1. “router # configure terminal
router (config)# interface fa 0/0
router (config-if)# ip address 172.16.5.1 255.255.255.0
router (config-if)#interface serial 1/0
router (config-if)#ip address 172.16.6.1 255.255.255.0″

2. “router # configure terminal
router (config)# interface fa 0/0
router (config-if)# ip address 172.16.64.1 255.255.248.0
router (config-if)#interface serial 0/0
router (config-if)#ip address 172.16.80.1 255.255.248.0″

3. “router # configure terminal
router (config)# interface fa 0/1
router (config-if)# ip address 172.16.64.1 255.255.240.0
router (config-if)#interface serial 0/0
router (config-if)#ip address 172.16.80.1 255.255.240.0″

4. “router # configure terminal
router (config)# interface fa 0/1
router (config-if)# ip address 172.16.5.1 255.255.240.0
router (config-if)#interface serial 0/0
router (config-if)#ip address 172.16.6.1 255.255.240.0″

5. “router # configure terminal
router (config)# interface fa 0/1
router (config-if)# ip address 172.16.80.1 255.255.240.0
router (config-if)#interface serial 0/0
router (config-if)#ip address 172.16.96.1 255.255.240.0″
The correct answer is 3.

This class B address with 4 subnet bits will have a mask of /20 or 255.255.240.0. The 5th subnet has subnet bits 0100 in the 3rd octet; the 6th subnet has subnet bits 0101 in the 3rd octet. The first host has host bits 0000 00000001 in the 3rd and 4th octet. When concatenated the bits for the FastEthernet are 01000000 00000001 or 64.1 decimal; for the Serial interface the bits are 01010000 00000001 or 80.1 decimal.

Getting Social

Interop debuted its Community Hub among the socially savvy located in the Expo Hall. Aimed at social media types, even the novice tweeter found a ton of valuable info in sessions titled “Building a Global Support Network Using Social Media” and, my favorite, InformationWeek’s “So You Want To Be a Social Influencer.” They even had a space where a video crew could capture your Interop experience. I’ve seen some of those elements used at Cisco Live, but it was nice seeing a tradeshow address the social media needs of its exhibitors and attendees beyond just creating a show #hashtag.

The Main Attraction

Cisco Systems CTO Padmasree Warrior is the main attraction wherever she speaks. Well, except at Cisco Live when her colleagues schedule her opposite William Shatner, John Cleese, and the MythBusters. Sorry, Padma. But at Interop she was the feature presentation. Even with Avaya’s Marc Randall and VMware’s Steve Herrod on the keynote schedule, Padmasree’s only true competition was the cast of Dreamworks Animation’s Madagascar 3. More about that later. What I love best about Padmasree’s keynotes are her slides. Her “Cisco Cloud Strategy” slide in particular offered up how Cisco tailors solutions for building clouds, connecting users to the cloud, and assisting customers with deploying cloud services. Her “Evolution of the Network” slide showed how our networks of tomorrow will have to be prepared for unified workspaces, knowledge clouds, and immersive applications. Another slide detailed how in 2010 there were about two connected devices per person. By 2020, that number will skyrocket to 50 billion total or 6.58 devices per human. I’m gonna have to invest in a pair of cargo pants for sure.

The Silver Lining

Looking over the Interop schedule before the conference, the cloud keynote panel didn’t get my attention. It was stuck between the keynote by VMware CTO Steve Herrod on the software-defined data center and the aforementioned Dreamworks preview. So who could blame me for missing it, right? So as I waited for the Dreamworks show to start, Ellen Rubin took the stage. She’s the VP of Cloud Products for Terremark and is a very compelling speaker. “The hybrid cloud is here to stay because customers want to manage applications in both private and public cloud infrastructures,” she said. My ears perked up. When Rackspace CTO John Engates piped in, as did Steve Shalita of NetScout Systems, I was glad I had stumbled upon the discussion. We could all learn a bit more about the ever-changing cloud landscape. According to the cloud panel, transporting data between numerous cloud providers is a concern for businesses transitioning their IT infrastructures. Moving essential applications to the cloud is a bigger one.

