+ Reply to Thread
Page 2 of 3 First 12 3 Last
Results 26 to 50 of 73
  1. Johan Hiemstra Forum Admin Webmaster's Avatar
    Join Date
    Jun 2002
    Location
    52n31, 6e06
    Posts
    10,383
    Blog Entries
    3

    Certifications
    MCSE NT4 MCSA 2000/2003 Security+ (expired: CWNA, CNA, CCNA)
    #26
    Holiday... you're right, I should, and I 'will' go this year. I got all the remaining Security+ TechNotes in draft, so you can expect lots more this month, including updates of some other by now older Sec+ notes. This is mainly why I haven't added much material to the site lately. Because of the overlap and weird order of CompTIA's objectives for this exam I found it's more efficient to write them all in draft to get a better overview of what should be in the individual online notes. It may look fast but it's actually a very slow process of writing, researching, editing and rewriting.

    This next one was originally supposed to become a paragraph in the 'Attacks TechNotes', but ended up large enough to be a separate article:

    Spoofing
    Covers spoofing attacks such as IP spoofing, ARP spoofing, and spoofing websites.

    I hope you like it!

    Thanks,
    Johan
    Reply With Quote Quote  

  2. SS -->
  3. Johan Hiemstra Forum Admin Webmaster's Avatar
    Join Date
    Jun 2002
    Location
    52n31, 6e06
    Posts
    10,383
    Blog Entries
    3

    Certifications
    MCSE NT4 MCSA 2000/2003 Security+ (expired: CWNA, CNA, CCNA)
    #27
    The following article is combination of two different sections in the Security+ TechNotes PDF, first half is an updated version of the Username/Password paragraph in the Authentication TechNotes, the second half is from the Attacks chapter. I've combined them for an article for in the CertTimes this month. Since the text is not available in the current list of online TechNotes yet, you can use the following link to go directly to the article:

    http://www.techexams.net/technotes/s...asswords.shtml

    It covers these exam objectives:

    DOMAIN 1.0: General Security Concepts

    1.2 Recognize and be able to differentiate and explain the following methods of authentication
    - Username / Password

    1.4 Recognize the following attacks and specify the appropriate actions to take to mitigate vulnerability and risk
    - Password Guessing
    - - Brute Force
    - - Dictionary
    Reply With Quote Quote  

  4. Johan Hiemstra Forum Admin Webmaster's Avatar
    Join Date
    Jun 2002
    Location
    52n31, 6e06
    Posts
    10,383
    Blog Entries
    3

    Certifications
    MCSE NT4 MCSA 2000/2003 Security+ (expired: CWNA, CNA, CCNA)
    #28

    Default Software Exploitation

    The following is another section from the Attacks TechNotes/chapter. I'll remove this post once I finished the entire Attacks chapter and put that one online instead.

    [Edit: added to Attack TechNotes]
    Reply With Quote Quote  

  5. Senior Member
    Join Date
    Oct 2004
    Posts
    301

    Certifications
    Net+, Security+, MCSA (Server 2012 R2)
    #29
    Awesome, I'll be sure to check out the technotes before I do the exam.
    I got the second CD of the CBT nuggets to watch then study a 700 page book.

    Will be doing it at the end of July.
    Reply With Quote Quote  

  6. Johan Hiemstra Forum Admin Webmaster's Avatar
    Join Date
    Jun 2002
    Location
    52n31, 6e06
    Posts
    10,383
    Blog Entries
    3

    Certifications
    MCSE NT4 MCSA 2000/2003 Security+ (expired: CWNA, CNA, CCNA)
    #30

    Default Weak Keys

    Following is another section from the Attack TechNotes/chapter:

    ************************************************** ******
    [Edit: added to Attack TechNotes]
    Reply With Quote Quote  

  7. Johan Hiemstra Forum Admin Webmaster's Avatar
    Join Date
    Jun 2002
    Location
    52n31, 6e06
    Posts
    10,383
    Blog Entries
    3

    Certifications
    MCSE NT4 MCSA 2000/2003 Security+ (expired: CWNA, CNA, CCNA)
    #31

    Default Back doors

    This is a paragraph in the Attacks chapter covering the Back door item from the following exam objective. Some info was already covered in the Trojan Horses section of the Malicious Code TechNotes.

