Other certifications to be considered

I know that I am barely stared on my CISSP certification, but I am already looking at what will becoming up next.

As I stated from the beginning, I already started on my CWNA certification study as well, however, I will not continue full on with that certification until I complete my CISSP certification in November 2013.  Few other certifications that I am considering are the following.

1) PMP Certification – Project Management Professional (PMP)  from Project Management Institute

2) ITIL v3 Fundamental certification  –  Information Technology Infrastructure Library (ITIL) is a set of practices for IT service management (ITSM) that focuses on aligning IT services with the needs of business.

I believe these certs will add on the my credentials.  The CISSP should help on the ITIL cert since there are some similar domains.


Question of the Day for CWNA studies

Although, I sort of put my CWNA studies on the back burner because I am focusing fulling on the CISSP studies, I still trying to do some simple reviews on CWNA once a day.

The offers a really good Questions of the Day multiple choice quiz every day.  It is a new question every day to test your wireless knowledge.  Check out the link below.

Since the questions changes everyday, when I finish answering the question and get the correct answer, I use the clip to evernote extension in Chrome to keep a copy for future reference.  It is a great way to build up a free question library and a good way to keep your wireless knowledge fresh.

CISSP Resources

More study help and downloading flash streaming podcast as mp3s

So I am really bad at trying to stop looking for more ways to getting free training information and start studying more… so I will share what I’ve found.

I thinks these overview should not be your primary study material, but it is good to listen to refresh what you read or to get your feet wet on each one of the domains.

First more free video training.

Based on Shon Harris’s CISSP All-in-One book is a FREE 10 video overview for each domain by SearchSecurity.

Just scroll to the bottom and click on the video.  You will need to provide a valid email address. Oh and also videos 6-10 are in the links in the comment of each video page.


Second, as I mentioned in my previous post, based on Eric Conrad’s CISSP study guide there is a 10 audio podcast.

So the problem with Eric Conrad’s CISSP audio podcast is that the audio files are streamed in a flash application and my iphone doesn’t support flash and most of your web plugins such as FVD downloader in Chrome extension doesn’t detect the audio files, so I can’t download it that way.  So since this is a security / hacking blog the following is a tip.

tl; dr.  USE rtmpdump

So how I found this solution is as follows:

1. In Chrome, I used inspect element and resources tab. Look under

podcast.php / XHR / mp3_playlistXML.xml

I found this

So each line in the xml fine shows the location of each file and it is streamed by RTMP

For example first podcast,

<videoname flvurl="rtmp://"desc="Podcast 1 - Domain 1"/>

2. So I found RTMPDump.  RTMP = Real Time Messaging Protocol

and in short

 rtmpdump -r "rtmp://" -o domain01.mp3

And repeat for all the other domains and mp3s.  There you go.  I hope it helps.


Access Control Authentication Factor based on Location

While I was listening to the Eric Conrad’s podcast, which by the way is another free CISSP resource, I learned something new that I thought was interesting.  When I was getting my masters in Information Assurance from ISU, when we talk about multi factor authentications, we always talked about 3 unique factors.

  • Something you know (e.g. passwords, passcodes)
  • Something you have (e.g. key fobs, ID cards, key cards, tokens)
  • Something you are (e.g. biometrics such as finger print, DNA, retina or iris scan)

This is talked about very often in every IA/security text book, but Conrad talked about something that I thought about but not really think it is its own category that is the following.

  • Where you are located (e.g. gps location)

This is very interesting because for the first time in human history, we can actually track almost every user with the ubiquitous use of cellular phones by everyone.   This means that your location can be an authentication factor.

For example, if there is a location assigned for the computer or a device that you are trying to access and if you are trying to access that device.  The device will verify your location to see if you are in proximity of where it is and provide a second factor of authentication.  However, this should only be used as a second form of authentication and not as a primary means to authenticate.

What is interesting is that I’ve actually done research on this topic back in 2010.  I presented a short IEEE paper in Macau on Secondary User Authentication Based on Mobile Devices Location.

Now, I don’t completely agree that this should be it’s own factor of authentication, I believe it is a subset of “something you have”.  The reason is in order for you to have a location, you must have your cellphone or some sort of device that transmit or provides a location ability.  In that case it is no different than having a key fob or an ID card.

But it is still interesting to see that Conrad considered location as a factor of authentication.


CISSP Resources

Free CISSP Class from IT Masters and Charles Sturt University in Australia

Amazing!!!Watch Full Movie Online Streaming Online and Download

IT Masters and Charles Sturt University in Australia is offering, free, a six weeks online course designed to prepare students for the Certified Information Systems Security Professional (CISSP) Security Certification.  This type of course is typically around $1500 to  $3800 US.

The course will run over six weeks starting from Wednesday July, 17 2013 (tomorrow) with lectures via weekly 90 minute webinars from 12:30 -14:00 hours AEST (7:30 pm PDT) each Wednesday.  Because of the high demand they are also opening a second class from 15:00-16:30 AEST (10:00 pm PDT) .  The classes will be available for video download if you can’t make the actual class.   In addition, students will be asked to do a total of 10-12 hours of study between webinars.

So what are you waiting for?  Go register and see you in class!!!