Cloud Computing Gets Animated

HP’s collaboration presentation with Dreamworks Animation SKG was impressive. While a lot of cloud discussions focus on solving the problems of scale and virtualization in the data center, HP shed light on cloud computing as a service and connecting users, like say digital artists across the globe, with needed applications. Dreamworks, the filmmakers behind the Shrek franchise, Kung Fu Panda, and Chicken Run, previewed two 3D clips of the upcoming summer blockbuster Madagascar 3 during the keynote. Just imagine a room full of hundreds of tech geeks in 3D glasses watching a cartoon. It looked great on Mandalay Bay’s theater-quality screens. With the help of HP’s cloud and networking technology, Dreamworks can now produce five feature films every two years. Using HP’s SwitchCloud to store and distribute files, Dreamworks has reduced its dependency on local storage and reduced bandwidth issues. With studios in California and Bangalore, India, Dreamworks digital artists can now work on any project, no matter their location. But it’s not easy. Each film has a ton of data associated with it. Making that data accessible at all times has been easier with HP’s help.

He’s Got Game

I love playing Words with Friends by Zynga on Facebook, even on a plane. So when I saw that Zynga’s CTO Allan Leinwand was speaking, I made sure to add that to my Interop to-do list. Despite overly cute slides in Farmville style, Leinwand discussed Zynga’s transformation from a traditional IT infrastructure to a hybrid cloud solution Zynga calls zCloud. With the addition of data centers on both US coasts, Zynga gamers went from playing 80% on Amazon’s Elastic Compute Cloud to 20%. Leinwand explained that Zynga’s decision to go to a hybrid cloud model was simple: more control. Now if I could just find someone to milk my cow in Farmville when I’m on the road.

Related Post
What Happens at Interop…

As before, there are no actual pre-requisite requirements to be qualified to take the exam. However, CompTIA recommends having A+ certification and nine months of computer network related experience. So, what has changed? In a domain comparison between the new N10-005 exam and the previous N10-004 exam official certification exam objectives as published by CompTIA, I discovered a handful of changes to highlight in this post.

Fewer Domains

The N10-004 exam divided the exam into six targeted topical areas called domains. The new N10-005 exam has five domains, although only three domain names are the same.

As you can see, the percentage of the exam related to the various topics has not really shifted much. However, some people will see the increase in Network Security from 11% to 19% as an indication that the focus on security has significantly increased on Network+. I don’t think this the case. In fact, security has been an integral part of networking for decades, and this was reflected in all previous versions of Network+. The latest revision of this exam simply reorganized all the disparate security material under the security domain.

Don’t stress over this chart, the number of domains, or even the percentage of the exam covered by each domain. In reality, the exam presents questions to you in a random order. While the test is a flat test (as opposed to adaptive), you receive questions randomly pulled from the test pool. Then those questions are randomly ordered #1 — #100. You must approach each question on its own merits, with no knowledge of which domain it belongs to. You should always consider each question in light of the entire collection of Network+ material, not just a single domain. Now, let’s review the updated content for the latest Network+ exam.

Domain 1: Network Concepts

Domain Name System (DNS) records (A, MX, AAAA, CNAME, PTR) (Sub-objective of 1.7)

Five common DNS resource records (RR) are now specifically mentioned in the exam objectives where just generic DNS, DNS ports, DNS server, and wrong DNS were mentioned previously.

Identify Virtual Network Components (Objective 1.9)

If any objective in N10-005 could be labeled as new, this is the most likely candidate. N10-004 did not include the word virtual or cloud. N10-005 does not include the word cloud either, but the sub-objective of Network as a Service (NaaS) is a specific type of cloud computing service.

Domain 2: Network Installation and Configuration

Mismatched Maximum Transmission Unit (MTU/MUT) Black Hole (Sub-objective of 2.5)

MTU is the largest packet size allowed on a segment (MUT is a misspelling or alternate phrasing of MTU). If there is a mismatch between two devices’ interfaces (router, firewall, proxy, etc.) on the same segment, the traffic can be dropped (i.e., black-holed). This does not typically occur on current networks as modern devices support the same MTU for their supported protocols, and there is no practical or benign need to reduce the MTU.

