tag:blogger.com,1999:blog-63512342024-03-08T04:36:41.605+00:00MrLithicWho Knows?Anonymoushttp://www.blogger.com/profile/13671620790897904028noreply@blogger.comBlogger464125tag:blogger.com,1999:blog-6351234.post-80954968884206566772011-07-31T11:11:00.001+01:002011-07-31T11:11:49.528+01:00Testing out Google 2 Step VerificationAnonymoushttp://www.blogger.com/profile/13671620790897904028noreply@blogger.com0tag:blogger.com,1999:blog-6351234.post-74368441546782095172011-07-28T11:52:00.000+01:002011-07-28T11:52:15.391+01:00Not posted for a while<br />
<br />
Just picked up an iPad which is a brilliant piece of kit. However, while it has all of the fine features of an ipod for filter and working with your music, books seemed to have been left out. <br />
<br />
I would love to be able to rate books, organise them using different meta-tags and for these to actually make a different to the way they are presented on the ipad in iBook.Anonymoushttp://www.blogger.com/profile/13671620790897904028noreply@blogger.com0tag:blogger.com,1999:blog-6351234.post-67188720293907794512009-12-08T10:04:00.001+00:002009-12-08T10:04:21.596+00:00Lack of Wireless protection is again in the headlights of security scrutiny. <br /><br />The line for acceptable wireless security controls is constantly moving. WEP was never considered secure. It arrived broken and just became “brokener”. <br /><br />WPA is now replaced by WPA2 and that latest version is under attack by <a href="http://www.wpacracker.com/">dictionary attacks</a>. It is very impressive that a wireless secret key is now worth 34 dollars. <br /><br />The easiest way to protect yourself from attacks on your wireless device is to work on the elements that go into the encryption process. For the WPA-PSK process that involves the password and the SSID. Having a non-default SSID was always a good idea since it tells the potential attacker nothing about the network that they are sniffing. it is easy to change and can reflect your <a href="http://www.google.co.uk/search?q=funny+ssid&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-GB:official&client=firefox-a">personality</a>. Since the SSID (and SSID length) are used to slat the algorithm changing these from the default is the first step in securing a wireless connection. <br /><br />Secondly, you need to choose a passkey of a reasonable length. To avoid repetitive phrases, I tend to use <a href="https://www.grc.com/passwords.htm">GRC password generator</a> for 63 character keys. This can be a bit of pain for devices where the key has to be entered by hand (sometimes with a wiimote). <br /><br />These two tasks should leave your wireless access device fairly secure but the other side of the coin (detective controls) should also be in place. More on that later.Anonymoushttp://www.blogger.com/profile/13671620790897904028noreply@blogger.com1tag:blogger.com,1999:blog-6351234.post-63246469397597303352009-08-22T09:49:00.002+01:002009-08-22T09:52:08.296+01:00Brilliant <a href="http://www.collegemogul.com/content/8-free-online-entrepreneurial-finance-classes-mit">resource</a> for those moving from technical careers to more entrepreneurial ventures.<br /><br />At some point you need to know this stuff. I have used the MIT Computer studies materials before but this Financial courseware fills in a lot of blanks.Anonymoushttp://www.blogger.com/profile/13671620790897904028noreply@blogger.com1tag:blogger.com,1999:blog-6351234.post-71291115113181407022008-04-06T13:49:00.000+01:002008-04-06T13:49:56.430+01:00Good to see the old alma mater in the news. <br /><br /><a href="http://www.boingboing.net/2008/04/04/logo-carved-onto-hum.html">Logo carved onto human hair</a>Anonymoushttp://www.blogger.com/profile/13671620790897904028noreply@blogger.com0tag:blogger.com,1999:blog-6351234.post-26992801966764821362008-03-17T08:10:00.000+00:002008-03-17T08:15:11.026+00:00Sharpening tools.<br /><br />I started to get the tools I use in order. I updated the ipod, the N95 and got my toolsets setup for the laptop and USB keys. <br /><br />I have also decided to revert back to an older format of the Moleskine Task book. I had changed it recently by adding context tabs in the book (Online, Home Etc) as described in the GTD system. But it simply created a log of sections I did not refer to. Tasks got lost in the several places that they could be stored. I am going to grab a new Plain Ruled Moleskine and try again. This time I will have one big section for Next Actions and Porjects with a bit of room at the back for new sections that come to mind. A blogging subjects area comes to mind.Anonymoushttp://www.blogger.com/profile/13671620790897904028noreply@blogger.com0tag:blogger.com,1999:blog-6351234.post-75056082468822260542007-12-18T09:41:00.000+00:002007-12-18T09:50:29.363+00:00I am currently going through the "joy" of renewing my Canadian Passport. Unlike the pampered Brits who get 10 years of use out of their passports, Canadians have to go through this every five years. <br /><br />The passports gods have decided to add a couple new hoops to the process, including two referees and additional documentation. The guarantor must be providing his services free of charge, which means that your GP are out of the question (since they charge for everything)<br /><br />Finally, there is the pain of trying to find a photographer who meets the criteria of the Canadian Passport Authorities (no photo booths allowed). Size requirmentsand the elusive stamp on the back with photographer's address and space for the guarantor's signature. <br /><br />Thankfully, I found folks in Glasgow who do this - <a href=http://www.venart.co.uk/>Venart Photography</a> on Bath Street in Glasgow. So I have an appointment to get this done. Then it is just the Guarantor and getting the documentation together for mailing to London.Anonymoushttp://www.blogger.com/profile/13671620790897904028noreply@blogger.com1tag:blogger.com,1999:blog-6351234.post-47832303906119953112007-12-12T15:21:00.000+00:002008-01-01T11:04:06.286+00:00Perhaps inspired by the <a href="http://www.flickr.com/photos/scottjohnson/sets/72157601200807582/">56 Geeks poster</a>, I thought i would document some of the peoplpe who take a single subject and pour hours of devotion into it. If Geeks are not obsessive, then who is?<br /><br />So this is the first post in the Geeks Community series<br /><br />Today's Geek Community is - Coffee Addicts<br /><br />I originally saw the manifestation of this devotion to caffeine back in the old days of the internet. The rec.food.coffee newsgroup was filled with people who were devoted to the ultimate expression of Caffeine (trimethylxanthine coffeine theine mateine guaranine methyltheobromine)and they produced the first <a href="http://www.cs.uwaterloo.ca/%7Ealopez-o/Coffee/coffaq.html">online documentation </a> for the ultimate coffee delivery systems .<br /><br />I guess the ultimate of all devotional coffee sites is <a href="http://coffeegeek.com/">CoffeeGeek</a>, a Canadian based site which provides reviews of machines and beans and adulation to all things coffee. They have excellent guides for the novice to extreme caffeine.<br /><br />The folks at coffeegeeks discuss things that seem very alien to the occasional sipper of the workplace cup of caffeine. At no time would you consider that people compete in <a href="http://www.worldbaristachampionship.com/">Professional Barista Championships</a> or know about <a href="http://www.cupofexcellence.org/">Cups of Excellence</a> and the <a href="http://www.coffeereview.com/reference.cfm?ID=33">practice of cupping</a>.