November 30, 2016

CCIE Security Written Update

At this point, I find myself getting to the end of my "restudy" plan for the CCIE Security Written. I have one INE video series and two small books left to complete and it's time to step up to the plate again. I will admit - it is scary. Not scary as in fear of the unknown. Not scary like I'm gonna die (read: roller coaster ride). But scary in the way that I am basically placing a $400 USD bet that I know this material. If I am wrong, I lose what I consider a good chunk of money. If I am right, I get to begin my prep for the CCIE Security Lab. I realize this fear exists and I am facing it instead of feeding it.

My main challenge with fear is that I procrastinate. This can manifest in two ways. One is that I come up with all kinds of "other" requirements that eat up my study time. I have been able to combat that symptom this time. The other way to procrastinate is to over study. To combat that symptom, I have begun blogging at my CCIE Study site:

CCIE Study - Security Written Category

I'm going through the blueprint and writing about each section. People are welcome to use this to enhance their study, but it will not be complete or in depth. Writing about each topic completely would be like writing a 700+ page Study Guide (that is needed but does not exist). That would really be procrastination. Note: there is a Study Guide but it's really old and does not cover the current Version 4.1. So it's going to be my notes and a discussion of things on each topic that I want to reinforce and remember. Although another candidate may get some use out of reading the posts, they would get more out of creating a similar site.

And once I cover the topic and write about it, I'm marking it off the list. Each topic will be "put to bed" one-by-one. At the end, I will take the test. That gives me a hard stop.

My previous post here about CCNP cert renewal discussed taking off the pressure by not using this exam to renew my certs (due to the upcoming deadline). That was good for my stress level and has made studying much more pleasant. But it also removed the push to get this done relatively quickly. So now I have a hard stop and a well-defined plan. All that's left is to execute.

The other symptom that can arise as time marches on and I'm continually studying is - getting itchy. The reaction to procrastination is an impulsive urge to "just do it" and rush headlong into the task. That would not be good. Taking the test before being completely ready will cost $400. So in that way, the blueprint posts also help. They keep me going until they are completed.

In case you're wondering, the blueprint will be displayed in reverse order on that page. Posts are displayed with the most recent on top. So as I go through the blueprint, it will be displayed in reverse order.

Happy Studying!

Posted by BlueWolf on November 30, 2016

October 09, 2016

MySQL, Exams and more exams

As you can see, I have been blogging a lot less frequently. So when I decided to take some time to update a few blogs, I found an error trying to log in:
"Connection using old (pre-4.1.1) authentication protocol refused (client option 'secure_auth' enabled)"

Fortunately for me, my hosting company had upgraded the MySQL server and the password that makes the site work suddenly didn't (but glad security updates are being done automagically for me). For the technical information click the link - but in a nutshell the upgrade uses a longer hash. I went into the interface provided by the host and reset the password and the blogging login started working again. Just in case anyone else runs into it - I thought I would start with this info...

I've been using Win 10 for a while now. Still not fond of it, but I have adapted. As predicted, it is good for my family. The learning curve was not that steep and I was able to add shortcuts so that navigation is easy. Most users (not in IT) are going to use a small subset of programs - and most of what they do is email and browser based. It's only us geeks that try to do stuff like use a serial port (or a usb to serial adapter) and other such silly things. So all in all, the upgrade was not that painful.

I am still studying to take the CCIE Security Written again. I've done a ton of studying and I feel like I'm getting close to being able to take my next shot at it. I have learned a lot since that last attempt. One of the things I realized is that the test is _adaptive_ (ugh). I must have missed something early on regarding IPv6 - since it seemed like there were a ton of those questions. Yes, it was a weak area - since none of the businesses in this area use IPv6, so I don't have a lot of experience with it. But the adaptive nature of some exams will find that weakness and hammer it. So I have been working on that area. There is a lot of material to cover and since I last took the exam - it has changed versions. So NOW I have to add the "Evolving Technologies" to the study list. This is good and bad. The good part is that this section is on all the CCIE exams now (all tracks). So you learn it once and it applies multiple times. The bad part is that this is new technology and (just like the Security track) it has limited information available. I have had to cobble together resources to learn this stuff.