Bad Modules Small Form-factor Pluggable (SFPs), GigaBit Interface Converter (GBICs) (Sub-objective of 2.5)

SFP and GBIC are Cisco hardware components known generically as transceivers. They provide a hot-swappable media interface between various cable types and networking devices. Generally, if a module is bad, you replace it.

Domain 3: Network Media and Topologies

T1 Crossover (Sub-objective of 3.1)

In the rare circumstance where you must directly link two Channel Service Unit/Data Service Unit (CSU/DSU) devices, a T1 crossover cable would be used. This cable is similar in nature to the Ethernet crossover cable used to connect two hubs, two switches, or two PCs directly together.

Synchronous Digital Hierarchy (SDH) (Sub-objective of 3.4)

SDH, which is nearly identical to SONET, is a fiber optic-based multiplexing technology supporting numerous high-speed connections or channels.

Dense Wavelength Division Multiplexing (DWDM) (Sub-objective of 3.4)

DWDM is a multiplexing technology that places multiple signals, connections, or channels on a single fiber optic cable, each using a different wavelength of light. Of note, this item was on the acronym list of N10-004.

Long-Term Evolution (LTE) and Evolved High Speed Packet Access (HSPA+) (Sub-objectives of 3.4)

LTE is the current name for the IEEE 802.20 standard and is a competitor to the WiMax or IEEE 802.16 concept. LTE is a wireless communications standard that is currently being used as the next advance in mobile phone technology. HSPA+ is an enhancement of the Wideband Code Division Multiple Access (WCDMA) 3G wireless technology which has the potential to offer data speeds similar to that of LTE.

Passive Optical Network (PON) (Sub-objectives of 3.4)

PON is the use of fiber optic cable to the premises. It uses unpowered optical splitters to serve multiple locations simultaneously (such as end-users).

Domain 4: Network Management

Common Address Redundancy Protocol (CARP) (Sub-objective of 4.6)

CARP allows for a set of IP addresses to be shared by a group of hosts on the same subnet. This is to support failover redundancy and is commonly supported by firewalls, proxies, and routers. CARP is a public domain version of Cisco’s proprietary Hot Standby Router Protocol (HSRP) that performs the same function.

Domain 5: Network Security

Independent Computing Architecture (ICA) (Sub-objective of 5.2)

ICA is a Citrix solution to support thin-client or terminal services such as remote control or remote access capabilities. This and other remote access/remote desktop/thin-client concepts were present in N10-004 materials and discussions as well.

Evil Twin (Sub-objective of 5.4)

Evil Twin is a wireless attack tool that will automatically duplicate the identity of a trusted wireless network. Each time the interface is turned back on, it will seek out known networks and attempt to reconnect. The reconnect request includes the original Station Set Identifier (SSID) and base station Media Access Controller (MAC) address. The Evil Twin attack tool captures these reconnect requests and replies with a spoofed identity of the known network.

Nessus and Nmap (Sub-objective of 5.6)

Nessus is an open source vulnerability scanner that has a commercial version known as Tenable Network Security. Nmap is a free network mapper, port scanner, network discovery, and OS/service identification tool crafted by hacker-extraordinaire Fyodor. Both are excellent tools for evaluating a network’s functionality and vulnerabilities as a user, administrator, penetration tester, or criminal.

A Few Final Items

If you have already studied for the N10-004 exam, and you are not comfortable taking a small risk in taking the N10-005 exam, you can still take the 2009 version of Network+ until August 1, 2012. At that time, the N10-004 version of Network+ will be fully retired. If you are already approaching that deadline, either bite the bullet and take the exam or obtain updated preparation material and fine-tune your knowledge for the N10-005 exam.

Please visit www.comptia.org. Here you will see CompTIA’s summary of the exam and can download the official CompTIA Network+ N10-005 Certification Exam Objectives. Take the time to read over each and every item listed on the exam objectives. This will help you grasp how much you may already know and how much you will need to learn in order to be properly prepared to have a positive outcome on the latest revision of CompTIA’s Network+ exam.