<br /><br />There are some <a href="http://blog.makezine.com/archive/2006/12/homemade_and_se.html?CMP=OTC-0D6B48984890">great hacks</a> to improve the technology behind a great cup of coffee.<br /><br />Then we have the purveyors of beans. The well-known supplier to the starter roaster in the states is <a href="http://www.sweetmarias.com/" sweet="" marias="">Sweet Marias</a>, however in the UK <a href="http://www.hasbean.co.uk/">Hasbeans</a> seems to have taken up the challenge<br /><br />Finally, we have those that love the <a href="http://www.flickr.com/photos/tonx/sets/48921/">art of the expresso</a>,<br /><br />- Update January 1st 2008 - What happens when you combine a <a href="http://coffeegeek.com/reviews/consumer/gaggia_espresso">great expresso machine</a> and the power of the open source <a href="http://www.arduino.cc/">Arduino hardware</a> - you get a <a href="http://www.blog.nashlincoln.com/espresso/gaggia-espresso-pid-arduino-mod">great coffee hack</a>. This guys adds a PID temperature controller and computer interface to his Gaggia Expresso Machine.Anonymoushttp://www.blogger.com/profile/13671620790897904028noreply@blogger.com1tag:blogger.com,1999:blog-6351234.post-15153334330323098762007-11-21T12:48:00.000+00:002007-11-21T19:58:05.751+00:00<a href="http://www.flickr.com/photos/telstar/sets/72157603240365315/">Flight thru Instruments</a> is a beautiful example of the power of excellent illustration that explains difficult information in a concise manner.Anonymoushttp://www.blogger.com/profile/13671620790897904028noreply@blogger.com0tag:blogger.com,1999:blog-6351234.post-76643003556183983672007-10-24T07:35:00.000+01:002007-10-24T07:35:06.927+01:00Geekstuff have on sale a <a href="http://www.geekstuff4u.com/product_info.php?manufacturers_id=&products_id=630">SATA HDD Stage Rack</a> which suddenyl turns all of those SATA drives that you have hanging around into big metal encased floppies - which hold 100Gb to 200Gb each. <br /><br />You also use it to test SATA drives - what the thing was originally designed to do.Anonymoushttp://www.blogger.com/profile/13671620790897904028noreply@blogger.com0tag:blogger.com,1999:blog-6351234.post-81931496811722314522007-09-04T10:33:00.000+01:002007-09-04T10:45:43.270+01:00I have found the mecca for Geeks in Glasgow. <br /><br />Parnie Street near the Trongate caters to all Geek Needs. Comic books, sci-fi collectables, absolutely astounding. <br /><br /><iframe width="425" height="350" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" src="http://maps.google.co.uk/maps?f=q&hl=en&geocode=&q=parnie+street+glasgow&sll=55.857587,-4.253082&sspn=0.064648,0.158615&ie=UTF8&om=1&s=AARTsJrotdjSsIPxotTxc5gl5qgT5nXpFQ&ll=55.856455,-4.246001&spn=0.00843,0.018239&z=15&iwloc=addr&output=embed"></iframe><br /><small><a href="http://maps.google.co.uk/maps?f=q&hl=en&geocode=&q=parnie+street+glasgow&sll=55.857587,-4.253082&sspn=0.064648,0.158615&ie=UTF8&om=1&ll=55.856455,-4.246001&spn=0.00843,0.018239&z=15&iwloc=addr&source=embed" style="color:#0000FF;text-align:left">View Larger Map</a></small>Anonymoushttp://www.blogger.com/profile/13671620790897904028noreply@blogger.com0tag:blogger.com,1999:blog-6351234.post-17595045138353323072007-08-31T19:44:00.000+01:002007-08-31T20:03:39.657+01:00Well, for those who do not know, my life is taking a major turn. <br /><br />I am leaving the NHS after a seven year stint, leaving behind the networks and systems that I built. <br /><br />I am going into a field that I have always been interested in for a while - Information Systems Security. It has the combination of developing systems and networks that are secure while being dynamic and under constant change - both from the types of attack and the rapid developments in new technology. However, one thing I have learned about security is that it is a solid foundation in the IT infrastructure that provides the best defence against any attack.Anonymoushttp://www.blogger.com/profile/13671620790897904028noreply@blogger.com0tag:blogger.com,1999:blog-6351234.post-69505759762452640932007-08-27T11:07:00.000+01:002007-08-27T11:09:25.047+01:00Just finished mapping the trip from Leeds to Paisley. <br /><br />All done with no GPS or Tomtom. <br /><br />Took about 8 hours with stops and had some lovely bits to drive through. <br /><br /><br /><iframe width="425" height="350" frameborder="no" scrolling="no" marginheight="0" marginwidth="0" src="http://maps.google.co.uk/maps?f=d&hl=en&geocode=&saddr=LS19+7TU&daddr=A61%2FPrincess+Royal+Way+%4053.957260,+-1.530790+to:A61%2FRipon+Bypass+%4054.142000,+-1.513600+to:54.220285,-1.647949+to:A684%2FHarmby+Rd+%4054.307450,+-1.821490+to:Unknown+road+%4054.371790,+-1.856360+to:B6270%2FSilver+St+%4054.389570,+-1.943860+to:A6108+%4054.403230,+-1.822340+to:B6274+%4054.545720,+-1.784190+to:B6277+%4054.557430,+-1.980950+to:A689+%4054.931420,+-2.945100+to:Burn+St+%4055.008010,+-2.968470+to:B721%2FChurch+St+%4054.987330,+-3.259200+to:B723%2FHigh+St+%4055.122360,+-3.355920+to:A724%2FHamilton+Rd+%4055.810680,+-4.136860+to:pa12dd&mrcr=2,3&mrsp=3&sz=9&mra=dpe&dirflg=h&sll=54.154393,-1.417236&sspn=1.158071,2.732849&ie=UTF8&ll=54.035199,-1.348572&spn=1.158071,2.732849&om=1&output=embed&s=AARTsJoO7e5raazN6rgE7DokvyKVbV8ITg"></iframe><br/><a href="http://maps.google.co.uk/maps?f=d&hl=en&geocode=&saddr=LS19+7TU&daddr=A61%2FPrincess+Royal+Way+%4053.957260,+-1.530790+to:A61%2FRipon+Bypass+%4054.142000,+-1.513600+to:54.220285,-1.647949+to:A684%2FHarmby+Rd+%4054.307450,+-1.821490+to:Unknown+road+%4054.371790,+-1.856360+to:B6270%2FSilver+St+%4054.389570,+-1.943860+to:A6108+%4054.403230,+-1.822340+to:B6274+%4054.545720,+-1.784190+to:B6277+%4054.557430,+-1.980950+to:A689+%4054.931420,+-2.945100+to:Burn+St+%4055.008010,+-2.968470+to:B721%2FChurch+St+%4054.987330,+-3.259200+to:B723%2FHigh+St+%4055.122360,+-3.355920+to:A724%2FHamilton+Rd+%4055.810680,+-4.136860+to:pa12dd&mrcr=2,3&mrsp=3&sz=9&mra=dpe&dirflg=h&sll=54.154393,-1.417236&sspn=1.158071,2.732849&ie=UTF8&ll=54.035199,-1.348572&spn=1.158071,2.732849&om=1&source=embed" style="color:#0000FF;text-align:left;font-size:small">View Larger Map</a>Anonymoushttp://www.blogger.com/profile/13671620790897904028noreply@blogger.com0tag:blogger.com,1999:blog-6351234.post-30085255512340160662007-08-10T20:20:00.000+01:002007-08-10T20:26:49.205+01:00I found this article which is no longer accessible on the Security Techtarget webiste <br /><br />Thought I would put it up here. It perfectly describes the CISSP exam. Something I have tried to do for friends and co-workers in the past couple days, not very well. What can you do? Other than saying "6 hours of hell". <br /><br />Frustrating Questions<br />Anybody who says the CISSP exam is easy isn't telling the whole story. There are plenty of difficult questions--some legitimate, some goofy.<br />BY Andrew Briney<br /><br />When taking the CISSP exam, expect to encounter at least a couple dozen questions that will frustrate the hell out of you. (ISC)2 exam designers claim these (and all) questions are psychometrically valid. Annoying or not, they're a useful mechanism for separating qualified candidates (infosecurity professionals who have mastered the CBK to an acceptable level) from unqualified professionals (those without mastery of the material who are simply good at taking multiple-choice exams).