud computing topics are covered in Chapter 4. Also you may like to check out this blog on TPMs and HSMs.

Thursday, November 10, 2011

SY0-301 Security+ Study Guide Released

The CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide is released! This is an update to the top-selling SY0-201 Security+ study guide, which helped thousands of readers pass the Security+ exam the first time they took it. Here are a few highlights about the book:
  • 100 percent coverage of SY0-301 objectives
  • Over 450 realistic practice test questions
  • 100 question pre-test
  • 100 question post-test
  • Practice questions in each of the eleven chapters
  • Comprehensive acronym list
All practice test questions have in-depth explanations. You'll know why the correct answers are correct, and why the incorrect answers are incorrect. Additionally, the chapter content explains the topics in full detail. No matter how CompTIA words the questions, you'll have the knowledge to correctly answer them.

Picture yourself taking the Security+ exam and seeing the results “You passed.” You can do it and this book can help.

40% Discount For A Limited Time

As a favor to the many people that have shown so much interest in this update, I’m making it available at a reduced introductory price. For a short introductory period, I'm offering the book with a special discount of 40% off. That's a whopping $14.80 off the list price of $36.99.

  • Order here now
  • Enter discount code XQY3HAAG when you check out for the 40% off discount
Why am I offering such a steep discount? I’d like to get this book into as many people’s hands as soon as possible. While there is certainly no obligation, I’m hoping some of you take the time to provide comments on the book. Readers just like you posted comments on the SY0-201 Study Guide Amazon page to let others know about the book value. It may be your review that 54 out of 54 people find helpful.

A Quick FAQ List

I can hear a couple of questions coming so here are some quick answers:

Q. Will the book be available on Amazon?
A. Yes. I expect it to be on Amazon within two weeks.

Q. Is the 40% discount available on Amazon?
A. No. Amazon controls their discounts. As an example, the CompTIA Security+: Get Certified Get Ahead- SY0-301 Practice Test Questions book was published on September 15, 2011 and as of today, they still have not reduced the price.

Q. How long will the 40% discount be available?
A. I plan to replace it with a 25% discount in 30 days.

Q. Is a Kindle version coming out?
A. Yes. The process takes a little while, but I expect to have the Kindle version out within 60 days. I'm not sure of the pricing at this moment.

Instructors

If you're an instructor, check out this page http://getcertifiedgetahead.com/instructor-resources.aspx Many instructors in the United States and in at least two other countries used the CompTIA Security+: Get Certified Get Ahead: SY0-201 Study Guide to help their students pass the Security+ exam the first time they took it. You can help your students pass the SY0-301 Security+ exam the first time they take it too.

Darril Gibson

Thursday, November 3, 2011

Security+ SY0-301 Practice Test Questions

If you’re planning on taking the SY0-301 Security+ exam, you might like to hear about a new book that just came out. It includes over 275 realistic practice test questions with in-depth explanations for only $9.99. It's called CompTIA Security+: Get Certified Get Ahead:SY0-301 Practice Test Questions and you can get it here:

You can download free Kindle applications for just about any device from here.

You may know that I've been updating my CompTIA Security+: Get Certified Get Ahead: SY0-201 Study Guide to the SY0-301 version. I've completed the rewrite. Unfortunately, the process to get it to print is lengthy and it has a couple more phases to go through before it makes it to print. At this point, I’m thinking it’ll be out in October, but much of it is out of my hands. The ISBN is 1463762364 but it isn’t on Amazon yet either.

However, I continue to get queries about the update and I know many people want to take the new exam. Because of this, I copied 275 practice test questions from the new book and created the Kindle book. I’m able to control 100 percent of the process with the Kindle, so I knew I could get it to published quickly.