While I was researching and preparing for the CCIE Security Written exam, I noticed that my current Cisco certifications were quickly approaching the recertification date. Since my risk appetite is rather low... I paused my studies to recertify. It only takes one CCNP Security (or Route/Switch) test to recertify all the CCNP and CCNA level certs. My thoughts were to take one - which would at least cover / review part of the same Security information I was studying anyway. And again, I found that there were very few materials for this. I wanted to take the SENSS test since it focused more on firewalls, but found there were no books for it. I ended up taking the SISAS (and passing) since it had the most material available.

To prepare for the SISAS I used the Cisco Press Official Cert Guide, INE videos (23 hrs), AAA Identity Management Security book (Cisco Press), Cisco ISE for BYOD and Secure Unified Access (Cisco Press), Cisco Live webinars (they are archived online), Cisco Bring Your Own Device (BYOD) Networking LiveLessons [Cisco "livelessons" series on Safari Books ]( 5 hrs), and Cisco TrustSec LiveLessons [Safari Books] (5 hrs). Yes, this is what I consider an adequate amount of material for exam prep.

I really dislike that Cisco has exams that do not have a current Cisco Press book matching the exam. The Cisco Live presentations (from over a year ago) mention that a book is coming out soon - and the books mentioned are still not available while the exam continues to constantly update. How do they expect us to keep up with it if they can't keep up with it?

Oh, and while I was at it - I studied and recertified my Wireshark certification so I could focus on CCIE Security from now until I get it. So all my current credentials are updated and it is time to move forward. [Note: the videos alone are putting me well over the CPEs to keep the CISSP and Wireshark in good standing.]

One other thing I found in my travels that may be helpful to someone - FedVTE. There is a Federal Virtual Training Environment that is now open to all vets (not just current gov/mil personnel). It has a ton of free cybersecurity training on a wide range of topics. If you have a .gov or .mil address, you can sign up directly - FedVTE - or if you are a veteran, you have to take an extra step and verify your service on the Hire Our Heroes site to get access to FedVTE. Some of the training is a bit old (a few years), but most of it is teaching basic concepts that do not change. They have courses from CompTIA A+ to CISSP prep. Some of the classes have quizzes and some don't - but there is a "Transcript" area where you can keep track of your completed training (and print certificates of completion). If nothing else, it's a good place for free CPEs (if you qualify).

Posted by BlueWolf on October 09, 2016

January 17, 2016

Windows 10 - 1 down, more to go

I downloaded and installed Windows 10 back in August. Since it was on my test laptop, I didn't really get a chance to fiddle with it much. But now I see my family is noticing the Upgrade to Win 10 nag screen on their computers. They're now starting to ask...

So I went back to the test laptop to check it out. I am so not happy about moving to Win 10 - but that's just because of the way I use my computers. However, I do see that it is inevitable and I'd rather upgrade now free than later and have to pay.

Like a good geek, I updated everything before I started poking around. You have to make sure that your Norton is updated before you upgrade. Since my laptop had been offline for a while, I tried to update... Failed. Norton tells you to install a patch. Failed. What I ended up having to do is uninstall and reinstall Norton to get it to work properly. Not a tremendous deal - but it's something you may want to keep an eye on.

Then I tried to look at some of the "new" apps that Win 10 has added. This is where it went sideways again. It asked me to log into one of my Microsoft accounts - and when I did, it changed my start up logon to be that Windows mail account instead of my local account. Grrr. Not nice. I was able to go into my account pages and set it back to the local account, but again - something to watch out for... How many users are going to realize what just happened and know to use the mail account/password instead of the password they have been using for years? They will think they just got locked out of their computer.