    1.4 Recognize the following attacks and specify the appropriate actions to take to mitigate vulnerability and risk
    • Back Door


    ************************************************** *******
    [Edit: added to Attack TechNotes]
    ************************************************** *******

    I'm almost done with the Attacks TechNotes, which in addition to the ones posted in this topic will also include Mathmathical, Birthday, Man in the Middle, TCP Hijacking, and Replay attacks, as listed in the exam objectives.
    Reply With Quote Quote  

  8. Johan Hiemstra Forum Admin Webmaster's Avatar
    Join Date
    Jun 2002
    Location
    52n31, 6e06
    Posts
    10,383
    Blog Entries
    3

    Certifications
    MCSE NT4 MCSA 2000/2003 Security+ (expired: CWNA, CNA, CCNA)
    #32
    I just uploaded some new Security+ TechNotes:

    http://www.techexams.net/technotes/s...security.shtml
    Covers physical security aspects such as physical barriers, access controls, environmental security, shielding, and fire suppression.

    Not one of my specialties... I hope you like it though!
    Reply With Quote Quote  

  9. Senior Member
    Join Date
    Oct 2004
    Posts
    301

    Certifications
    Net+, Security+, MCSA (Server 2012 R2)
    #33
    Awesomeness, I ended up scheduling my security+ exam on September 2nd since I'm quite busy with working for money so I can goto school.

    I will definitally go through these before I go for the exam, I might reschedule to an earlier exam date if I feel I'm absorbing the knowledge faster.

    Good work on the technotes webmaster
    Reply With Quote Quote  

  10. Junior Member
    Join Date
    Mar 2005
    Location
    Central British Columbia, Canada
    Posts
    4

    Certifications
    A+, Network+, Security+, MCP, MCSA - one more exam for MCSE!!
    #34

    Default Thanks for all the TechNotes!

    Hey Johan, thanks for your time and effort to help those of us following up behind you. I have found your TechNotes to be well written and more enjoyable reading then the format of most of the books I have gone through to date for all the exams I have written. Keep it up, I know I for one appreciate it!
    Reply With Quote Quote  

  11. Senior Member
    Join Date
    Oct 2004
    Posts
    301

    Certifications
    Net+, Security+, MCSA (Server 2012 R2)
    #35
    Hey Webmaster.

    Just wanted to say, I read up to Malicious code on your technotes for security+ For a majority of the notes, I thought it was awesome. When comparing it to the syngress book, I get a easier understanding from your notes from the syngress book.

    This might be because it's my first time around learning security. Anyways, I'll continue to read them while I'm at work

    Keep up the good work!

    Oh yeah, I had problems understanding the wireless security part in the Syngress book and even the CBT nuggets. It's a bit wierd for me because it seems like they use things later on that you learn.
    Reply With Quote Quote  

  12. Johan Hiemstra Forum Admin Webmaster's Avatar
    Join Date
    Jun 2002
    Location
    52n31, 6e06
    Posts
    10,383
    Blog Entries
    3

    Certifications
    MCSE NT4 MCSA 2000/2003 Security+ (expired: CWNA, CNA, CCNA)
    #36
    Thanks for the kind words spfdz

    Quote Originally Posted by spfdz
    Oh yeah, I had problems understanding the wireless security part in the Syngress book and even the CBT Nuggets. It's a bit wierd for me because it seems like they use things later on that you learn.
    That's one of the challenges I'm facing too with writing the TechNotes. Take for example symmetric, asymmetric, and hashing algorithms. You need to know the basic idea of these before you can understand how SSL works, while they're listed later in the exam objectives. The eventual PDF will cover the exam objectives in a very different order than the exam objectives, a better order imo. I.e. the PDF will start with the Risk Identification TechNotes... Unfortunately, I'm not able to give an ETA for the next online notes as I haven't been able to do much work at home lately due to certain circumstances. I do expect to have some new Security+ TechNotes ready before your date with the exam though.
    Reply With Quote Quote  

  13. Senior Member
    Join Date
    Oct 2004
    Posts
    301

    Certifications
    Net+, Security+, MCSA (Server 2012 R2)
    #37
    Quote Originally Posted by Webmaster
    Thanks for the kind words spfdz