Excerpted and available for download from Global Knowledge: Network+ 2011 Exam N10-005 Updates

Related Post
The CompTIA/Cisco Roadmap

Related Courses
Network+ Prep Course
A+ Certification Prep Course

I recently delivered a Managing Across the Lifecycle class to a group of students in Northern California. The Managing Across the Lifecycle class is presently the capstone class in the ITIL certification program. When students have secured enough credits in the ITIL certification scheme, complete the Managing Across the Lifecycle class, and successfully pass the exam that’s given in conjunction with the class, they earn the ITIL Expert credential.

Earning ITIL Expert is a significant accomplishment. When people earn the ITIL Expert credential they are usually either positioning themselves for better opportunities with their current employer, or they are positioning themselves to compete with others in the open job market for higher-level service management positions. In either case, the ITIL Expert credential is definitely something that gets the attention of hiring managers in organizations that value ITIL.

There’s one minor problem though. Simply earning the ITIL Expert credential does not mean that the person is adequately prepared for a job interview leading to an ITIL Expert-level position. Someone that holds ITIL Expert might get the job interview, but once in the interview they might not be able to make a compelling case as to why they’re more valuable than any other candidate.

This is exactly why when I deliver the Managing Across the Lifecycle class, I treat it more like a job interview than a traditional training session. Once students have completed enough ITIL classes and exams to qualify them for Managing Across the Lifecycle, they most likely have the theoretical understanding of ITIL necessary to be ITIL Experts. Sometimes what they lack is the ability to make use of that theoretical understanding to solve real problems in organizations. That’s how I see the Managing Across the Lifecycle class, and because of that, I take a scenario-oriented approach to the class that is both similar to what they might experience on the exam and similar to what they might expect in a job interview.

As I was delivering this Managing Across the Lifecycle class, once of the students asked, “what type of interview questions would be asked of someone applying for an ITIL Expert-level job?” That’s an excellent question that I will address in this post and a series of posts to follow this one.

In most cases, someone applying for a service management job, at any level, should expect to participate in a behavioral event interview. A behavioral event interview is a job interview that seeks to determine an applicant’s suitability for a job by assessing their past experiences, competencies, and performance. In other words, the interviewer (or interview panel) will ask the applicant to describe situations where they used specific capabilities or behaviors relevant to the job. Typically, the applicant that makes the best case that their prior behaviors are in line with what the interviewer is seeking will be offered the job.

Notably, ITIL Intermediate and Managing Across the Lifecycle exam questions are very situational and are somewhat similar to the types of questions that might be asked in a behavioral event interview for a service management role.

The good news is being good at behavioral event interviews is a skill that can and should be learned and practiced. Over the next several weeks, I will post a series that gives sample questions that applicants might expect in a behavioral event interview for service management roles from foundation-level to expert.

Which of the following BEST describes a Problem?

1. An interruption to normal service
2. The unknown underlying cause of one or more incidents
3. A proposed modification to an IT service
4. A formal project to improve a service

The correct answer is 2.

Problems are the unknown, underlying causes cause of one or more Incidents.

Related Courses
ITIL Foundation
ITIL Service Catalog

Data Center Specialist Certifications

Cisco Data Center Application Services Design Specialist

The Cisco Data Center Application Services Design Specialist certification validates an individual’s presales knowledge of selecting and integrating Cisco Data Center Application Services products to design a highly scalable, efficient, and high performance Data Center Application Services solution based on Cisco’s Data Center Architecture. Cisco Data Center Networking Application Services Design Specialist Professionals understand how to utilize and employ the features and benefits of the Cisco Application Control Engine Services Module and Appliance, the Cisco Global Site Selector and the Cisco Application Network Manager to create a scalable high performance Data Center design.

Prerequisite: Valid CCDA certification, or any CCIE certfication.

Required Cisco Exam: 642–972 DCASD

Cisco Data Center Application Services Support Specialist

The Cisco Data Center Application Services Support Specialist certification validates an individual’s post-sales knowledge of implementing, integrating, troubleshooting, and maintaining Cisco Data Center Application Services products in a highly scalable, efficient, and high-performance Data Center Application Services solution-based on Cisco’s Data Center Architecture.