So once I had a reasonable handle on using this, it was time to start upgrading. I started with my mom. I took my test laptop to her house and had her use it for a little while. She seemed to have no problems with interacting with the new OS. She even watched a video on "Onenote" while I upgraded her machine. [Go mom!] I think Win 10 will be good for her and fit in with the way she uses her computer. All of the things I don't want - she could use. So I upgraded her laptop...

Just an FYI - the upgrade speed will depend on a number of factors. Do not try to do this when you're pressed for time. The upgrade on my laptop with my Internet connection took less than 90 min. The upgrade on my mom's laptop with her Internet connection took almost 4 hours. The RAM and CPU on that machine were chugging along as fast as possible, but it still took quite some time. So plan for the worst and hope for the best.

Mom uses Microsoft Live Mail for her mail accounts. Those transferred perfectly - no issues. It took a little juggling, but I managed to put the tile on her start menu for her. Note : the "Mail" tile is not configurable. What I ended up doing was - delete the mail tile and right click Windows Live Mail on the Start menu and select "pin to start" to get the tile to show up.

The "news" application is a bit annoying to me (but Mom is okay with it). You cannot configure the news sources or feeds. You can only configure the categories of content. The "Weather" tile is nice - and you can go in and configure your location. However, when you go back to the start menu to check it ...wait for it... yeah, there it is. It takes a while to show up once you change the location.

Cortana is not easy to get rid of... But you will probably want to go into those settings and fiddle with it a bit. Once it finally realizes you don't want Cortana but DO want the search bar - it shows up. But you have to fiddle with it a bit to get it to stay that way.

The Edge browser really really sucks. There is a difference between the "Start" page and your "Home" page. And it's really hard to get your settings for the browser to persist - unless the browser realizes that you've completed your configuration and that's really really the way you want it. Ugh. Change it. Check it. Close the browser and check it. Reboot and check it. And eventually it will give in.

Here's what I don't like about Win 10:
Much of the configuration is taken out of your hands. There are a lot of "automatic" things that you can't change or configure. I'm used to customizing things so that the computer adapts to the way I work, not me adapting to the computer. For instance : if you're going to give me a news reader - I would like to be able to adjust not only the categories, but also the sources. I would like to use my own feeds, not yours. If you're going to have a Technology category - I'd like to be able to put "real" geek sources in that - not your Washington Post Technology section. And...I don't need you to update my computer on me automatically. I have been doing that very well and diligently for over a decade. I also don't like the way it tries to invade your home and the other devices around you. That used to be a _feature_ that distinguished PC from Mac. Now you're just like Mac with its snooping and trying to connect with everything from the toaster to the tv. And someone somewhere probably got a bonus/pat on the back for the new start button menu. Everything is alphabetized - with a big LETTER between items. I don't like that - it looks ugly. Only your Internet Explorer bookmarks will migrate to Edge. If you have Firefox and want to switch to Edge, I suggest you export and import your bookmarks from FF to IE before you upgrade. Then import them into Edge.

What I like about Win 10:
The tiles don't take over the computer like Win 8. Windows Live Mail migrated without a hitch. If you know the application you want, you can use the search bar to get to it faster than the start button. You can tile your frequently used apps to make them more accessible.

I think Win 10 will be good for my family members. For the most part, they use their computers to read email and surf the web. Mom uses Facebook. I was able to upgrade and set up her start menu so she has easy access to all the things she uses. There was even a free Facebook app in the Microsoft store - which I put as a tile in her start menu. As for myself ( and those who enjoy customization), I think I'm going to start looking at the registry to see if the things I want to customize can be configured. I may wait a while before I upgrade my other devices...


Posted by BlueWolf on January 17, 2016

January 09, 2016

CCIE Security Written Attempt

Yes, I know it's been a long time between blog posts here. When I do get a chance to blog, it's normally on the CCIE Study Notes blog. If you look in the Cert Battle Status - the certs I am currently aiming towards are the CCIE (R/S and Security). The battle has not been going well, but is still ongoing and has recently renewed vigor.