    Quote Originally Posted by spfdz
    Oh yeah, I had problems understanding the wireless security part in the Syngress book and even the CBT Nuggets. It's a bit wierd for me because it seems like they use things later on that you learn.
    That's one of the challenges I'm facing too with writing the TechNotes. Take for example symmetric, asymmetric, and hashing algorithms. You need to know the basic idea of these before you can understand how SSL works, while they're listed later in the exam objectives. The eventual PDF will cover the exam objectives in a very different order than the exam objectives, a better order imo. I.e. the PDF will start with the Risk Identification TechNotes... Unfortunately, I'm not able to give an ETA for the next online notes as I haven't been able to do much work at home lately due to certain circumstances. I do expect to have some new Security+ TechNotes ready before your date with the exam though.
    Awesome. I'm looking forward to them
    No rush though. Quality is time

    Now that I've gone through a book, CBT nuggets, and half of LearnKey CBT's. It's not so hard.
    Reply With Quote Quote  

  14. Johan Hiemstra Forum Admin Webmaster's Avatar
    Join Date
    Jun 2002
    Location
    52n31, 6e06
    Posts
    10,383
    Blog Entries
    3

    Certifications
    MCSE NT4 MCSA 2000/2003 Security+ (expired: CWNA, CNA, CCNA)
    #38
    Just finished and uploaded some new TechNotes covering the following exam objectives:

    5.7 Understand and be able to explain the following concepts of risk identification

    - Asset Identification
    - Vulnerabilities
    - Threat Identification
    - Risk Assessment

    http://www.techexams.net/technotes/s...fication.shtml

    Not a very long one, but like the exam objective says, you only need to understand the basic idea.

    btw, there's no need to memorize the formulas in these TechNotes, but is is important to understand the basic concepts and terms. I didn't include an example because of that, let me know if you think I should anyway.

    Johan
    Reply With Quote Quote  

  15. Senior Member
    Join Date
    Oct 2004
    Posts
    301

    Certifications
    Net+, Security+, MCSA (Server 2012 R2)
    #39
    Awesome, I'll check these out this weekend. I'm up to IDS on the technotes now. I been busy with work and also reading the syngress guide.

    I'll let ya know how it goes.
    Reply With Quote Quote  

  16. Johan Hiemstra Forum Admin Webmaster's Avatar
    Join Date
    Jun 2002
    Location
    52n31, 6e06
    Posts
    10,383
    Blog Entries
    3

    Certifications
    MCSE NT4 MCSA 2000/2003 Security+ (expired: CWNA, CNA, CCNA)
    #40
    I finished the remaining attacks for the Attacks TechNotes, which is now online:

    http://www.techexams.net/technotes/s.../attacks.shtml

    It covers the following exam objectives:

    1.4 Recognize the following attacks and specify the appropriate actions to take to mitigate vulnerability and risk.

    - Back Door
    - Man in the Middle
    - Replay
    - TCP/IP Hijacking
    - Weak Keys
    - Mathematical
    - Birthday
    - Password Guessing
    -- Brute Force
    -- Dictionary
    - Software Exploitation

    (DOS / DDOS, Spoofing, and Social Engineering attacks, also part of exam objective 1.4, are covered in separate TechNotes.)
    Reply With Quote Quote  

  17. Johan Hiemstra Forum Admin Webmaster's Avatar
    Join Date
    Jun 2002
    Location
    52n31, 6e06
    Posts
    10,383
    Blog Entries
    3

    Certifications
    MCSE NT4 MCSA 2000/2003 Security+ (expired: CWNA, CNA, CCNA)
    #41
    I added new Security+ TechNotes, probably the longest I've wrote so far:

    Internet Security

    It covers all of the following exam objectives for the Security+ exam:

    2.3 Recognize and under stand the administration of the following Internet security concepts

    - SSL / TLS (Secure Sockets Layer / Transport Layer Security)
    - HTTP/S (Hypertext Transfer Protocol over Secure Sockets Layer)
    - Instant Messaging
    -- Vulnerabilities
    -- Packet Sniffing
    -- Privacy
    - Vulnerabilities
    -- Java Script
    -- ActiveX
    -- Buffer Overflows
    -- Cookies
    -- Signed Applets
    -- CGI (Common Gateway Interface)