<br /><br />Whether you buy this line of reasoning or not, these questions will drive you nuts if you're not expecting them. For discussion purposes, I've divided these questions into four categories, comprising both the "factual" and "interpretive" question types. With each of these categories, I'll try to explain what makes the question difficult, and offer an example. These examples may be a bit exaggerated to illustrate a point. That said, they're not far from the truth, either.<br /><br />1. Obscure facts. Several questions require you to recall very specific details from the CBK. These are absolutely legitimate, fact-oriented questions that don't require a lot of interpretation. The problem is that you just don't know or can't remember the answer unless you happened to study it recently, have hands-on experience with it, or have a photographic memory.<br /><br />Here's an example:<br /><br />1. Which of the following characterizes the Data Encryption Standard (DES) Electronic Code Book (ECB) mode?<br />a. "Stream mode" cipher, first ciphertext block is XORed with next text block.<br />b. "Block mode" cipher, 64-bit plaintext blocks loaded sequentially.<br />c. "Block mode" cipher, 64-bit data blocks processed individually one at a time.<br />d. "Stream mode" cipher, keystream is XORed with message stream; simulates one-time pad.<br /><br />The answer is "C," but it's a really hard question because it's very detailed and technical. Moreover, the options include both legitimate DES modes that aren't ECB (answer B is cipher block chaining (CBC); answer D is output feedback mode (OFB)) and a made-up answer (answer "A" also describes CBC, except CBC is a block mode cipher). You either know the answer here or you don't. It's impossible to dope it out if you didn't study it.<br /><br />2. Misleading interpretive questions. A chunk of questions ask you to pinpoint the "best" answer or course of action given a scenario or context. Granted, by their very nature, these questions are very difficult to craft, but the CISSP exam seems to have more than its share of doozies.<br /><br />Selecting the best answer to these questions is problematic because (a) what you would consider "best" isn't one of the options; or (b) you need more context to determine what the exam-creators would consider best. Here's an example question that captures both of these problems:<br /><br />2. Which of the following is usually considered to be the best type of firewall:<br />a. Static packet filter<br />b. Application-layer proxy<br />c. Circuit-level firewall<br />d. PC firewall<br /><br />Many people would consider a dynamic/stateful-inspection firewall to be the "best" general-purpose firewall available today. But that's not one of the answers. So you're left to determine what's best from the list of four "next-best-but-not-really-best" alternatives.<br /><br />Compounding the problem, you're not given any context in which to make an educated decision. "Best" under what circumstances? What type of access control or traffic filtering are you trying to enforce? What type of network or hosts is the firewall intended to protect?<br /><br />Moreover, the answers are not "equal" in the sense that they're not all of the same type or quality. Is this on purpose or by accident? Again, you can only guess.<br /><br />OK, you probably wouldn't select "D," because a PC firewall is a specific example of a host application filter. The other three options are core technologies, not form-factor examples of those technologies.<br /><br />Option A, static packet filter, is a "first-generation" network-layer firewall that does basic IP address and port filtering. It's probably the widest deployed firewall today, so if "best" means "most accepted," option A would be your answer.<br /><br />However, if by "best" they mean "most able to filter traffic at a granular application header or payload level," then "application-layer proxy" is your answer. But wait: Circuit-level firewalls are "better" than static packet filters because they filter on Transport layer headers as well as IP headers; and they're "better" than application proxies because they can filter on a wider variety of protocols and are easier to maintain. But do two "betters" add up to one "best"?<br /><br />You get the point. You have to determine what "best" means before you can select the "best" (er, "next-best") answer. This question is aggravating because it doesn't test your knowledge of firewalls--how they work, how they compare, which one's most applicable to a given scenario--but rather your ability to guess how the exam creators would define "best."<br /><br />3. Questions where more than one answer is correct. In some questions, more than one answer seems correct. And, indeed, more than one is correct, depending on your perspective.<br /><br />3. Which OSI layer(s) does SSL operate at?<br />a. Layer 4<br />b. Layer 5<br />c. Layers 4 and 5<br />d. Layers 5 and 7<br /><br />Each of these is correct under different scenarios. In preparing for the exam, I came across different sources that actually gave these answers. Which one is correct? More to the point: Which answer would (ISC)2 consider correct? Guess!<br /><br />With questions like these, it's clearly a matter of interpretation and context, and one would hope the CISSP exam would steer away from them. Unfortunately, it doesn't.<br /><br />4. Confusing wording in the question itself. Perhaps the most frustrating questions on the CISSP exam are ones that force you to guess at exactly what the question is trying to ask. A sloppily written phrase forces you to interpret the meaning of the question--do they mean this, or do they mean that?--which in turn affects your interpretation of the answers.<br /><br />4. Which of the following best describes a "protective profile"?<br />a. Implementation-dependent statement of security needs for a set of general IT products.<br />b. Management-level description of resources necessary to protect a security domain.<br />c. General framework of physical security requirements for a data center.<br />d. Includes the "Target of Evaluation" description of an IT product and its purpose, but not necessarily from a security perspective.<br /><br />If you studied the Common Criteria security evaluation standard, you know that the "protection profile" is an implementation-independent statement of security requirements within the CC. Ah, but the question says protective profile--and what's worse, it puts the phrase in quotes.<br /><br />Is this a simple spelling or usage mistake? Or are the exam developers specifically trying to bait you into answering the question as though it specifies "protection profile," when in fact they mean something more generic and completely unrelated to the Common Criteria?