Tag Archives: Security

How I Passed CISSP exam successfully

Security, , , , , , ,

Although the idea of taking the CISSP exam had been lurking in my mind from a long time, I could only book the exam on Dec 9th 2008 after a friend of mine did and I also decided to jump the bandwagon….Moral support you know 🙂 The date scheduled was Jan 31st 2009. From the cccure.org forum it looked as if the average time was 3 months+ minimum so the thought of race against time to be prepared was ON right from the moment I had booked exam.

I had chartered a tentative time-table by allocating roughly about 5 days per domain. Although it was difficult to stick to it, it surely helped me in terms of expectations and in the end I was able to work through it almost, per schedule. I relied heavily on Shon Harris AIO 3rd edition (which I had bought in 2007! but kept procrastinating from studying!) and Ronald Kurtz’s CISSP Prep Guide Gold Edition. Once I got to know from the cccure.org forum on the differences between 3rd and 4th edition, I decided to stick to 3rd edition.

However, my advice would be to go with the 4th edition as new topics like SAN, Data on Transit, etc are not covered in 3rd edition and I remember seeing them in the CISSP Candidate Information Bulletin.

I have about 7 years of experience in IT and Security. My current experience in Technology Risk Management and previous stint with a startup company was instrumental in understanding the concepts required for Operations Security, Access Control, Physical Security, Telecom and Network Security with implementation experience.

Very recently in November I had successfully completed ISO 27001 LA course and couple of years back had done a course in Cryptography from Indian Institute of Science, Bangalore as part of continuing education program. Last year, I had completed Diploma in Cyber Law from Mumbai University to get some insight into law in technology. So the buildup was there but without CISSP in mind.

I have never studied like this in my whole life including the 10th and 12th standard which most people in India consider as turning points in ones lives and that too with so much intensity was a long task. My wife along with one and half year kid decided to go her Parents place for a month so that I could concentrate properly. So this holiday season was totally bland for me considering I missed the family, Christmas vacation and usual new year parties!

As for studies, I used to study for couple of hours everyday in the night towards the last two weeks, this increased to 8+hours as I had taken leave. I would read complete chapter in AIO and then take the test at the end of chapter from both AIO and Prep Guide, the mock exam for each chapter that came with AIO and the exams here at the cccure.org site. I did find lot of difference in questions of AIO when compared with questions in cccure.org site and that’s because these questions are contributed by folks like us who might have already cleared CISSP and used their real life experience in framing them. Towards the end, I did mock exams for each chapters from cccure.org site and at end I also did a mock 6 hour exam with a OCR answer sheet (of a different exam from google) that I downloaded from the NET and for this I used the 250 questions from the freepractices.org site to prepare mentally for sitting 6hours!

I also used the various members contributed materials like Mike Overly updated material, Hal Tipton pdfs, FAQs, Memoirs etc apart from NIST guidelines. All of these are except NIST guidelines are available at cccure.org website

During Exam:

I had jotted down points from Cccure.org’s Clements’ introductory video on CISSP exam (I would strongly recommend this to anyone who is interested in taking CISSP exam) and based on the inputs from various members in this cccure.org forum, I decided to take some fruit juice, a self made sandwich :), and water to the exam hall and I somehow sneaked time to have a quick munch apart from three loo breaks. At the exam hall, coffee and tea were made available outside. Although I had taken pencils, sharpener, erasers and a dictionary, I relied on the pencils
provided by ISC2. I wish I had kept one of those pencils as souvenirs!

When I started I wasn’t sure about the first 5 questions or so…but then I remembered some suggestion which though sounded weird -it was to start from the last! Once I was sure of the answers, I would transfer them to the answer sheet and the ones I had doubts I would mark them in question paper for later review. I used the full six hours for the exam and wasn’t sure that I would make it and the thought of blowing away INR 28K/550USD was buzzing in my mind. Later I started to think about other things that I had missed in these time…from last couple of days I was thinking about that email from the ISC2 and it did arrive on Thursday….I was actually thinking about letting my wife read that email first…but gathered enough courage to see it myself and was glad to see the congratulatory message of passing…atlast the efforts had paid off! Thanks to ALL here in this cccure.org forum, my friends and Family!