    2.5 Recognize and understand the administration of the following file transfer protocols and concepts
    - S/FTP (File Transfer Protocol)
    - Blind FTP (File Transfer Protocol) / Anonymous

    3.3 Understand the concepts behind the following kinds of Security Topologies
    -- Security Zones
    -- Intranet
    -- Extranet

    Have fun reading and let me know if you have any comments/suggestions

    Johan
    Reply With Quote Quote  

  18. Johan Hiemstra Forum Admin Webmaster's Avatar
    Join Date
    Jun 2002
    Location
    52n31, 6e06
    Posts
    10,383
    Blog Entries
    3

    Certifications
    MCSE NT4 MCSA 2000/2003 Security+ (expired: CWNA, CNA, CCNA)
    #42
    I'm closing in on the end... here's another one covering the following forensics related exam objectives:

    5.6 Understand the concepts of the following topics of forensics

    - Chain of Custody
    - Preservation of Evidence
    - Collection of Evidence

    http://www.techexams.net/technotes/s...orensics.shtml

    Happy reading
    Reply With Quote Quote  

  19. Where's Waldo Finalist
    Join Date
    Aug 2004
    Posts
    641

    Certifications
    I used to care what this said.
    #43

    Default when an incident occurs

    Johan,

    I havent read all of your sec+ docs but i did read the one just posted on forensics. So the info im suggesting may have been covered elsewhere.

    I just wanted to note from my studies and taking the exam that there were several things to do when an intrusion occurs:

    1. make notes/pics of whats on the screen
    2. disconnect the network cable, do not turn off the computer that could lose valuable evidence
    3. do not allow personal into the server room except incident response teams
    4. when making copies of the data be sure and check hashes to ensure that the information was copied exactly as it was on the compriy mised machine.
    5. check your incident response policy on what all should be done

    i seem to remember a question or 2 on my exam and the above data plus what you wrote should have been sufficient.

    If anyone notices any errors in my suggestions plus dont be shy to correct me.

    Anyway keep up the good work, in no time this guide will be as useful as your Net+ (which was more than sufficient to pass with)

    seuss
    Reply With Quote Quote  

  20. Johan Hiemstra Forum Admin Webmaster's Avatar
    Join Date
    Jun 2002
    Location
    52n31, 6e06
    Posts
    10,383
    Blog Entries
    3

    Certifications
    MCSE NT4 MCSA 2000/2003 Security+ (expired: CWNA, CNA, CCNA)
    #44

    Default Re: when an incident occurs

    Quote Originally Posted by seuss_ssues
    I havent read all of your sec+ docs but i did read the one just posted on forensics. So the info im suggesting may have been covered elsewhere.
    Not covered elsewhere, but 1,2,4, and 5 you mentioned are in the Forensics TechNotes you just read. On a side note, none of my TechNotes are based on existing Security+ study material. Although point 3 is a good point, I don't see any reason to add it to my take on forensics for the Security+ exam.

    Thanks for the comments/suggestions though!

    [Edit]Changed my mind on your suggestion, I'll add something about establishing a secure perimeter. Thanks again.[/edit]
    Reply With Quote Quote  

  21. Johan Hiemstra Forum Admin Webmaster's Avatar
    Join Date
    Jun 2002
    Location
    52n31, 6e06
    Posts
    10,383
    Blog Entries
    3

    Certifications
    MCSE NT4 MCSA 2000/2003 Security+ (expired: CWNA, CNA, CCNA)
    #45
    Added some more TechNotes for the Security+ exam:

    Network and Storage Media

    It covers the following exam objectives:

    3.2 Understand the security concerns for the following types of media
    - Coaxial Cable
    - UTP / STP (Unshielded Twisted Pair / Shielded Twisted Pair)
    - Fiber Optic Cable
    - Removable Media
    - - Tape
    - - CD-R (Recordable Compact Disks)
    - - Hard Drives
    - - Diskettes
    - - Flashcards
    - - Smartcards
    Reply With Quote Quote  

  22. Security Tinkerer
    Join Date
    Sep 2004
    Location
    I'm conviced, we all live in the Matrix.
    Posts
    1,228