<br /><br />It may seem like I'm picking on (ISC)2 and the exam creators by going into this level of detail. But to be forewarned is to be forearmed, and no book, study guide or boot camp prepared me for these types of questions, and no sample test I came across quite captured the essence of these questions. Everybody talks about how some CISSP exam questions are frustrating. Hopefully, I've illustrated why they can be frustrating.Anonymoushttp://www.blogger.com/profile/13671620790897904028noreply@blogger.com0tag:blogger.com,1999:blog-6351234.post-81077383715443560302007-08-01T05:07:00.000+01:002007-08-01T05:16:41.282+01:00So, while I have been here I have discovered a couple things. One of the main problems with the CISSP is the level of knowledge that you need to know for the exam. The number of fields of knowledge involved in the CISSP cover more than any other security certification, so often the question is how much do I need to know in each domain/field. <br /><br />In the field of encryption, you do not need to know the math involved in the various encryption algorithms, but you do need to know the differences between all of the major encryption systems. For example, you need to know the differences between AES and Diffie-Hellman, in terms of block size, type of algorithm, speed, mechanics, processing ability, etc. Making up a chart of all of the major encryption methods to allow to compare is probably a good way to start. At the end of the exercise, you should be able to recommend the correct encryption system based upon the situation that it will be used in.Anonymoushttp://www.blogger.com/profile/13671620790897904028noreply@blogger.com0tag:blogger.com,1999:blog-6351234.post-18844384432278828912007-07-31T21:47:00.000+01:002007-07-31T21:53:57.648+01:00Well, I have two days of CISSP and the the fun does end. We are doing roughly 12 hour days working on some pretty tough security concepts.<br /><br />The clas is a little large with 27 people in it. The CISA course was alot smaller with 12 people in the class. It seems to limited participation a little. It seems that this course is quite popular considering the timing of this week (school holidays and such). <br /><br />Today was cryptography with everything covered (except for the math). It was more aimed at knowing all of the aspects of these cryptographic systems in order to choose one for a specific situation.Anonymoushttp://www.blogger.com/profile/13671620790897904028noreply@blogger.com0tag:blogger.com,1999:blog-6351234.post-71632757120716009852007-07-29T20:37:00.000+01:002007-07-29T20:43:27.715+01:00So, I have arrived at <a href="http://www.blogger.com/www.trainingcamp.co.uk/">Training Camp</a> and I thought I would try to do a bit of a running blog during this week. That may be a bit difficult due to the amount of work involved in this course, but I will definitely try.<br /><br />The course hours are 8am to 8 pm for 6 days and then I write the CISSP six hour exam on the seventh day. <br /><br />I am really weak on several of the domains, including the policy and application dev stuff but I am hoping that this knowledge will be picked up during the week.Anonymoushttp://www.blogger.com/profile/13671620790897904028noreply@blogger.com0tag:blogger.com,1999:blog-6351234.post-54571146226486989862007-07-08T10:32:00.000+01:002007-07-11T09:37:11.895+01:00Liz and I were driving around Glasgow yesterday, getting some magic tricks for her sister's impending trip to Greece. We were thinking of cheap things she could take to give to the kids over there and the tricks from <a href=http://www.tamshepherdstrickshop.co.uk/>Tam Shepherd's Magic Shop</a> seemed ideal. This place has always been there and I wonder how it stays in operation. The tricks that we bought for the kids were between 50p and 2 quid. The guy behind the counter will always show you some trick that you can do and will impress. Brilliant place. <br /><br />We get back to the car and Liz starts to head to Tescos, as we get near the Finneston Bridge, loads of cops are lining the street on either side. At the traffic lights we ask a female police officer if the Orange Walk is due soon (the bridge's lamp posts have union jacks tied to them) and she tells us that they left Bellahouston Park about 10 minutes ago. Liz squeals and I remind her that we can turn around and head down to Shawlands. So we go back over the bridge and down to the Tescos at Silverburn, avoiding King Billy and the piccolo players.Anonymoushttp://www.blogger.com/profile/13671620790897904028noreply@blogger.com0tag:blogger.com,1999:blog-6351234.post-49499147146247934782007-06-28T16:48:00.000+01:002007-06-28T16:51:15.287+01:00<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiYGuD6yVIlusqjEGJUJzRmUhudDQDJHY-8Vt-9ZCfy5WtBE3g_woRHGDhwcdwPLsc4RmTRCAtGcy0g44ZCIFH69JiXmVchzmmK0awwGbn36bb6156TX9_uekPU1llJZhVpY2xqKA/s1600-h/lotteryletter.jpg"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiYGuD6yVIlusqjEGJUJzRmUhudDQDJHY-8Vt-9ZCfy5WtBE3g_woRHGDhwcdwPLsc4RmTRCAtGcy0g44ZCIFH69JiXmVchzmmK0awwGbn36bb6156TX9_uekPU1llJZhVpY2xqKA/s320/lotteryletter.jpg" border="0" alt=""id="BLOGGER_PHOTO_ID_5081143047113979602" /></a><br />I am not sure if this is a Phishing email but if it is from the National Lottery, then they should review their policies on sending suspicious messages to people on their mailing lists.Anonymoushttp://www.blogger.com/profile/13671620790897904028noreply@blogger.com0tag:blogger.com,1999:blog-6351234.post-4018167846793280522007-06-19T19:58:00.000+01:002007-06-19T19:58:12.734+01:00Very impressed by these <a href="http://www.pedalite.com/index.php">Pedalite</a> pedals that make your bike very easy to see and are self-charging.Anonymoushttp://www.blogger.com/profile/13671620790897904028noreply@blogger.com0tag:blogger.com,1999:blog-6351234.post-74893832375324438732007-06-18T10:17:00.000+01:002007-06-18T10:17:22.096+01:00Great series for Network Newcomers - <a href="http://www.oreillynet.com/pub/ct/23">Networking as a 2nd Language</a><br /><br />Sorry if I am plugging up Planet ScotLUG with this stuff. Just trying to get my web resources sorted for the CISSP.Anonymoushttp://www.blogger.com/profile/13671620790897904028noreply@blogger.com0tag:blogger.com,1999:blog-6351234.post-84990954169749303882007-06-16T09:31:00.000+01:002007-06-16T09:36:11.531+01:00You want a crypto course and don't want to pay for it? <br /><br />Check out the University of Washington <a href=http://www.cs.washington.edu/education/courses/csep590/06wi/>CSE P 590TU: Practical Aspects of Modern Cryptography</a> with brilliant <a href=http://www.cs.washington.edu/education/courses/csep590/06wi/lectures/>slides and lecture notes</a>. <br /><br />MIT's OCW also has some good offerings. <br /><br /><a href=http://ocw.mit.edu/OcwWeb/Electrical-Engineering-and-Computer-Science/6-897Spring-2004/CourseHome/index.htm>6.897 Selected Topics in Cryptography</a>Anonymoushttp://www.blogger.com/profile/13671620790897904028noreply@blogger.com0tag:blogger.com,1999:blog-6351234.post-1806289844808895652007-06-16T09:15:00.000+01:002007-06-16T09:20:02.177+01:00This is Dave Libershal's CISSP page recovered from Google Cache<br /><br /><H1>CISSP Prep Resources</H1><br /><br /><br /><HR><br /><h2><a name="Index">Contents</a></h2><br /><ul><br /><li><a href="#GEN">General CISSP Info</a><br /><br /><li><a href="#QUES">Sample CISSP Exam Questions</a><br /><li><a href="#DOM1">Domain 1 - Security Management Practices</a><br /><li><a href="#DOM2">Domain 2 - Access Control Systems and Methodology</a><br /><li><a href="#DOM3">Domain 3 - Telecommunications and Network Security</a><br /><li><a href="#DOM4">Domain 4 - Cryptography</a><br /><li><a href="#DOM5">Domain 5 - Security Architecture and Models</a><br /><li><a href="#DOM6">Domain 6 - Operations Security</a><br /><li><a href="#DOM7">Domain 7 - Applications and Systems Development Security</a><br /><li><a href="#DOM8">Domain 8 - BCP and Disaster Recovery Planning</a><br /><br /><li><a href="#DOM9">Domain 9 - Law, Investigations, and Ethics</a><br /><li><a href="#DOM10">Domain 10 - Physical Security</a><br /></ul><br /><HR><br /><DL><br /> <DT><B><a name="GEN">General CISSP Info</a></B>: <br /> <DD> <br /> <p> <a HREF="http://groups.yahoo.com/group/CISSP_ISSA_BALTIMORE/">CISSP_ISSA_BALTIMORE <br /> Study Group Yahoo Site</a> <br /> <p><a href="http://www.eaglesreach.com/cisspforum/faq.html">CISSP Yahoo Group <br /> FAQ</a></p><br /> <p><a href="http://www.infosecuritymag.com/2003/jun/certifiable.shtml">About <br /> the CISSP Test & Certification</a></p><br /><br /> <p><a HREF="http://csrc.nist.gov/publications/nistpubs/index.html">NIST Computer <br /> Security Publications</a> - from the NIST Computer Security Resources Site. <br /> <p><a HREF="http://www.csrc.nist.gov/">NIST Computer Security Resource Center</a> <br /> - CSRC. <br /> <p><a HREF="http://www.isc2.org">ISC2</a> - International Information Systems <br /> Security Certification Consortium. <br /> <p><a href="http://www.cccure.org">CISSP Open Study Guide site</a></p><br /> <p><a HREF="http://seclab.cs.ucdavis.edu/projects/history/seminal.html">Seminal <br /> Papers</a> - from the Computer Security Paper Archive Project. <br /> <p><a HREF="http://www.tscm.com/nstiss.html">NSTISSI No. 4009</a> - 1992 National <br /> Information Systems Security (INFOSEC) Glossary. "Provides standard definitions <br /> for many of the specialized terms relating to the disciplines of communications <br /> security (COMSEC) and automated information systems security (AISS), sometimes <br /> referred to as computer security (COMPUSEC)." The most recent Sept. 2000 <br /> version is available as a PDF file at <a HREF="http://www.nstissc.gov/Assets/pdf/4009.pdf">www.nstissc.gov/Assets/4009.pdf</A>. <br /> <p><a HREF="http://www.wikipedia.org/wiki/Information_security">Wikipedia's <br /> Review of Information Security</A>. <br /> <p><a HREF="http://www.cccure.org/Documents/HISM/">Handbook of Information <br /> Security Management</a> - 1999 edition. <br /> <p><a HREF="http://www.intelbrief.com/compusec.htm">Computer Security Resources</a> <br /> <p><a HREF="http://fas.org/index.html">Federation of American Scientists</a> <br /> <p><a HREF="http://www.securitymanagement.com/">SecurityManagement Online</a> <br /> extensive news and legal coverage of security issues. <br /> <p><a HREF="http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tips/Manage.asp">Microsoft <br /> Security Tips</a> <br /> <p> <a href="#Index"><i>Back to Index</i></a> <br /> <p> <br /> <DT><B><a name="QUES">Sample CISSP Exam Questions</a></B>: <br /> <DD> <br /> <p><a HREF="http://cccure.org/testmain.php">CCCure's Sample CISSP Questions</a> <br /> . Be sure to check their <a HREF="http://www.cccure.org/modules.php?name=Downloads&d_op=viewdownload&cid=10">Study <br /> Guides and download materials</a>. <br /> <p><a HREF="http://www.cert21.com/CISSP-exams.html">Cert21 practice tests</a> <br /> - but you first need to set up an account with them. <br /> <p> <a href="#Index"><i>Back to Index</i></a> <br /> <p> <br /> <DT><B><a name="DOM1">Domain 1 - Security Management Practices</a></B>: <br /> <DD> <br /> <p>Note that there is much commonality between this and other domains. <br /> <p><a HREF="http://www.theiia.org/itaudit/index.cfm?fuseaction=forum&fid=482">Modelling <br /> Information Risk Elements</a> - by Alan Oliphant (in ITAudit) <br /> <p><a HREF="http://www.enteract.com/~bradapp/links/scm-links.html">Configuration <br /> Management Guides</a> - This material is also useful for Domain 7 review <br /> of applications configuration management. <br /> <p><a HREF="http://www.cccure.org/Documents/HISM/223-228.html">Risk Management</a> <br /> - from the Handbook of Information Security Management. <br /> <p><a HREF="http://www.microsoft.com/technet/security/tips/Manage.asp?frame=true">Microsoft <br /> Whitepapers on Security Management </a> - This is a recent (9/2002) guide <br /> with set of links to various Microsft papers that cover the management of <br /> site security policies and procedures. </p><br /><br /> <a href="#Index"><i>Back to Index</i></a> <br /> <p> <br /> <DT><B><a name="DOM2">Domain 2 - Access Control Systems and Methodology</a></B>: <br /> <DD> <br /> <p>There is much repetition here with other domains - review OPSEC (Domain <br /> 6) and Physical Security (Domain 10) in particular. See additional Common <br /> Criteria and Biometrics resources at those Domains. <br /> <p><a HREF="http://securitysolutions.com/">General Access Control info from <br /> Security Solutions</a>. <br /> <p><a HREF="http://hissa.nist.gov/rbac/paper/rbac1.html">NIST Paper on Role-Based <br /> Access Controls </a> - considered to be better than DAC for non-military <br /> sites. <br /> <p><a HREF="http://www.radium.ncsc.mil/tpep/library/rainbow/">Rainbow Series <br /> Library</a> - with PS and PDF formatted documents. <br /> <p><a HREF="http://www.inforeading.com/archive/rainbow/5200.28-STD.html">DOD <br /> 5200.28-STD</a> - Orange Book (1983) - DoD Trusted Computer System Evaluation <br /> Criteria (TCSEC). <br /> <p><a HREF="http://www.radium.ncsc.mil/tpep/epl/epl-by-class.html">Evaluated <br /> products List</a> - listed by rating from Orange Book. Since this list only <br /> covers evals in past three years (note the site was last updated in Sept, <br /> 2000) Also, be sure to see the <a href="http://www.radium.ncsc.mil/tpep/epl/historical.html">Historical <br /> List</a> of all previously evaluated systems (listed by vendor). <br /> <p><a HREF="http://www.inforeading.com/archive/rainbow/NCSC-TG-005.html">NCSC-TG-005</a> <br /> - Trusted Network Interpretation of the TSEC (Red Book) and <a href="http://www.inforeading.com/archive/rainbow/NCSC-TG-011.html">NCSC-TG-011</a> <br /> - Guidance for Applying the Trusted Network Interpretation. These extend <br /> the Orange Book coverage to networks. <br /> <p><a HREF="http://www.cesg.gov.uk/assurance/iacs/itsec/index.htm">ITSEC</a> <br /> - Information Technology Security Evaluation Criteria - British certification <br /> recognized in Europe. Developed as an international alternative to TCSEC. <br /> In May 1990 France, Germany, the Netherlands and the United Kingdom published <br /> the Information Technology Security Evaluation Criteria (ITSEC) based on <br /> existing work in their respective countries. Following extensive international <br /> review, Version 1.2 was subsequently published in June 1991 by the Commission <br /> of the European Communities for operational use within evaluation and certification <br /> schemes. ITSEC is a structured set of criteria for evaluating computer security <br /> within products and systems. Each evaluation involves a detailed examination <br /> of IT security features culminating in comprehensive and informed functional <br /> and penetration testing. This work is undertaken using an agreed Security <br /> Target as the baseline for ensuring that a product or system meets its security <br /> specification. ITSEC operates the concept of assurance levels E0 to E6. <br /> This scale represents ascending levels of confidence that can be placed <br /> in the TOEs security functions and determines the rigour of the evaluation. <br /> Since the launch of ITSEC in 1990, a number of other European countries <br /> have agreed to recognise the validity of ITSEC evaluations. Both ITSEC and <br /> TCSEC are forerunners of the <a href="http://www.commoncriteria.org">Common <br /> Criteria</a> - ISO 15408 (1998)- first released in 1996. <br /> <p><a HREF="http://www.cesg.gov.uk/assurance/iacs/itsec/criteria/common-criteria/index.htm">CC <br /> EALs</a> - Common Criteria's 7 Evaluation Assurance Levels (EAL 1-7) and <br /> their relationship to ITSEC evaluation levels (E0-6). <br /> <p><a href="http://eros.cs.jhu.edu/%7eshap/NT-EAL4.html">Understanding the <br /> Windows EAL4 Evaluation</a> - a useful discussion of how the CC works.