Update on SY0-301 Practice Test Questions Book

Several people asked if the the Practice Test Question book can come out as a hard copy book. It took a little work, but CompTIA Security+: Get Certified Get Ahead: SY0-301 Practice Test Questions is now available on Amazon.
You can also get it from here: https://www.createspace.com/3687639. Enter JXCRTNUT for 25% off.
Get Certified Get Ahead SY0-301 Practice Test Questions

Answers to a Few FAQs

I continue to get queries about the SY0-201 and SY0-301 exam. Here's a few answers that may help you too.

Can you still take the SY0-201 version?
Yes. You can still take the SY0-201 version until December 31, 2011. The CompTIA Security+: Get Certified Get Ahead: SY0-201 Study Guide is still helping many people take and pass this exam.

Do employers care which version you take?
No. Employers want to know that you are certified. I don’t know of any employer that cares which version you have (SY0-201 or SY0-301).

Is the SY0-301 version harder than the SY0-201 version?
This is a tough question to answer. It's different. It includes concepts that are newer because security topics continue to evolve. Since writing the first SY0-201 book, I've written several other security books, and contributed to a couple more. I tech edited a CISSP book, and I am in the final phase of a SSCP book based on the new objectives for the SSCP exam. Because of this, I've already been exposed to many of these topics so I was able to easily pass the exam when I took it (though I did miss a question).

Will I see questions on the SY0-201 exam that aren’t covered in the SY0-201 book?
Yes. CompTIA seeds the exam with beta questions but the beta questions are not graded. As an example, the SY0-201 objectives do not include any topics on cloud computing, yet many people report seeing questions on cloud computing. You'll probably see the same thing in three years when CompTIA releases the SY0-401 version.

Some Information on the Full SY0-301 Book

CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide is an update to my top-selling SY0-201 guide, which helped thousands of readers pass the exam the first time they
took it.

The SY0-301 version covers every aspect of the SY0-301 exam, and includes the same elements readers raved about in the previous version. Each of the eleven chapters presents topics in an easy to understand manner and includes real-world examples of security principles in action. I use many of the same analogies and explanations I’ve honed in the classroom that have helped
hundreds of students master the Security+ content. You’ll understand the important and relevant security topics for the Security+ exam, without being overloaded with unnecessary details. Additionally, each chapter includes a comprehensive review section to help you focus on what’s important.

You’ll have over 450 realistic practice test questions with in-depth explanations to help you test your comprehension and readiness for the exam. It includes a 100 question pre-test, a 100 question post-test, and practice test questions at the end of every chapter. Each practice test question includes a detailed explanation to help you understand the content and the reasoning behind the question. You’ll be ready to take and pass the exam the first time you take it.

If you plan to pursue any of the advanced security certifications, this guide will also help you lay a solid foundation of security knowledge. Learn this material, and you’ll be a step ahead for
other exams. This SY0-301 study guide is for any IT or security professional interested in advancing in their field, and a must read for anyone striving to master the basics of IT systems security.
However, if you can't wait for the study guide to be published, or you just want some realistic practice test questions with in-depth explanations, check out the CompTIA Security+:Get Certified Get Ahead:SY0-301 Practice Test Questions Kindle book.

You can also check out a SY0-301 Security+ blog here, and the GetCertifiedGetAhead.com site for more certification releated information.

Sunday, January 23, 2011

Audio Files Now Available

Several readers have recommended that we create audio files for key portions of the CompTIA Security+ Get Certified and Get Ahead Study Guide and we have recently done so.

UPDATE:  Audio Files now available for the SY0-301 Exam also.
We've worked with professional voice actor Nate Collins to produce top quality MP3 files that you can listen to, and supplement your studies.  These files include:
  • All of the Remember blocks from each chapter
    Listen to key exam information as many times as you like
  • All of the questions, answers, and explanations from each of the chapters
    Reinforce why the correct answers are correct and why the incorrect answers are incorrect
Over 170 MB of MP3 files.
  • 10 separate Remember files
    One for each chapter
  • 10 separate question and answer files
    One for each chapter
Only $9.99 for all the files and available with just a few clicks.