    Certifications
    CISSP,,CCSP,CNSS-4013+4011,MCT MCSA2K3,CWNA MCSE2K3:Sec LPT ECSA CEH CHFI,CCNA CS-CFW, CCIE-Sec/Written, etc..
    #46
    Yeah I don't think I've ever seen anyone as dedicated to something as Johan is to this site and helping the people here.
    Reply With Quote Quote  

  23. Johan Hiemstra Forum Admin Webmaster's Avatar
    Join Date
    Jun 2002
    Location
    52n31, 6e06
    Posts
    10,383
    Blog Entries
    3

    Certifications
    MCSE NT4 MCSA 2000/2003 Security+ (expired: CWNA, CNA, CCNA)
    #47
    Thanks Keatron Your help behind the scenes is definitely a good motivator!
    Reply With Quote Quote  

  24. Johan Hiemstra Forum Admin Webmaster's Avatar
    Join Date
    Jun 2002
    Location
    52n31, 6e06
    Posts
    10,383
    Blog Entries
    3

    Certifications
    MCSE NT4 MCSA 2000/2003 Security+ (expired: CWNA, CNA, CCNA)
    #48
    Here are some more new TechNotes:

    Network Devices

    It covers a whole bunch of exam objectives:

    3.1 Understand security concerns and concepts of the following types of devices
    - Firewalls
    - Routers
    - Switches
    - Telecom / PBX (Private Branch Exchange)
    - Network Monitoring / Diagnostics
    - Mobile Devices

    3.3 Understand the concepts behind the following kinds of Security Topologies
    - Security Zones
    - DMZ (Demilitarized Zone)
    - VLANs (Virtual Local Area Network)
    - NAT (Network Address Translation)

    3.5 Understand the following concepts of Security Baselines, be able to explain what a Security Baseline is, and understand the implementation and configuration of each kind of system.
    - Network Hardening
    - - Updates (Firmware)
    - - Configuration
    - - - Enabling and Disabling Services and Protocols
    - - - Access Control Lists



    The following is a list of remaining TechNotes for this exam. I wrote most of it already, 'just' need to write it out completely and do some editing and fact-checking.

    - Privilege management
    - Remote Access Technologies (Radius, tacacs, l2tp, pptp, etc)
    - OS and application hardening
    - Basics of Cryptography
    - PKI and Key Management
    - Disaster Recovery and Business Continuity
    - Security Policies and Procedures
    - Education and Training
    - Documentation

    I'm pretty sure I will have the free PDF and the SE version available within a month or two.
    Reply With Quote Quote  

  25. Member
    Join Date
    Nov 2004
    Location
    Central Illinois
    Posts
    61

    Certifications
    A+, Network+, Security+
    #49

    Default How's the pdf and SE coming along?

    How's the pdf and SE coming along? A coworker and I are finally getting our stuff together and are deciding which exams to take next. Your net+ SE helped me so much, that I think we may try sec+ before starting on the MS track.
    Reply With Quote Quote  

  26. Johan Hiemstra Forum Admin Webmaster's Avatar
    Join Date
    Jun 2002
    Location
    52n31, 6e06
    Posts
    10,383
    Blog Entries
    3

    Certifications
    MCSE NT4 MCSA 2000/2003 Security+ (expired: CWNA, CNA, CCNA)
    #50
    Sorry for the delayed answer, I didn't notice your reply before.

    I put them away for while to get a fresh approach, and to write for some other exams, but I actually started on finishing the remaining TechNotes today, and I hope to finish them all before the end of this month, maybe a week or two later. The SE should follow a couple of weeks after that. Don't pin me down on it though... Although it does contribute to maintaining the site, the SE does not have a very high priority in my daily schedule because 'selling' study material is not our core business. Also, we are also considering to do a very 'special' special edition, which can influence the ETA. More on that soon.

    I expect to have the Remote Access Technologies TechNotes online before the end of this week, and after that I'm going to try to release new TechNotes very frequently because as I mentioned earlier, I already done the bulk work for the remaining TechNotes. The last 10% (making sure it covers most of everything, proofreading, editing, formatting, converting to PDF, writing the questions for the SE, etc) takes longer than 10% of the total amount of time I spent on this.

    Thanks for asking, and thank for your patience everyone
    Reply With Quote Quote  

+ Reply to Thread
Page 2 of 3 First 12 3 Last

Social Networking & Bookmarks