</p><br /><br /> <p><a HREF="http://www.engr.sjsu.edu/biometrics/publications.html">National <br /> Biometric Test Center Publications</a> <br /> <p><a HREF="http://biometrics.cse.msu.edu/links.html">Biometrics Links</a> <br /> from the MSU Biometrics Research Site. <br /> <p> <a href="#Index"><i>Back to Index</i></a> <br /> <p> <br /> <DT><B><a name="DOM3">Domain 3 - Telecommunications and Network Security</a></B>: <br /> <DD> <br /> <p><a href="http://teleeducation.nb.ca/it/">Telecom & Networks web courses</a> - easy to follow, and a good place to start</p><br /><br /> <p><a href="http://www.protocols.com/">Communications Protocols</a></p><br /> <p><a href="http://www.cisco.com/univercd/cc/td/doc/cisintwk/ita/index.htm">Cisco Network Terms Glossary</a> </p><br /> <p><a href="http://www.techweb.com/encyclopedia">Techweb Networking Terminology</a></p><br /> <p><a href="http://www.whatis.com">www.whatis.com</a></p><br /> <p><a href="http://www.rfc-editor.org/">Searchable RFC Database</a></p><br /> <p><a href="http://www.cisco.com/univercd/home/home.htm">Cisco Documentation</a></p><br /><br /> <p><a href="http://searchnetworking.techtarget.com/originalContent/0,289142,sid7_gci958513,00.html?track=NL-31&ad=482836">Guide to Network Administration</a> - good coverage of common issues, plus technical info on LANs, VPNs, and network security.</p><br /> <p><a href="http://www.acm.org/crossroads/xrds1-1/tcpjmy.html">TCP/IP Overview</a> <br /> from ACM.<br /> <p><a href="http://www.yale.edu/pclt/COMM/TCPIP.HTM">Intro to TCP/IP</a> - <br /> an old (1995) and brief document. The ACM overview is better. <br /> <p><a href="http://www.dragonmount.net/tutorials/tcpip/part1/intro.htm">TCP/IP <br /> Tutorial</a> from Dragonmount <br /> <p><a href="ftp://ftp.isi.edu/in-notes/rfc1180.txt">RFC1180</a> - a TCP/IP <br /> tutorial. <br /> <p><a href="http://highered.mcgraw-hill.com/sites/dl/free/0072850841/95578/unit10_ch03.ppt">Network Device Presentation</a> - good descriptions and helpful diagrams.</p><br /><br /> <p><a href="http://www.private.org.il/tcpip_rl.html">Uri's TCP/IP Resources <br /> List</a> - a massive set of well-organized links. This is THE PLACE to go <br /> for TCP/IP information. Much of what you need to know or want to find about <br /> TCP/IP is at this site. <br /> <p><a href="http://www.ericsson.com/support/telecom/index.shtml">Understanding Communications</a> - focus on the WAN side - From Ericsson</p><br /> <p><a href="http://www.oreillynet.com/pub/a/network/2001/03/16/net_2nd_lang.html">O'Reilly Network Articles</a></p><br /> <p><a href="http://www.rhyshaden.com/ethernet.htm">Data Network Resources</a> - this is good overall coverage</p><br /> <p><a href="http://www.us.anritsu.com/downloads/files/musthave.pdf">Anritsu <br /> Must-Have Reference for IP</a> - has a very good glossary of IP acronyms. <br /> <p><a href="http://www.webopedia.com/">Webopedia On-line Computer Encyclopedia</a> <br /> - good network coverage</p><br /><br /> <p><a href="http://fcit.coedu.usf.edu/network/chap4/chap4.htm">Cable and Connectors</a> - this is an excellent document with helpful drawings and tables.</p><br /> <p><a href="http://www.stonewallcable.com/ProductFiles/home.html">Cable Products Catalog</a></p><br /> <p><a href="http://www.texarkanacollege.edu/~bforward/nwessch3.htm">Networking Media Course</a> - good overview set of slides, includes wireless.</p><br /> <p><a href="http://www.tek.com/Measurement/App_Notes/22_15443/eng/22W_15443_0.pdf">Fiber Technology</a></p><br /> <p><a href="http://files.quadrantcommunications.be/Quadrant.nsf/Pages/CISP">Images of Cisco network devices</a></p><br /><br /> <p><a href="http://www.webopedia.com/quick_ref/EthernetDesignations.asp">Ethernet <br /> Designations</a> - nice chart of the different Ethernet flavors.</p><br /> <p><a href="ftp://ftp.prenhall.com/pub/esm/sample_chapters/cs/stallings/pdf/ch04.pdf">Telecommunications Media</a> - Chapter 4 of Stallings' Data and Computer Copmmunications textbook.<br /></p><br /> <p><a href="http://www.networkmagazineindia.com/200205/krone2.shtml">CAT7 <br /> vs Fiber </a> - discussion of the different cable types and expected usage; <br /> good coverage of fiber technology.</p><br /> <p><a href="http://www.techfest.com/networking/wan.htm">WANs</a></p><br /><br /> <p><a href="http://directory.google.com/Top/Computers/Internet/Protocols/">Google <br /> Searchable Subject Index on Internet Protocols</a></p><br /> <br /> <p><a href="http://www.iana.org/assignments/port-numbers">IANA List of Registered TCP/IP Ports</a></p><br /> <p><a href="http://www.busan.edu/~nic/networking/tcpip/ch02_07.htm">TCP/IP <br /> Protocols, Ports, and Sockets</a> - good coverage of how they work. <br /> <br /> <p><a href="http://www.gcn.com/vol1_no1/daily-updates/23877-1.html">DOD Migration <br /> to IPv6</a> - 10/14/03 issue of GCN <br /> <p><a href="http://documents.iss.net/whitepapers/IPv6.pdf">Security Implications <br /> of IPv6</a> - ISS paper that discusses how migration to IPv6 may create <br /> security problems. <br /> <p><a href="http://www.manualy.sk/protocols2/voip/architecture.htm">VoIP</a></p><br /><br /> <p><a href="http://www.wkmn.com/newsite/wireless.html">Wireless Tutorial</a></p><br /> <p><a href="http://searchnetworking.techtarget.com/originalContent/0,289142,sid7_gci888215,00.html">802.11 Tutorial</a></p><br /> <p><a href="http://www.slac.stanford.edu/xorg/nmtf/nmtf-tools.html">Comprehensive list of network monitoring tools</a></p><br /> <p><a href="http://www.finisar.com/nt/taps.php">Shomiti Taps</a> - Finistar site</p><br /> <p><a href="http://www.lurhq.com/technical.html">LURHQ's Malware Technical Papers</a> contain some solid info about various worms and viruses, and exploits like DNS cache poisoning.</p><br /><br /> <p><a href="http://www.montefiore.ulg.ac.be/~leduc/cours/ISIR/ISIR-chap12.pdf">Access Control and Firewalls</a></p><br /> <p><a href="http://www.cs.unibo.it/babaoglu/courses/security/lucidi/IPSec.pdf">SSL <br /> and IPSec Tutorial</a> - presentation with good coverage and useful diagrams. Also see <a href="http://www.montefiore.ulg.ac.be/~leduc/cours/ISIR/ISIR-chap14.pdf">SSL and TLS description</a><br /> and <a href="http://www.montefiore.ulg.ac.be/~leduc/cours/ISIR/ISIR-chap13.pdf">thorough IPSec presentation</a><p><a href="http://www.cisco.com/warp/public/cc/so/neso/sqso/eqso/ipsec_wp.htm<br />">IPSec Overview from Cisco</a> <br /> <p><a href="http://www.cisco.com/warp/public/cc/so/neso/sqso/eqso/ipsec_wp.htm">IPSec <br /> White Paper</a> - from Cisco, contains a useful summary.