January 05, 2017

Section 3 done!

OMG. This is amazing. I actually just finished section 3 of the blueprint. [Despite the lure of a TZ marathon.] That means I've covered 38% of the blueprint already. I'm only blogging about this so I have an idea of how long this is taking. Section 3 went faster than Section 2, so there's not really a way to plan out a schedule and estimate an end time.

Some of the topics within the blueprint are more "meaty" than others. And some topics take up more discussion than others. But I am satisfied with the way things are going with this study method. And I'm very confident about the first three topics - and therefore about 38% of the test so far.

The next section covers "Threats, Vulnerability Analysis and Mitigation." It's about 10% of the exam - so out of all those 18 listed topics, only about 10 questions will be from that section. I'm looking forward to it because those are really topics from C|EH and CISSP study materials. It should not take that long to finish. The section after that may prove a little bit more lengthy. Section 5 is "Cisco Security Products, Features and Management" and covers about 18% of the exam. There are 15 sub-topics - each with their own sub-topics. That's probably going to take some time to tackle.

I've already gotten myself into the habit of writing on the topics. And I've overcome the inertia associated with starting any new project. Sections 5 and 6 are going to be the "heavy lift" of this process. Together they are worth 34% of the exam. But once that's done, it's a brief coast to the finish! Section 7 - "Security Policies, Procedures, Best Practices and Standards" - is only worth 8% of the exam. However, last time I took the exam, this was the section that I really knocked out of the park. Of course, it was a different version of the exam (4.0), but that section probably hasn't changed much - even if the questions about it change. And then the last section is about "Evolving Technologies." This is yet another section that's only 10% - and I think I have the ideal book to cover this material.

Yes, this is a lot of work. That is the other reason I'm blogging about it - so it's visible. Once you take the test and pass it, people no longer see the effort that went into it. I want to be able to have something to point to and have something visible - so they understand what it takes to get there. You can tell them it's a lot of hard work - but if you show them your work, it's a bit more comprehensible. And there's still so much to go...

Posted by BlueWolf on January 05, 2017

January 01, 2017

Happy New 2017 Year!

Apparently The Twilight Zone kept me up long enough to see the ball drop (on tv). So as I'm watching this, I (naturally) decide to Google "Rod Serling" ... yadda yadda... Oh, what's this? Patterns by Rod Serling. I start to watch it and see:

OMG. A switchboard! How cool is that? I absolutely love being able to see things like that. After all the shows I watch with futuristic themes, it's nice to see something really old. Oh, and it was cool to see a young Elizabeth Montgomery too. You see the whole "Bewitched" crew on Twilight Zone in various episodes. And I'm hoping to catch Burgess Meredith in "Time Enough at Last" and "Mr.Dingle, the Strong" and "The Obsolete Man" (which I was just blogging about recently). Well, the Twilight Zone marathon is going on all weekend. This is definitely a good way to start the new year.

Posted by BlueWolf on January 01, 2017

December 31, 2016

Happy New Year - Happy New Section

Good Riddance to 2016 - and let's get ready for 2017! It's been a long time since I "went out" for NYE. Granted, I've had my share of nightclub NYE parties. Some I went to, others I worked! But that was a long time ago (before the Internet was popular). And I've had my share of house parties - they were fun too. Good food, playing with Christmas presents, and staying up late to watch the ball drop and have a sip of champagne. I've also had a few NYEs where I didn't even stay up (or fell asleep with the tv on). So this year it's a coin-toss if I'll see the ball drop in Times Square (on tv).

I let go of mine and others' expectations of the evening long ago. No matter where you go, it's crowded. And it's cold outside. And there are a lot of drunks out on the road. I've found that once I claimed it, this is now part of my "quiet time" that I enjoy. Everyone else is busy. Actually, I am busy too. I spent most of today writing 5 blog posts on my CCIE Security Study Notes blog. That finishes up Section 2.0 ! Looking at my last post here, it took me 10 days to write about 20 posts. That's not bad considering the time off for Christmas.

I haven't started the last book yet. Maybe that's something I should dig into this evening or tomorrow. [Between commercials or while watching the Twilight Zone marathon!] Well, here's hoping that everyone else stays safe (and eventually warm) too.