Prerequisite: Valid CCNA certification, or any CCIE certfication.

Required Cisco Exam: 642–975 DCASI

Cisco Data Center Networking Infrastructure Design Specialist

The Cisco Data Center Networking Infrastructure Design Specialist certification, validates an individual’s knowledge of selecting and integrating Cisco Data Center products to design a highly scalable, efficient, and high performing Data Center networking solution based on Cisco Data Center Architecture.

Prerequisite: Valid CCDA certification, or any CCIE certfication.

Required Cisco Exam: 642–991 DCUFD

Cisco Data Center Networking Infrastructure Support Specialist

The Cisco Data Center Networking Infrastructure Support Specialist validates an individual’s knowledge of installing, configuring, and troubleshooting Cisco Data Center products to maintain a highly scalable, efficient, high performing Data Center Networking environment.

Cisco Data Center Networking Infrastructure Support Specialist professionals understand how to deploy and optimize the features and benefits of the Cisco Catalyst 6500 Series Switches, Cisco 4948 Switches, and Cisco Catalyst Blade Switches to provide fast and accurate resolution to network installation and customer service issues.

Prerequisite: Valid CCNP certification, or any CCIE certfication.

Required Cisco Exams: 642–973 DCNI or 642–974 DCNIS-2

Cisco Data Center Storage Networking Support Specialist

The Cisco Data Center Storage Networking Support Specialist certification validates an individual’s knowledge of installing, configuring, and troubleshooting Cisco storage products to maintain a highly scalable, efficient, high-performing storage networking environment. Cisco Data Center Storage Networking Support Specialists understand how to deploy and optimize the features and benefits of the Cisco MDS 9000 Series Multilayer Directors and Switches, Cisco MDS 9509 Director Switch, Cisco 9216 Fabric Switch, and Cisco MDS 9120 products to provide fast and accurate resolution to network installation and customer service issues.

Prerequisite: None

Required Cisco Exam: 642–359 ICSNS

Cisco Data Center Unified Computing Design Specialist

The Cisco Data Center Unified Design Computing Design Specialist validates an engineer’s ability to design scalable, reliable, and intelligent Data Center Virtualization solutions based on the Cisco Unified Computing System (UCS) along with other Cisco Data Center products, server virtualization software and server operating systems.

Prerequisite: Pass the VMware Certified Professional exam (VCP3 or VCP4 from VMware). In addition to the VMware requirement candidates must also meet one of the following criteria:

Option 1: Valid Cisco Certifications in both DCSNS and DCNID

— OR —

Fast Start Option 2: Valid Cisco CCDA certification and passing DCUCD Qualifier Exam 642–978

Required Cisco Exam: 642–993 DCUCD

Cisco Data Center Unified Computing Support Specialist

The Cisco Data Center Unified Computing Support Specialist is designed to test students’ knowledge of the fundamentals of the Cisco UCS and their ability to implement a virtualized Data Center environment. In addition the student also tests on how to implement the Cisco UCS in an enterprise data center routing and switching infrastructure with the next-generation Cisco Nexus product family.

Prerequisite: Pass the VMware Certified Professional exam (VCP3 or VCP4 from VMware). In addition to the VMware requirement candidates must also meet one of the following criteria:

Option 1: Valid Cisco Certifications in both ICSNS and DCNIS

— OR —

Fast Start Option 2: Valid Cisco CCNA certification and passing DCUCI Qualifier Exam 642–979

Required Cisco Exam: 642–993 DCUCI

Cisco Data Center Storage Networking Design Specialist

The Cisco Data Center Storage Networking Design Specialist certification validates an individual’s knowledge of selecting and integrating Cisco storage products to design a highly scalable, efficient, high-performing storage networking solution based on converged architecture. Cisco Data Center Storage Networking Design Specialist professionals understand how to utilize and employ the features and benefits of the Cisco MDS 9000 Series Multilayer Directors and Switches, Cisco MDS 9509 Director Switch, Cisco 9216 Fabric Switch, and Cisco MDS 9120 products to create a high availability storage network design.