The toughest part of any of this is doing it while employed. Sometimes projects at work take over your "extra" time or wear you down and you're too drained to study after work. Not that I'm looking to be unemployed - but I've heard from multiple people that the only way they got the CCIE was to take time off work (months) and immerse themselves in it. I hope to not use that technique because then you have a tighter limit on your financial resources - which can also hamper your studies. [Rack rentals are expensive and so are tests.] The contract I am on will end at some time in the near future (we still don't know when) - so I have planned for that possibility. I am interviewing, but since I still have a job at this time - I'm a bit more picky than if I were unemployed. And if the music stops at some point before I find my next position, I will immersion study while looking.

For those who don't see me on a regular basis - my emphasis has moved from the R/S track to the Security track. I will be pursuing both, but if I get the R/S CCIE first - I am concerned that I will be pressured back into a Networking position and I would rather be in Security. R/S is a means to strengthen my Security skills rather than an end to itself - for me. So the recent focus has been on studying for the CCIE Security Written.

And yesterday I sat for the exam. Notice it doesn't say "passed" and have multiple exclamation marks. I did not pass. There goes $400... Yes, the exam is $400 now (up from $350) and unless you pass, no workplace I know will reimburse you for the attempt.

The test has changed - drastically- and it appears I studied for the prior test. I've been through the first half of IP Expert's Video on Demand class. I went through the INE Advanced Technologies videos. I went through the All-in-One Study Guide. And I know the material. However I know it in the incorrect format. All the previous CCIE Written Exams I have taken (and I have taken and passed 3 times) have all been the same. This is different. It's like they went from multiple choice to answering in Jeopardy style (form of a question).

Previous format of the exam was mostly multiple choice. There were multiple choice with "best" answer and multiple choice where you have to select "all that apply" (which are harder). Then you had your 5 or so questions that used exhibits. They would have snippets of code and you would have to answer questions based on the code or configuration displayed. Or you would be given a diagram of an environment (with or without a small part of a configuration) and you had to select from the various potential configurations to complete some task. And then there were always the drag and drop questions to match terms and their definitions or order the steps of some process. But there were only a few of those and you could take your time on them because the single answer multiple choice can be answered so quickly. Granted, the "weight" of each question is a mystery and you always knew that you _had to_ get those exhibits correct or you would not pass. Maybe you could screw up one but if you nailed the others, you had it. That was the old exam.

Granted, I know that Cisco is striving for tough tests. They want you to know that passing the test MEANS SOMETHING because it's not easy. Back in the 90s they tried "toughening" the test with a lot of "trick" questions. Then later they "toughened" the test by not giving you enough time to thoroughly read and analyze the question. Then they turned to "configlets" and chopped the question into multiple parts with a scrolling screen and multiple areas to view scenarios and answer questions. It turned the "100" questions into really 120 or so with the little sub-areas of question X, but it was an attempt to raise the bar. Now their newest little trick is : more exhibits.

As I sat for the exam yesterday, one phrase kept creeping into my head: Death by Drag-and-Drop. This is the newest iteration I've seen for strengthening the exam. And I really think it stinks. That's not how we do our jobs. We don't put things in tables or order the steps of a technology. Most of those steps are involved WITHIN the technology itself and are transparent. Now I can see ordering the steps of the Security Agreement (SA) establishment. THAT has value. If you can figure out which step of the process is failing, you can more quickly troubleshoot the issue. But to memorize the steps of the things I saw on that exam - well...let's just say that some of them are arbitrary and just the way someone organized it in their head. Or the matching questions - it seemed like it was just a way to ask multiple questions within the same question number. It seemed like the drag and drop was put in there for the sake of dragging and dropping so it would be "harder" in some way.

And the content ticked me off too. There was a HEAVY emphasis on IPv6. Now, we knew this was coming... eventually. And there was a certain level of IPv6 familiarity that I already had down pat. After all, this content is also in the R/S exam that I passed three times - and the IPv6 questions were never a problem. One of the things about IPv6 is that it's only something that you use for the test. It will be a very long time before I work in an IPv6 environment. But I know that this is a _global_ test and those that work globally must deal with IPv6 in their jobs. So that realization became a point in their favor that I begrudgingly gave them and accepted. But I didn't see anywhere (blogs, trade articles) that this emphasis had arrived. I will be ready for it on the next shot.