</p><br /><br /> <p><a href="http://www.microsoft.com/serviceproviders/columns/what_is_ipsec_tunneling_987.asp">IPSec <br /> Tunneling Described</a> - short Microsoft article with some helpful diagrams</p><br /> <p><a href="http://www.cs.unibo.it/babaoglu/courses/security/lucidi/PKI.pdf">PKI <br /> Tutorial</a> <br /> <p><a href="http://www.networkcomputing.com/902/902ws1.html">Radius and TACACS</a> <br /> - Network Computing article. <br /> <p><a href="http://ou800doc.caldera.com/NET_bnu/rpcC.secure_rpc.html">Secure <br /> RPC</a> - brief overview. <br /> <a href="http://www.montefiore.ulg.ac.be/~leduc/cours/ISIR/ISIR-chap15.pdf">Application Layer Security Protocols</a><br /> <p><a href="http://www.linuxjournal.com/article.php?sid=5201">Sniffer tools <br /> and detection</a> article in Linux Journal - brief overview. <br /> <p><a href="http://grc.com/oo/packetsniff.htm">packetsniff</a> site by Steve <br /> Gibson. <br /> <p><a href="http://packetstormsecurity.org/sniffers/">Packet Storm's</a> alphabetized <br /> download site for sniffer and analyzer software, with descriptions. <br /> <p><a href="http://www.montefiore.ulg.ac.be/~leduc/cours/ISIR/ISIR-chap10.pdf">High-level Overview of Attacks, Services, and Mechanisms</a></p><br /><br /> <p><a href="http://www.rad.com/networks/netterms.htm">RAD Network Tutorials</a> <br /> - much easy to find info and a glossary. <br /> <p><a href="http://www.spirit.com/Network/index.html">Network Security Articles <br /> by Rik Farrow</a></p><br /> <p><a href="http://www.faximum.com/faq/fax/index.shtml">FAX FAQS</a> - from <br /> FAXIMUM. Very extensive coverage. <br /> <p><a href="http://www.iss.net/security_center/advice/Underground/">ISS Security Center's Underground info</a> <br /> <p><a href="http://www.apl.jhu.edu/~ddml/NETWORK_info.html">My Network Resourcess</a> <br /> <p><a href="http://www.apl.jhu.edu/~ddml/SECURITY_info.html">My Security Resources</a> <br /> <p> <a href="#Index"><i>Back to Index</i></a> <br /> <p> <br /> <DT><B><a name="DOM4">Domain 4 - Cryptography</a></B>: <br /> <DD> <br /> <p><a HREF="http://www.cs.unibo.it/babaoglu/courses/security/documents/intro-to-crypto.pdf">Intro <br /> to Cryptography and PGP </a> - Good intro with useful Glossary - heavy focus <br /> on PGP. <br /> <p> <a href="http://www.montefiore.ulg.ac.be/~leduc/cours/ISIR/ISIR-chap11.pdf">Summary of Cryptographic Techniques</a><br /><br /> <p><a HREF="http://www.apl.jhu.edu/~ddml/SECURITY_info.html#Crypto">My Crypto <br /> Links</a> - several useful links that I have found are here (part of my <br /> security web page). These include two quality sites that have massive sets <br /> of links to numerous crypto sites. Also, see <a HREF="http://www.apl.jhu.edu/~ddml/SECURITY_info.html#CLASS">My <br /> Security Class Links</A> that includes various NIST links. <br /> <p><a HREF="http://csrc.nist.gov/publications/nistpubs/800-7/node207.html">NIST's <br /> Cryptography Overview</a> - good discussion of symmetric and asymmetric <br /> methods. <br /> <p><a HREF="http://www.theatlantic.com/issues/2002/09/mann.htm">Homeland Insecurity</a> <br /> - Atlantic Monthly interview with Bruce Schneier. Some good crypto background <br /> material and a <a HREF="http://www.theatlantic.com/issues/2002/09/mann_g.htm">primer <br /> on public-key encryption</a>. <br /> <p><a HREF="http://www.wikipedia.org/wiki/Cryptography">Wikipedia's review <br /> of cryptography</a> <br /> <p> <a href="#Index"><i>Back to Index</i></a> <br /> <p> <br /> <DT><B><a name="DOM5">Domain 5 - Security Architecture and Models</a></B>: <br /> <DD> <br /> <p><a HREF="http://www.ietf.org/html.charters/ipsec-charter.html">IPSEC</a> <br /> - Charter for IETF's IPSEC with list of relevant RFPs from this group. <br /> <p><a HREF="http://seclab.cs.ucdavis.edu/projects/history/papers/ande72.pdf">The <br /> Anderson Report</a> - Computer Security Technology Planning Study, 1972 <br /> for USAF. <br /> <p><a href="http://www.netapps.org/Events/apr04confdocenterprisesecurityarchitecture.doc">Enterprise Security Architecture</a> - Draft document from the NAC Security Architecture Work Group April 2004</p><br /><br /> <p><a HREF="http://www.radium.ncsc.mil/tpep/library/rainbow/C-TR-32-92.html">The <br /> Design and Evaluation of Infosec Systems</a> - C-TR-32-92. <br /> <p><a HREF="http://www.cccure.org/Documents/HISM/399-404.html">Security Architecture</a> <br /> - from the Handbook of Information Security Management. <br /> <p><a HREF="http://www.multicians.org/general.html">Multics General Info and <br /> FAQ</a> - early mainframe timesharing system, forerunner of UNIX but more <br /> heavily secured. <br /> <p><a HREF="http://www.cs.nps.navy.mil/curricula/tracks/security/notes/chap08_31.html">Matrix <br /> of TCB Divisions</a> - a nice visual aid helping to understand the different <br /> levels of the Trusted Computer Base in TCSEC. <br /> <p><a HREF="http://www.eskimo.com/~joelm/tempest.html">The Complete, Unofficial <br /> TEMPEST Information Page</a> <br /> <p> <a href="#Index"><i>Back to Index</i></a> <br /> <p> <br /> <hr><br /><br /> <DT><B><a name="DOM6">Domain 6 - Operations Security</a></B>: <br /> <dd><a href="%20"><img src="enemyislistening.jpg" width="308" height="433" border="0"></a> <br /> </dd><br /> <dt> </dt><br /> <dd><a href="http://www.cert.mil/misc/links.htm">Links to CIRT Sites</a> </dd><br /> <DD> <br /> <p> <a href="http://www.defendamerica.mil/articles/a021202b.html">http://www.defendamerica.mil/articles/a021202b.html</a></p><br /> <DD> <br /> <p><a href="http://www.nipc.gov">National Infrastructure Protection Center</a> <br /> <p><a href="http://www.rad.com/networks/netterms.htm">RAD Network Tutorials</a> <br /> - much easy to find info and a glossary. <br /> <p><a href="http://www.commoncriteria.org">Common Criteria</a> - ISO 15408. <br /> Be sure to read the <a href="http://www.commoncriteria.org/introductory_overviews/CCIntroduction.pdf">Introduction <br /> to CC</a> - pdf file for those (like us) who don't need to read the full <br /> document. <br /> <p><a href="http://www.harbrook.net/consultancy/ent_wp.html">FCAPS</a> - Fault, <br /> Configuration, Accounting, Performance, and Security - model for asset management. <br /> <p><a href="http://www.inforeading.com/archive/rainbow/">Rainbow Series</a> <br /> - online library - note the Configuration Management and Trusted Recovery <br /> documents. <br /> <p><a href="http://fas.org/irp/nsa/ioss/index.html">Interagency OPSEC Support <br /> Staff</a> - info about IOSS plus links to other good OPSEC sources such <br /> as NSDD 298, and the OPSEC Professionals Society. <br /> <p><a href="http://fas.org/irp/doddir/dod/d5205_02.htm">DoD OPSEC Program</a> <br /> - DoD Dir 5205.2. <br /> <p><a href="http://www.andrews.af.mil/89cg/89cs/scbsi/opsec.html">Andrews <br /> AFB OPSEC Site</a> - has many related organizational and reference links, <br /> including a useful glossary of terms. <br /> <p><a href="http://www.opsec.org">Northrop Grumman IT Site</a> <br /> <p> <a href="#Index"><i>Back to Index</i></a> <br /> <p> <br /> <DT><B><a name="DOM7">Domain 7 - Applications and Systems Development Security</a></B>: <br /> <DD> <br /> <p><a href="http://searchwindowsmanageability.techtarget.com/sDefinition/0,,sid33_gci523855,00.html">Fast <br /> Guide to RAM Types</a> <br /> <p><a href="http://www.itworks.be/objects/">Objects and Components</a> - OO <br /> resources from I.T. Works. <br /> <p><a href="https://extranet.southwire.com/docs/easfg/easvrfgp7.htm">Relational <br /> Database Concepts</a> - a brief review. <br /> <p><a href="http://www.cs.msstate.edu/~cs6990/Week4/Week4.ppt">Database Security</a> <br /> - helpful PowerPoint presentation from a college course. <br /> <p> <a href="#Index"><i>Back to Index</i></a> <br /> <p> <br /> <hr><br /><br /> <DT><B><a name="DOM8">Domain 8</a></B> - <strong>BCP and Disaster Recovery Planning</strong> <br /> <dd> </dd><br /> <DD> <A HREF="http://www.nwfusion.com/research/disasterrecov.html">http://www.nwfusion.com/research/disasterrecov.html</A> <br /> Network World Fusion Research site on Disaster Recovery with a wide assortment <br /> of links. <br /> <DD> <br /> <p><a href="#Index"><i>Back to Index</i></a> <br /> <p> <br /> <hr><br /><br /> <DT><B><a name="DOM9">Domain 9 - Law, Investigation & Ethics:</a></B> <br /> <DD> <br /> <p><a href="http://www.securityfocus.com/infocus/1669">US Information Security <br /> Law - Part 1</a> - from SecurityFocus 2/25/2003. <br /> <p><a href="http://www.thecre.com/fedlaw/legal8.htm">Federal Laws & Regs</a> <br /> - good set of links from fedlaw site but only thru the late 90's. Some additional <br /> related links as well to federal agencies and other security sites.