Prerequisite: None

Required Cisco Exam: 642–357 DCSNS

Related Courses
Cisco Certifications

Cloud computing is a new business model powered by new technologies. It’s an on-demand, self-service, “pay as you go” model for access to hosting infrastructure (networks, servers, storage, operating systems, applications, support, administration). Cloud providers deliver infrastructure, platforms and applications as a service.

With Cloud Computing the business pays only for what it uses. Compared to traditional models, Cloud can deliver five– to ten-fold improvements in costs and time to market (although 20% is more realistic). Pay-as-you-go eliminates over– and under-provisioning capacity. Over-provisioning wastes money. It also reduces funds available– for other investments. Under-provisioning increases time to value and can result in lost revenue as customer experience degrades. Automated capacity management is built into the Cloud. Adding or removing infrastructure quickly in response to demand offers agility and cost effectiveness traditional IT cannot match. A Cloud has five essential characteristics, three service models, and four deployment models. Each has its pros and cons. Cloud can reduce the time, money, and the number of people it takes to build and deploy applications and related hosting infrastructure. Yet Cloud is not always the right solution.

WHAT YOU NEED TO KNOW

Five key feature characteristics define the Cloud.

1. On-demand self-service to infrastructure, platforms and applications delivered by a “pay-as-you-go” model based on usage.
2. Broad access through mobile phones, tablets, laptops, and workstations.
3. Resource pooling and automation to combine resources into managed services.
4. Rapid elasticity that scales automatically and quickly with demand.
5. Measured service with usage monitored, controlled, and reported.

 Three Cloud service models define decreasing levels of control.

1. Infrastructure as a Service (IaaS) provides network, server, storage, and middleware that IT uses to deploy and run their own operating systems and applications. IT has control only over operating systems and applications. IT can configure storage and some network configurations. IaaS is used to create platforms for service and application development, test, and deployment.
2. Platform as a Service (PaaS) provides application hosting and development tools. Developers create and deploy their applications into Cloud infrastructures. Developers control only their applications and some operating system configurations. PaaS is used to create and deploy applications and services for users.
3. Software as a Service (SaaS) provides pre-built applications, typically available via web browser. Consumers control only application configuration settings. SaaS is used to complete business tasks.

 Four Cloud deployment models describe Cloud ownership and usage.

1. Private Cloud: infrastructure dedicated to a single organization. The organization or a provider owns and operates it. It may be on– or off-premises.
2. Community Cloud: infrastructure shared by a group of organizations with similar needs. One or more of the organizations or a provider owns and operates it. It may be on– or off-premises.
3. Public Cloud: infrastructure for shared public use. It is owned, operated, and hosted by a service provider.
4. Hybrid Cloud: combines services from two or more different Cloud models.

In the next post I’ll talk about what you need to do in order to decide whether or not Cloud is the right option for you and how to integrate it into your business model.

• Communication Security
• Cryptography
• IDS/IPS/IDP
• Logging and Monitoring
• Penetration Testing
• Remote Access

Communication Security

Communication security protects the pathways across which voice and data traverse. The goals of communication security include prevention of eavesdropping to protect confidentiality, assurances of integrity, and the maintenance of availability of the connection itself. All communication channels, whether between devices on the same network, across a VPN, over a remote connection, or wirelessly over radio waves, must be protected. A significant portion of communication security requires appropriate encryption. Encryption is used to protect the data itself while in storage and transit and provide a digital means of authentication. Without proper security, communication is subject to interception, manipulation, or denial of service. Communication security also includes planning for protection, as new technologies and data flow patterns are incorporated into the workplace.

Cryptography

Cryptography is the science of obfuscation and is used to protect data while in transit or in storage. Data encryption includes three common sub-divisions: symmetric ciphers, asymmetric ciphers, and hashing. Symmetric cryptography is used for bulk data encryption, protecting information while in transit or in storage. Asymmetric cryptography is used to prove the identity of endpoints (e.g., digital signatures), or provide secure symmetric key exchange (e.g., digital envelopes). Hashing is used to detect alterations or verify integrity of communications and stored data.