IPv6 was not the only content that surprised/irked me. There are multiple tables of content that apparently they require you to know/memorize. And with the test I saw, it gave me the "flavor" of what could possibly be on the next test they put in front of me. Granted, some of the questions will be the same but there will be some different ones (or could be depending on the questions drawn from the pool).

Like I said, I studied for this exam. I believed I was prepared. Had I taken a prior version of the exam - I certainly would have passed. But this is different. None of the materials I used (IP Expert VoD, INE Advanced Technologies and All-In-One Guide) will prepare you for this current iteration of the exam. They are great prep for the prior exams - this is new. And there is nothing out there that will prepare you. I've been here before. For some reason the Security track often goes through periods where the source materials are either dated or non-existent. I dealt with this on my way to CCSP. I had to read the Raw Cuts version of the ASA book online before it was published to sit for my exam. And likewise - I will now have to create my own study guide from the source materials and the Exam Blueprint. Hopefully my next post will discuss how I passed.

Posted by BlueWolf on January 09, 2016

August 02, 2015

Win 10 Install

This is not a "how to" on the install. Seriously, if you need that either let your kids do it for you or shut your eyes, cross your fingers and click. It's a really easy install from the user perspective. Microsoft has this set up as a "Windows Update" in just about every way (looks like the way I upgraded my mac....) [Note: the entire upgrade process took over an hour - but less than 90 min. Your upgrade time may vary.]

So what I did for my install was that I turned off all the networking components on the laptop except for Microsoft Client and IPv4. I disabled my wireless card. Then I plugged my ISP provider's router into a switch - which then connected to the laptop being upgraded. I spanned the port to a connection on another laptop where I was running Wireshark to capture the packets being sent and received by the upgraded device. For the most part, this should capture traffic to and from the device as it is installing and upgrading. Note that the actual download of the software occurred "in the background" when I "reserved" my copy of free Windows 10.

Now look at what we think is going on... You think that you've already downloaded the operating system and all it has to do is install it. So why would it need an internet connection to complete? There were quite a few packets in the capture and it's going to take a while to go through them. But this will tell me what servers it connected to during the update. There were multiple public IPs in the capture. It will be interesting to find out if they all lead back to Microsoft or not.

One of the things I did not do during the upgrade was check the wireless traffic. I do have an AirPcap adapter so I could do that at a later date. I would like to see if the upgrade turns on your wireless card to see what other devices are on your network or in your vicinity. And I should probably check for any attempts to reach out to my Bluetooth devices. But that will be at a later date. And...regardless of install - I would think that if it wants to know about all your devices, it would poll at regular intervals after the install.

So if you read my previous post about the Agreement you signed for this... you will know that Microsoft wants you to agree to send them certain information. So Microsoft wants to know -where- you are using this software. What device in what location? Realize that you are sending that information and that is what you agreed to get this software for free. Oh - and that's just the start. If you think that the agreement will be different when you pay for, it won't. Same agreement - more money out of your pocket.

Now, I'm not saying don't upgrade. And I'm not saying that Microsoft is doing anything malicious. What I'm saying is that you should be aware that you are giving out this information - and giving Microsoft more control over your computer than you may realize.

Let's say you're an upstanding citizen of the US. And you only use your desktop/laptop to surf the web at home. You watch movies, you send email to your friends and you sometimes use the computer for games when you're bored. Hell, yeah - save yourself some money and get your free upgrade. Let them look, you're doing nothing wrong and you put most of everything you do on Facebook anyway...

1) Know that if Microsoft (assuming well-intentioned) can see this data - so can a malicious person.

2) What if you're an upstanding citizen with a sensitive job?

More to follow once the trace file is analyzed.

Posted by BlueWolf on August 02, 2015