Posted by BlueWolf on December 31, 2016

December 21, 2016

One Book Closer

I am now one book closer to scheduling the CCIE Security Written exam. I just finished reading "Cisco Next-Generation Security Solutions." It covers ASA FirePOWER Services, NGIPS and AMP. Good book, but tough to get through. It wasn't the material. The book is mostly well-written. My only criticism is that there are some very obvious errors that should have been caught in the proofreading. And it's only at the end - which I found odd. It was like the proofreader got most of the way through the book and then skipped the end. But they are very obvious (eg. "You can manage variables can in the FMC's Variable Set section of the Objects tab.")

But that's not what I found to be daunting. It's a matter of endurance. I have been studying for quite a long time for this exam. Yes, it is a big one covering quite a lot of material to an expert level. I have watched over 200 hours of video, read about 3ft of textbooks and taken two composition books of notes. I made my first attempt at this exam in January and did not pass. So I'm a bit gun-shy (and it's a considerable amount of money). So the procrastination and slow-moving last pages of my study are somewhat of an effort to avoid that. But the other side of that coin is that avoiding potential failure also avoids potential success.

The biggest part of this is recognizing that it is happening. Once you recognize and name it, you can work on fixing it. I do believe that waiting to schedule the test is the best path. I have already recertified my CCNPs, so there's no expiration deadline looming. And I know the method of scheduling a test to draw a line in the sand and working towards that date. But in this case, it would add pressure that doesn't need to be there. There's enough pressure with taking the test itself. My method to power through this is to make daily goals with daily rewards to inch my way to the finish line.

Today's example was to finish that book - and the reward was to take a break from reading and continue blogging. No, not just this post. I'm also blogging my way through the blueprint - and I'm currently on section 2. In addition, I'm making pudding for tonight's dessert. Yesterday's reward for getting through the largest chapter in the book was that I watched an on-demand movie. Bonus was that I found one that was free by browsing the list of movies on the network channels first.

The last book on my list is "Foundations of Modern Networking." It covers the Evolving Technologies section of the blueprint. I'm looking forward to going through this. It's the "new" stuff! It covers SDN, NFV, QoE, IoT and Cloud. Only 500 more pages to go! This material is on all the CCIE tracks - so any efforts in this realm may pay off in many ways. However, the downside of new and evolving is that there isn't a lot of material available.

I have a few ideas on finding more about these topics. The first one is to search YouTube. There's always someone somewhere talking about any subject in computing. Perhaps this book will give me better ideas on search terms to get more specific videos. The other idea is to search / browse the Cisco Live material. New technologies are usually presented at an event like this. Sometimes the presentations can be more overview / marketing -related, but every now and then you can find a deep dive presentation (red meat for the techie crowd). The third idea is to search the Cisco Documentation. Again, better search terms may lead to more relevant information. I need a little more than a 3 min video but a little less than a 200 page White Paper on a specific implementation of one aspect of the technology. There is virtue in balance.

Let's see how quickly I can plow my way through this book. Hopefully, my next update will be soon.

Posted by BlueWolf on December 21, 2016

December 16, 2016

Real from Fake

This morning I received an email from "Robert" telling me that I've been selected to be part of The Network of Professional Women. Really? Being in the computer field, I knew how to check this. Granted, I have been getting these "honors" for decades. Before the current computer age, these things used to come in the snail mail. [This is how long this scam has been around.]

But this interested me this morning due to the current trend on reporting fake news, hacking, etc. I knew immediately by looking at it that this was a scam. But how many other people would not recognize this?

Of course, part of this immediate reaction came from the question of why anyone named "Robert" would be interested in starting/running/participating in a Network of Professional Women. You may call that bias, but I have never experienced any male that was interested in promoting female prominence. Certainly, I have met some males that treat female coworkers as equals, but none that promoted female camaraderie. They can't even figure out why we go to the bathroom together. Perhaps there are a few, but the only reason to do so would be to make money off this group. Maybe there are some who would do so to help their wife build a group, but none would do it out of any emotional benefit for themselves. But I would think that even if they did want to build a Women's Network, they would be smart enough to at least put a female face on the contact.

Even if the email came from "Sarah," I would still have recognized it as a scam. And I would want other people to recognize this as a scam. Really - it would not be that hard to change the email client that sent this email to read a different name. But the content is still a scam and how do I recognize and prove that?