Must Have’s (recommendations) for CISSP:

-CISSP Candidate Information Bulletin from www.ISC2.org
– Check the materials and forums at www.cccure.org website
-Clement’s introductory video on CISSP (I have posted the URL above)
-Shon Harris AIO book(s) 6th Edition is available from Flipkart.com at a discount
-NIST guidelines
-5+ year experience in any of the 10 Domains of CISSP Common Body of Knowledge. Practical or implementation experience would do a lot good.

Good Luck and May the Force be with you!

Prasanna

Best practices, network outages and…..resolutions !!!

Security, , , , ,

 

One of the first things I would advise for any IT Guy is to profile his network and system infrastructure. It is very essential that you document all and every network-enabled device. It will assist you to greatly in planning any upgradation to your company’s IT infrastructure, you want to take a system offline for maintenance, OR more importantly you have to quickly and effectively resolve any outage. Some of the key things to include would be as follows:

    • Architechture of the network.
    • Public IP addresses and their mappings if NAT is assigned to devices within network.
    • Number of Routers / Switches / Firewall devices / Modems / Access Points / VoIP phones.
    • OS and firmware versions running on each of these network devices.
    • Always Backup ALL configurations on a network repository or on a DVD/CD.
    • Take snapshots of the configurations of critical resources like Firewall settings / AV Server settings / DHCP / Routers etc. It may be more than handy when you are configuring a newer device or rebuilding the device if the backup configuration is not working.
    • IP Addresses and more importantly MAC addresses of all the network enabled devices.
    • Network points/node numbers assigned to each user.
    • Remembering a series of usernames/passwords can be quite a task for anyone. Storing them in a Excel or Word with password protection is not recommended because they can be cracked. Instead, Store the Passwords/usernames in an excel file and then encrypt it with a key. You can use a tool like PGP for this.  [UPDATED] You could use Keepass / Lastpass for password management!
  • Also, make sure that the employees in the company are aware of the Threats / Trends/ best practices for safe computing. For the starters, clearly communicate the IT Policies, Do’s and Don’ts.

Let me share an experience with you that happened few days back in the office:  It was the day as usual at the office – corporate mails, checking router health, Backup status on the drive, Server health, MRTG graphs, Helpdesk stats…. Since ours is an R & D company lot of devices are in and out of the LAN frequently. Around afternoon that I got a call from couple of users complaining that they are not able to access the internet, our web-based helpdesk is located in a Co-Lo and it was inaccessible as well….hmm… getting ready for another day in the paradise.

First things first, I telnetted to router to see if the Internet link was down. There were no problems with the link and it was working fine. Now the slightly scary situation…..I logged into the our Unified Threat Management system to check if there were any issues with it, and was hesitantly scrolling down the list and all of a sudden i see that the number of sessions had quadrupled to around 1000 and still increasing! Under normal circumstances, the number of sessions always used to hover around 200 and the maximum supported by the device was 2000.

What could have caused this? Intrusion? Virus attack? Switch poisoning? My heart was pounding as I was going through pages and pages of logs and at last I got hold of the culprit. It was another DHCP server on the LAN! A rouge DHCP server, you can call it.It was not over, as the log generally tracks the MAC address only with no inbuilt functionality to capture device name. The next thing I checked was the excel file where I had stored all the MAC addresses of the network enabled devices in the company using an Open Source utility called Angry IP scanner. The MAC address matched with one of the LAPTOP, it was a Fujitsu laptop, but it was used for testing, hmmm…kinda floating laptop.

I wasnt sure who was using it and the thoughts of running three floors up and down was lingering in my mind. I checked with the QA team, Hardware team which led me to the Apps team. There, was our user blissfully ignorant about the issue he had created.He was testing an app called winproxy, which apart from acting as a proxy also functions as DHCP server. What amazes me is the ignorance of the users when it comes to reading the Readme file or the Do’s and Dont’s of using an application. I did give my piece of advise to our dude, and henceforth any testing of newer equipments on our LAN will be on an isolated network. This is what prompted me to jot down the points that helped me resolve this issue in under 15 minutes. Hope you find it useful. Regards,