IDS/IPS/IDP

Intrusion Detection Systems (IDS) are designed to notify administrators of suspect activities in the computing environment. Intrusion Prevention Systems (IPS) detect suspect activities and alter the environment in attempt to thwart those activities. New Intrusion Detection and Prevention (IDP) solutions can perform deep packet inspection on cloud traffic. These tools supplement the security provided by firewalls, proxies, malicious code scanners, and other typical security mechanisms. IDS/IPS/IDP may be able to detect violations based on pattern matching, anomaly detection, and behavior analysis. However, these tools require expertise for proper deployment, configuration, and tuning.

Logging and Monitoring

Logging and monitoring, in addition to auditing, are essential parts of keeping track of all of the events that occur within an organization’s infrastructure. Each and every piece of equipment that can record a log file should be configured to do so, especially firewalls, proxies, DNS servers, DHCP servers, routers, and switches. Plus, every OS and application that can log events should be enabled as well. The more extensive the logging, monitoring, and auditing, the more evidence will be collected about benign and malicious situations. Other important issues related to event tracking include historical log archival, securing logs, time synchronization, monitoring performance, vector tracking, maintaining accuracy, and complying with rules of evidence and chain of custody.

Penetration Testing

Penetration testing is the third major phase in security assessment and management. Penetration testing is used to stress test a mature environment for issues that cannot be discovered by automated tools or by typical administrators. Penetration testers are skilled in the method and tools of criminal attacks, the art of reconnaissance, and are masters of systems, protocols, and other aspects of IT from the perspective of malicious hackers. Testers craft exploits, modify code, decompile executables, applications, debug scripts, uncover covert channels, and more. These are essential skills of the members of a penetration testing team. A complete understanding of the benefits and the mechanisms of black box security testing will enable an organization to benefit fully from hiring an ethical hacking consultant or developing their own in-house testing team.

Remote Access

Remote access is convenient, can reduce costs, and can make work tasks more flexible, but it also increases risk for an organization. Once remote connectivity of any type is enabled for valid user access to a private network, the benefits of physical security are greatly reduced. As soon as authorized outsiders can establish valid connections to internal resources, hackers from across the globe gain the ability to attempt to intrude into those same remote access channels. Remote access includes traditional PSTN modems, VPN connections over the Internet, wireless connections, and more. Remote access often benefits from the implementation of AAA (authentication, authorization, and accounting) servers exclusively for remote users. Adding filters and rigorous oversight, such as with auditing and IDS/IPS/IDP solutions, is essential. Secure remote connectivity is possible, but is more challenging and involved than most organizations realize when first launching telecommuting or remote access projects.

Related Courses
Cybersecurity Foundations
Security+ Prep Course
Certified Ethical Hacker v7

I can speak for myself that I know I come across as… how can I put it…. abrupt or even mean.  But in my defense I would much rather people be that way with me. My directness has intimidated many people, including my own family. Ironically, they were always intimidated by my directness, but how can people work out their differences if only one person puts it out on the table and for doing so is seen as aggressive?

So here I am planning a surprise party for someone just like me, and I see what is it is like from the other side. Comments like “she is difficult”, “she is picky”, “what are you going to serve for food because she is very particular”, “what can I get her for a gift because she won’t like anything”. I think because she is vocal about her likes and dislikes she has a label of ‘difficult person’. Would it be like this for the person who plans things for me?

When did being focused, driven, independent and always trying to look for a better way to do things become bad? Aren’t these the qualities you would list on a resume? If you truly possess these traits, you can’t just be that way at work and turn it off when someone walks into your cube and jump from an A personality type to a D one. Is it ok to be direct, upfront, and aggressive in business deals but not in “real life”?

Don’t we all have likes and dislikes?

Here is an example:  When my husband and I go out with my brother and his wife, we have the “where do you want to go?… I don’t care… where do you want to go?” conversation. I am vocal about my opinion and come across as pushy, but my sister in law never speaks up. As a result, she’s often dissatisfied with the choice. Wouldn’t it have been easier for her just to speak up in the planning phase so she could avoid being somewhere she does not want to be? Communication is necessary in personal life as well as any business project planning to make sure all stakeholders’ objectives are met.