Before you read ANY email, always look at the sender. Is this someone you know? Depending on the mail client that you use to read the email, this may display the "name" or the "email address." Granted, we may want to read mail from more than just our close friends. But if the displayed name and the email address is "off" in some way, this should start your suspicion machine. For instance, Robert's email address for a Women's Professional Network was info@marketcap.site. You probably know your friends' email addresses, but what about legitimate businesses? Use your common sense. Just as a few examples: FTD Flowers ftd@e.ftd.com, Dick's Sporting Goods dsg@email.dcsg.com, etc... Now, if the email address doesn't look funky, that doesn't guarantee that it's a valid email. A virus or Trojan can send email from your friend's computer with their address. And creating "one-off" domains is very easy. Would you be able to notice the difference between an email sent from "dcsg.com" from one sent from "dsgc.com" - both would look like Dick's Sporting Goods. And, it should be noted, that it is not that difficult to "spoof" email addresses.

So once an email passes the "sender test" in your eyes, take a look at the content and body of the email. Your friends are probably always going to send you links to "interesting stuff" in their emails. That's always going to be the toughest scenario to deal with. Is this a real email from your real friend, or is it something that got sent from their computer (or your computer) with their address on it and a malicious link from a virus trying to spread itself? This is why you should use a good antivirus program on your computer. It won't catch everything, but it will catch most things. Do you really want to take a risk of identity theft over $50 a year (the approx. price of antivirus software)? But that risk is up to you.

The more important links are in the body of emails sent to you from a supposed business address. These are called "phishing" emails. They are fishing for dummies that click the links. These links can do any of a number of things. Note that this is how the DNC and DNCC were hacked. If you look and there's a difference between what the link displays for the site and what you see when you _mouse over_ (but do not click), that's another indication that it's not a legitimate email. Just putting your mouse over a link normally shows a "tool tip" little pop-up box that shows where the actual code that created the link will take you.

Here is a (non-malicious) example of this:
See our great deals at Dunkin Donuts at http://www.dunkindonuts.com.

Although the link to www.dunkindonuts.com would actually take you there, clicking on the link will take you to Honey Dew donuts. This is what they do to make you click a link and take you to where they want you to go rather than where you think you're going. And this could be either their site (with malicious content) or it could be a mock-up of the "target" site. In the case of dunkindonuts.com, instead of sending you to Honey Dew, they could send you to a page that looks EXACTLY like the real DD page, but hosted somewhere else. And when you sign in, the username and password combination goes to their servers - and now they have your login. Now either one of two things could happen. Either they can forward that information to the real DD site (and log in as you) and commit what is called a "Man-in-the-Middle" (MitM) attack or they can redirect you to the real site. When they do the MitM attack, you send them the info - they relay it to the real site - and send you back the real response. Meanwhile they are saving all the info you are sending to the site (such as your credit card number and CVV code). If all they want is the login, they can send you to the actual site (which will make you log in again) and you go about your business. Why would they do that? Less time, less effort and you will probably ignore the initial login as a typo of the password or a "glitch" in the site.

To be honest, I NEVER click on a link in ANY email. You should develop this rule also. That doesn't mean I'm going to ignore legitimate information in legitimate business emails. But I know the address to any business that I patronize. I go directly to that in a browser rather than click on a link.

So if you ever get an email that says "our site has been compromised, please click here to log in and change your password" - DON'T believe it. Your service provider - be it Cox, Verizon, ATT, etc. - NONE of them will (or should) send you such a link. NEVER.

You shouldn't get anything like that from any other business site, either. But you might. When businesses see IT as a cost rather than an enabler - well, businesses always try to cut costs. This leads to under filling positions or not hiring the best that money can buy. When business executives believe that compliance equals security - they only spend the time, money and effort to become compliant. And some businesses only do that because there are laws with penalties for not being compliant. What ends up happening at some places is that your precious identity and credit card transactions are being protected only to the level of compliance by the cheapest labor possible. Tasks that should be performed by three people are normally done "as well as possible" by just one person. Top positions that should be filled by people with 15 years experience are offered to people with 6-8 years of experience for much less money. In other industries, you might be able to get away with that. In security, it's not advisable. And there's no way to tell which businesses are doing this and which ones are not. You would think that lesser businesses would eventually be breached. That is likely. But it's unlikely you would hear about it unless the company is large and the attack is widespread.

So basically, it's up to you to protect your information and your computing devices. So don't click on email links.

And if you see an offer - take the time out of your busy life to investigate it before jumping on any "fantastic" deal or "honor" that costs you money to be honored. As you can see above, just clicking the link can be dangerous/costly - even if you don't fall for the pitch itself. So have fun, but be careful and stay safe!

Posted by BlueWolf on December 16, 2016