</p><br /> <p><a href="http://dmoz.org/Computers/Ethics/Codes_of_Ethics/">Code of Ethics</a> <br /> from various sources including ISC2. <br /> <p><a href="http://www.faqs.org/rfcs/rfc1087.html">RFC 1087</a> - the IAB's <br /> "Ethics and the Internet". <br /> <p><a href="http://www.lawsource.com">LAWSOURCE</a> - American Law Sources <br /> On-Line. <br /> <p><a href="http://travel.state.gov/mlat.html">MLAT</a> - Mutual Legal Assistance <br /> Treaties. <br /> <p><a href="http://www.educause.edu/issues/dmca.html">Digital Millenium Copyright <br /> Act</a> - many links to resources about the DMCA - from educause. <br /> <p><a href="http://www.net.ohio-state.edu/hypertext/csa-1987.html">Computer <br /> Security Act of 1987</a> - Public Law 100-235 <br /> <p><a href="http://wiretap.area.com/Gopher/Gov/US-Docs/compfraud.act">Computer <br /> Fraud and Abuse Act of 1986</a> - 18 USC 1030 <br /> <p><a href="http://www.gocsi.com/pdfs/duecare.pdf">Why the Due Care security <br /> review method is superior to Risk Assessment</a> - Donn Parker's argument <br /> against using Risk Assesssment techniques. CSI's Computer Security Alert, <br /> Number 212, November 2000. <br /> <p><a href="http://www.kuesterlaw.com/">Intellectual Property Law</a> - from <br /> KuesterLaw - The Technology Law Resource with links to many patent, copyright, <br /> and trademark related sites. <br /> <p><a href="http://www.nipc.gov/legal/legal.htm">Legal & Ethical Issues</a> <br /> from NIPC <br /> <p><a href="http://www.eff.org/">Electronic Frontier Foundation</a> <br /> <p><a href="http://www.epic.org/">Electronic Privacy Information Center</a> - EPIC</p><br /><br /> <p><a href="http://www.cybercrime.gov">WWW.CYBERCRIME.GOV</a> - US DOJ <br /> <p><a href="http://www.usdoj.gov/criminal/cybercrime/cclaws.html">Federal <br /> Computer Intrusion Laws</a> - links provided by CCIPS at the cybercrime <br /> site. <br /> <p><a href="http://www.usdoj.gov/criminal/cybercrime/1030_new.html">Computer <br /> Fraud & Abuse Act of 1986</a> - 18 USC 1030 w/ 1996 amendments - from the <br /> DOJ cybercrime site. <br /> <p><a href="http://www.house.gov/science_democrats/archive/compsec1.htm">Computer <br /> Security Act of 1987</a> - the full text of the law in an easy-to-read format. <br /> <p><a href="http://www.epic.org/crypto/csa/">Computer Security Act of 1987</a> <br /> - Site at the Electronic Privacy Information Center (www.epic.org) that <br /> contains links to additional related info. <br /> <p><a href="http://www.epic.org/privacy/terrorism/usapatriot/">Patriot Act</a></p><br /><br /> - at the EPIC site. <br /> <p><a href="http://www.eff.org/Privacy/Surveillance/Terrorism_militias/20011025_hr3162_usa_patriot_bill.html">USA <br /> Patriot Act</a> - full text (from the EFF site). <br /> <p><a href="http://www.eff.org/Privacy/Surveillance/Terrorism_militias/20011031_eff_usa_patriot_analysis.html">USA <br /> Patriot Act analysis </a> by EFF - very thorough. <br /> <p><a href="http://www.first.org/">FIRST</a> - Forum for Incident Response. <br /> <p><a href="http://www.cert.org/csirts/">CERT Incident Response Team Resources</a> <br /> <p><a href="http://www.legalwks.com/">Glasser LegalWorks</a> - much info (online <br /> newsletters and many links) relating to the legal side of computing. <br /> <p><a href="http://www.lawsource.com/also/#[United%20States]">State Law Search</a> <br /> and <a href="http://nsi.org/Library/Compsec/computerlaw/statelaws.html">State <br /> Computer Laws</a> <br /> <p><a href="http://www.apl.jhu.edu/~ddml/SECURITY_info.html#LAW">more</a> <br /> - additional computer law & forensics resources from my security site. <br /> <p> <a href="#Index"><i>Back to Index</i></a> <br /> <p> <br /> <hr><br /><br /> <DT><B><a name="DOM10">Domain 10 - Physical Security</a></B>: <br /> <DD> <br /> <p> <a href="http://groups.yahoo.com/group/CISSP_ISSA_BALTIMORE/files/Physical%20Security%20/">CISSP_ISSA_BALTIMORE <br /> Yahoo Files</a> <br /> <p><a href="http://www.tibs.org/">The International Biometric Society</a> <br /> is devoted to the mathematical and statistical aspects of biology. <br /> <p><a href="http://www.biometrics.org/">The Biometric Consortium</a> US govt. <br /> focal point for research, development, testing, and evaluation. It is sponsored <br /> by NSA and NIST. See their <a href="http://www.biometrics.org/html/introduction.html">Introduction <br /> to Biometrics</a>. <br /> <p> <a href="http://www.itl.nist.gov/div895/biometrics/about.html">NIST Biometrics <br /> Research Center</a> <br /> <p><a href="http://www.commoncriteria.org/site_index.html">Common Criteria</a> <br /> -site index for the new international standard for Information Security <br /> - ISO/IEC 15408. Includes a list of products that meet Common Criteria evaluation <br /> requirements. <br /> <p><a href="http://niap.nist.gov/">National Information Assurance Partnership</a> <br /> sponsored by NIST and NSA to disseminate information on the status of all <br /> development efforts associated with new security specs and requirements <br /> that comply with the Common Criteria. See the <a href="http://niap.nist.gov/niap/library/20020215memo.pdf">NSTISSP <br /> No. 11</a> FAQ that clarifies compliance with this national IA acquisition <br /> policy for deploying IA products at govt. sites. <br /> <p><a href="http://www.fs-business.com/InformationCenter/faq/FAQHalon.asp">Halon <br /> 1301 FAQ</a>. <br /> <p><a href="http://www.fs-business.com/informationcenter/faq/FAQHalonAlternative.asp">Halon <br /> Alternatives FAQ</a>. <a href="http://www.reliablefire.com/fm200/fm200.html">FM-200</a> <br /> is supposed to be the most effective alternative. <br /> <p><a href="http://www.cccure.org/Documents/Physical_Security/fm3-19.30.pdf">Army <br /> Field Manual of Physical Security</a> - (314 pages). recommended sections <br /> are Physical Barriers (c.4), Lighting (c.5), Security Systems (c.6), Access <br /> Control (c.7), and Lock and Key (c.8) <br /> <p> <a href="#Index"><i>Back to Index</i></a> <br /> <p> <br /><br /></DL>Anonymoushttp://www.blogger.com/profile/13671620790897904028noreply@blogger.com0tag:blogger.com,1999:blog-6351234.post-90466824395583415122007-06-08T08:06:00.000+01:002007-06-08T08:06:47.981+01:00I have been thinking of blogging this one for a while. For those who admire the Victorian period but but do not want to lose all of the technology that they use daily. <br /><br /><a href="http://steampunkworkshop.com/index.shtml">The Steampunk Workshop</a> is producing the goods for those Victoriana Tech-Heads.Anonymoushttp://www.blogger.com/profile/13671620790897904028noreply@blogger.com0tag:blogger.com,1999:blog-6351234.post-82054773848356254082007-06-05T11:26:00.000+01:002007-06-05T11:28:51.414+01:00Best new firefox plugin is <a hrefhttp://firegpg.tuxfamily.org/>Firegpg</a><br /><br />Use it with <a href=http://www.gnupg.org/>GPG</a> to sign and encrypt your Gmail emails easily.Anonymoushttp://www.blogger.com/profile/13671620790897904028noreply@blogger.com0