Tuesday, January 24, 2012

How secure is your password???

Microsoft offers a tool where you can type in your password to see how strong or weak it is
https://www.microsoft.com/security/pc-security/password-checker.aspx

So what is a strong password???
The strength of a password depends on the different types of characters that you use, the overall length of the password, and whether the password can be found in a dictionary. It should be 8 or more characters long.

Now keep in mind a password is only a single factor authentication. In super secure environments or depending on the level of sensitivity of the data being protected; a consideration is RSA Secure ID. This is a second factor of authentication.

So when I talk about tw0-factor authentication I'm referring to something you know (Password) something you have (Secure token) something you are (bio metric finger print) to add and additional factor (somewhere you are)

SPH
Posted by at No comments:

CISSP #367782

I finally got my certificate in the mail...After passing the CISSP test and being professionally endorsed, you still have to have you job history and experience audited.

  • Tested on Aug 14, 2011
  • Received email from isc2 - Passed exam Sept 13, 2011
  • Received email from isc2 - Endorsement received Sept 21, 2011
  • Received email from isc2 - All verification has been complete and can officaially use the credential. Oct 28, 2011
  • Received Certificate in mail :)
  • Jan 2012- Start working on my CPE

All for now.

SPH

Posted by at No comments:

Tuesday, October 18, 2011

CISSP


Finally took the test and passed on my first attempt.

I had been studying on an off for 2-3 years not realling focusing a specific domain just reviewing...My studying didn't really begin till around a month or 2 prior to having the test scheduled on Aug 14.

Here was my week prior to taking the test.

I attended the Training Camp 7 day CISSP prep course. This class was Mon-Sat 8am-5:30 pm and 7:00pm-9:00pm with study group after that 10:30pm ish and the test was on Sunday. The class was basically a review of the official ICS2 CISSP CBK Review (ISBN 978-1-4496-2216-9) the class was instructor led and was a great reinforcement of all 10 domains. All I can say is that it was a long week. I was away from work and family but tried to stay focused on passing the test.

On Saturday August 13th we had a half day, I spent some time at the driving range, trying to just not think "Security" That night I had a good dinner and reviewed the 10 domains. Went to sleep around 9:30. I surprisingly slept well.

On test day I had a good breakfast mostly fruit and oatmeal I walked into the test center around 8:00am ready to roll. Everyone that was taking the test was pretty much ready to get started around 8:40 (we had to show our ID's and test email that ISC2 sent us) We started at 8:47 MST... I quickly answered all the questions that I was sure of and marked the others that were requiring more thought. I really don't remember the amount of questions per domain but let me tell you that it was brutal. After I answered all the questions 4.5 hours had passed, I decied to start filling in the bubble sheet. OUCH my wrist was sore from filling in 200 dots on the scan-tron form. at this point I had about 1 hour left to make any changes, but I decided to just stick with my first answer because basically my brain was Jell-O. So I turned everything in to the test proctor.

After the test I felt sick, unsure, nervous, confused and tired for sure.

The days passed it suddenly was September and I was thinking "man my birthday next week" "I hope I have a reason to celebrate" On Sept 13th two days before my b-day I got a early present...An email from ICS2

Dear Steven Herrera:

Congratulations! We are pleased to inform you that you have passed the Certified Information Systems Security Professional (CISSP®) examination.

Wow what a relief...Out of the 21 students in my class only 6 of us passed.

All for now I need to work on my CPE's

~SPH

Posted by at No comments:

Tuesday, August 10, 2010

CISSP Domains

A non technical friend asked me what is the CISSP? And why have you been studying for so long.

Great question...In order to pass obtain the Certified Information Systems Security Professional (CISSP) certification you must have 5 years working in at least 2 of the 10 domains. You must score a 700 or greater on the exam (6 Hour limit) 250 questions. You must also comply with a strict code of conduct and ethics. After this is done you still need a current CISSP to sponsor and to verify your credentials.

10 Security Domains:
Access Control Systems and Methodology
Telecommunications and Network Security
Business Continuity Planning and Disaster Recovery Planning
Security Management Practices
Security Architecture and Models
Law, Investigation, and Ethics
Application and Systems Development Security
Cryptography
Computer Operations Security
Physical Security

SPH
Posted by at No comments:

Tuesday, April 20, 2010

Password Removal



Its been awhile...

I was recently asked to remove a password that was protecting a MS Excel spread sheet. I think what happened was someone an ex-employee of this organization put a password on all the documents he created so that if terminated all the work he done couldn't be accessed... But anyway. I ran "Brute Force" against the file and was able to decrypt the password in less than 2 seconds, not using Rainbow Tables. This is a service that I'm currently offering$

Anyway I'm still studying for the CISSP, I plan on testing late summer 2010.

So yeah, I'll keep in touch

Steven
Posted by at No comments:

Monday, December 21, 2009

Scareware and Rogue AV


Here is a link to Internet Crime Complaint Center, this article states that around $150 million is lost to Fake AV programs.

http://www.ic3.gov/media/2009/091211.aspx

I have users that pay the $39.99 to "Remove Threats" of course this never works and will continue to pop up warnings on your pc...One client even stated that the Rouge company sent a CD in the mail to install on another computer.

As always be safe

SPH
Posted by at No comments:

Thursday, November 19, 2009

Recent Infections


Over the past weeks I have seen and taken several calls and emails on Malware or Malicious software that installs on users computers. Most of this activity is cased by what is called a drive-by-download meaning that the user doesn't as for this is just gets installed by surfing the web.


So what is the best/cheapest way to remove Malware??? I suggest Malwarebytes
http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button

--
Here are a couple of the bad guys, they look legitimate. These malware programs are developed and designed to really trick the consumer into installing and even purchasing. One story is that a user purchased, downloaded, installed the malware and the company mailed them a CD for installation on another computer. Of course this software caused the computer to not load web pages, blocked access to Anti-Virus software companies, installed search assistant (browser hijacker) Not good.



All for now.
Steven
Posted by at No comments:
Subscribe to: Posts (Atom)