I can say it does take a certain type of person not to take it personally when I am upfront and don’t hide my feelings. There is a difference between being direct and starting conflict that can often be understood through communication and interpersonal skill development both in our personal lives and our business relationships.

Meanwhile I will keep planning my friend’s party while knowing that people have labeled her as difficult. I wonder if this is why no one throws parties for me — no one is brave enough to!

Related Posts
Why Saying “No” Stinks
Communicate. Communicate. Communicate.: Three Cs that Underpin All Business Challenges

Related Courses
How to Communicate with Diplomacy, Tact, and Credibility
Communication and Interpersonal Skills: A Seminar for IT and Technical Professionals
Responding to Conflict: Strategies for Improved Communication

I suggest that you also read Microsoft’s “What’s New in Windows 8” documents with a degree of caution. Some of the features listed as “new” – AppLocker, DirectAccess, BranchCache – are actually present in Windows 7, but they could be considered new if you’re coming from Windows XP.

Based on the beta software, we’ll begin discussing a few of the new features to look for in Windows 8:

1. Start Screen: The Start screen has a look and feel very different from the old Start menu. It uses tiles rather than text entries and icons. The tiles are customizable in various ways and can indicate “live” content if desired (something more useful for some apps than others). If you configure the Start screen to show some traditional Windows apps, they’ll show up with homogeneously square and non-“live” tiles. When you “pin” an application, you have the choice of pinning it to the taskbar, the Start screen, or both.
2. Charms Bar: This is where Microsoft wants you to go to do just about everything that doesn’t involve running an application. You can get to it by mousing to the top right or bottom right, or typing Windows+C.
   • Search. Microsoft tells us that this search facility will communicate with new apps that have a search “contract” capability. Searching in Windows Explorer seemed to function more or less as it does in Windows 7.
   • Share. It was difficult to test this feature, as sharing data between apps does not seem to have been enabled yet except in a very few cases, but the intention is to permit the user to select an object (via a right–click!) and share that object with another app (e.g., share a photo with the Mail app).
   • Devices. Is used to show connected hardware.
   • Settings has icons pertaining to network information, notification preferences, power (here’s where you can shut down – is that really a setting?), and a “More Settings” link that takes you to, well, more settings.
3. Major Navigation Changes: One of the things that will likely strike any Windows 8 user who has prior experience with earlier versions of Windows is how thoroughly Microsoft has abandoned “old” ways of getting around Windows and, in some cases, done a complete 180º and reversed how GUI actions used to behave. For a few examples:
   • Right-clicking to invoke a context menu – the default behavior that Microsoft has taught us to use when we want to do something with a desktop object – often does not do anything in the Windows 8 user interface.
   • Links to get from one place to another have been reduced, perhaps in Microsoft’s zeal to present a less cluttered work environment, perhaps out of deference to the touch-oriented interface.
   • Keyboard shortcuts seem to be making a comeback. In particular, the Windows key, which you could take or leave in Windows 7, has become huge in Windows 8. It’s the quickest way to bounce between the Start screen and the desktop.
   • Going back. In the Start screen environment, if you want to take a step back or undo some action (such as opening a Charm), sometimes there’s a back-arrow, but often, no obvious mechanism exists.
4. Metro Apps: The tablet-oriented design paradigm finds its expression in what Microsoft calls “Metro” applications, i.e., apps with the following characteristics:
   • They are designed to run from the Start screen with a customized “tile” that optionally can reflect live data (“live tile”).
   • They are built to run in two states: “immersive,” in which the app takes over the screen, and “minimal” or “snapped.”
   • They take advantage of “contracts” to integrate with other apps and with operating system features such as Search and Share.

In the next post we will cover the changes to some advanced features that Windows 8 will bring us, including Hyper-V and Group Policy.

Image used with permission from Microsoft.com

Reprinted from Top Eight Features of Windows 8 Client by Glenn Weadock