CISSP Fix

Hii..Fellas..

Don’t know how you all feel this season, but this is the season of excitement and enthusiasm. Heat of the joy melting ice around us. This year I am thinking in a different way (That doesn’t mean i am going to Alaska), I gave thought to the time we look in our pocket to do a certification. This year I tried to be little more smarter (usually I am). I look out for a Discounts and offers in various PrepKit providing Sites. After hours of surfing, I found a short, clear, and simple Offer. “First 100 customers only: Buy any 3 PrepKits for only 149.99″ . What I think? We all are lucky in festive season. Santa this year coming in different style. Grab the gift, he will not wait.

Windows 7 creating a buzz in the maket, so how this security domain left un-touched. I think working on a new pie creates more variant oppurtunities. I am trying giving new feathers in my cap.

Windows 7 includes a number of new features, such as advances in touch and handwriting recognition, support for virtual hard disks, improved performance on multi-core processors, improved boot performance, DirectAccess, and kernel improvements. Windows 7 adds support for systems using multiple heterogeneous graphics cards from different vendors, a new version of Windows Media Center, a Gadget for Windows Media Center, improved media features, the XPS Essentials Pack and Windows PowerShell being included, and a redesigned Calculator with multiline capabilities including Programmer and Statistics modes along with unit conversion. Many new items have been added to the Control Panel, including ClearType Text Tuner, Display Color Calibration Wizard, Gadgets, Recovery, Troubleshooting, Workspaces Center, Location and Other Sensors, Credential Manager, Biometric Devices, System Icons, and Display.

CISSP concentrations are fresh new air flowing around. This exam creating fuzz everywhere even into US Army.

This time i will focus on ISSMP i.e. Information Systems Security Management Professional. This concentration requires that a candidate demonstrate two years of professional experience in the area of management, considering it on a larger enterprise-wide security model. This concentration contains deeper managerial elements such as project management, risk management, setting up and delivering a security awareness program, and managing a Business Continuity Planning program. A CISSP-ISSMP establishes, presents, and governs information security policies and procedures that are supportive to overall business goals, rather than a drain on resources. Typically the CISSP-ISSMP certification holder or candidate will be responsible for constructing the framework of the information security department and define the means of supporting the group internally.

Hackers usually use social engineering to gain most of their knowledge. Social Engineering is the act of getting someone to tell you about sensitive information through trust. This unadulterated trust becomes a weakness for most companies.

Brute Force, Exploit and dictionary attacks are usually started through the use of software on the hacker’s computer. To avoid detection, the hacker’s may use proxies or zombie machines so that their location cannot be determined. This is just a small list of the different attacks hackers can use.

CISSP concentrations are fresh new air flowing around. This exam creating fuzz everywhere even into US Army.

This time i will focus on ISSAP i.e. Information Systems Security Architecture Professional. This concentration requires a candidate to demonstrate two years of professional experience in the area of architecture and is an appropriate credential for Chief Security Architects and Analysts who may typically work as independent consultants or in similar capacities. The architect plays a key role within the information security department with responsibilities that functionally fit between the C-suite and upper managerial level and the implementation of the security program. He/she would generally develop, design, or analyze the overall security plan. Although this role may typically be tied closely to technology this is not necessarily the case, and is fundamentally the consultative and analytical process of information security.

A demilitarized zone (DMZ) is a physical or logical sub-network that contains and exposes external services of an organization to a larger network, usually the Internet. The purpose of a DMZ is to add an additional layer of security to an organization’s Local Area Network (LAN); an external attacker only has access to equipment in the DMZ, rather than the whole of the network. Hosts in the DMZ have limited connectivity to specific hosts in the internal network, though communication with other hosts in the DMZ and to the external network is allowed. This allows hosts in the DMZ to provide services to both the internal and external network, while an intervening firewall controls the traffic between the DMZ servers and the internal network clients.

The IEEE 802.1X standard defines a method of authenticating and authorizing users to connect to an IEEE 802 LAN. It blocks users from accessing the network on the failure of authentication. IEEE 802.1X supports the Extensible Authentication Protocol-Transport Level Security (EAP-TLS) and Protected EAP-Microsoft Challenge Handshake Authentication Protocol version 2 (PEAP-MS-CHAP v2) protocols. In the IEEE802.1X authentication system, an access point receives a connection request from a wireless client and forwards the request to the RADIUS server. The RADIUS server then uses the Active Directory database to determine whether the client should be granted access to the network.