Archive for September, 2009

Cissp Exam – Understanding Security in a Holistic Manner and Learning Above Technology

September 29th, 2009

For many years many people complain about learning so many things for the CISSP exam that they would never use in their life. When I was preparing for the exam a few years ago, I also had the same perspective as others. People also have the belief that they are required to understand security through (ISC)2’s view for this exam, which is so detached from reality. The contention of these statements is that someone would have to memorize bits and pieces and other trivial facts for the exam that are not helpful in their career – thus a waste of time. Again, I was also in the same boat when I prepared and took the exam ages ago. Now I see it completely differently.

I have found that since I have authored books and taught for many years CISSP training classes, I have a greater understanding of the material than I would have if I just studied and took the test and moved on with life.

The things that people are complaining about learning (Bell Lapadula, Biba, Clark-Wilson, etc.) will be of much benefit to a comprehensive understanding of security in a holistic manner instead of just focusing on their original thought of what makes up security. A lot of the technical guys are of the belief that learning anything above technology is a waste of their time. This thinking is common to these people because they think of anyone who does not understand technology like they do as inferior. But companies are not in business to just have software and networks in place. The software, network, and systems are just some of the tools the company utilizes to manage and grow their business. So understanding things that are above technology, commonly referred to as soft skills, are actually more critical in the world of business – which is where we all live and work.

Although I am pretty disappointed with the manner that the questions on the CISSP exam are worded (confusing, vague, subjective), I have greater appreciation of the actual Common Body of Knowledge CBK. I was a security consultant before I took the exam, and then I wrote books, and taught CISSP – and I am still a security consultant, but my view on security as against my knowledgebase has significantly changed.

I, like most people, focused on what security topics I was to perform in my specific job. At the time on-line banking was coming out of the market (yes I am that old) and I worked with programmers, software architects, project managers, analysts, and end customers – all doing on-line banking . To be honest at that time I was the least interested in the different types of fire suppression, access control models, trusted computing base or anything outside of my domain of topics that I lived, worked and breathed in.




By: Shon Harris

Firewall Software and Internet Security

September 29th, 2009

What are the threats?

There are over a billion people using Internet on daily basis. We are doing this from home and from our workplace; from our personal computers, laptops, mobile phones and TV sets; to search for information, to communicate with other people and to buy and sell goods and products. There is more – just think about the personal information that is stored on your computer – your e-mail messages, your personal photos and videos, chat logs, browser history, history of the all recent documents that you have read or created.

What happens if all this information falls in the wrong hands? Disaster. But how this could happen? The information is on your computer and you never send your personal information over the Internet. The dark truth is that there are countless ways for people with malicious intentions to invade your privacy. All they have to do is to place a small program (malware, trojan or virus) on your computer. The malware than will search for valuable information and will send it to its creators. After that they will most probably use your computer as a tool to infect other computers, to attack Internet sites for profit and to send spam messages.



In order to understand the other precautions you can take, lets see which are the most common ways to steal information and get control over your computer:


* Infecting of the computer through download of malicious program. One of the great advantages of the computers is the vast variety of programs that can be downloaded and installed. Most of these programs are genuine and can be trusted but more and more viruses, trojans and rootkits disguise themselves as useful programs. One special case are the modified versions of respected programs that are infected with malware and adware or the so called cracks for popular programs.

* Infecting through files that are not looking like programs at first glance. For example you may download a song or a video file from the Internet and it may contain an executable file. Another common example are the screensavers, which are programs and are just as dangerous as any other program.

* Using security “holes” in the operating system or popular applications. The so called exploits use the security problems or “holes” that are unintentionally left open in every major operating system and many popular applications. While most software companies are releasing security updates relatively quickly, most users never upgrade their software or it is too late – they are already infected and closing of the security “hole” does not remove the malware that is already on your computer.

How the firewall protects you?

So, how exactly the firewall protects your computer and the important private information on it? To answer this question, we will need some background information about how the Internet works. Although this is very big topic, we only need a simplified explanation. If you want a better understanding of all the inner workings, you can refer to Wikipedia or other online in-depth publications.

Lets see what happens when you go to the web site of CNN (www.cnn.com). Because it is not very convenient to remember such numerical addresses, there is another protocol – DNS, which is used to convert the name www.cnn.com to the IP address of the same computer. To do so, your computer sends a DNS request packet to another computer (called DNS server) and asks it for the IP address of www.cnn.com. The DNS server sends a DNS response packet with the requested information and our computer is ready to send another request packet to the computer of CNN and then waits for its response, which will contain the requested web page.

As you can see, in vast majority of cases, your computer acts like a client – it sends request packets to other computers (called servers) and waits for their response. Please note that in this case your computer initiates the connection and the connection is outgoing. This leads us to the simplest type of firewall – one that blocks incoming connections and allows all outgoing connections from your PC. Examples of such firewalls are the built-in firewalls in Windows XP and Vista. While this type of firewall provides some protection, it leaves a lot to be desired because it makes one dangerous assumption – that all programs or your computer are not malicious and can be trusted to create outgoing network connections as they want.

More advanced firewalls, like Mil Firewall, are inspecting both incoming and outgoing connections. Furthermore, they remember which program is initiating each connection and then use this information to do better job without getting in the way (also called stateful inspection). However, there is another drawback – the more advanced firewalls tend to use a lot of CPU and network resources and slow down your computer.

With the special firewall protection scheme, used in Mil Firewall, you do not have to sacrifice the speed of your computer in order to block hacker attacks and malware. Mil Firewall is the fastest firewall software and it is very flexible and powerful.

Article source: http://www.milincorporated.com/a-firewall-internet-security.html




By: Mil Incorporated

Business Success and the Art of Networking

September 28th, 2009

Networking is about creating a support system for your business. It can help you raise money attract employees or partners and even offer a fresh perspective.

Networking is a non- starter if you start with the end in mind. This is even true when one thinks of networking in the business context. Business networking is not merely about exchanging cards and few laughs over dinner, its about looking for ways to help each other grow symbiotically. It is a process which helps to build relationships and develop the support system for the entrepreneur and his business.

Any successful entrepreneur will tell you that a network of contacts can add value only if you know how to add value to each one of them. If you want to know the secret to building the network which will help you, you have to learn to understand other peoples problems and challenges first. You have to be ready to give first and demand later.

The art of networking is not an easy one. Most young entrepreneurs find that it is easier to build upon an idea than to develop a network of contacts. The best bet for young entrepreneurs is to participate in forums that are provided by business networking professionals like Business Networking International (BNI), The Indus Entrepreneurs, and even online networking sites like Ryze and LinkedIn. These have regular mixer meets- where new entrepreneurs have an opportunity to interact with more experienced entrepreneurs and take the concept of organised networking very seriously.

Such forums result in a place where business supply and demand have a command ground. For eg: people who require funds can connect with people who want to invest funds, and there is always the possibility of finding a new business.

It is an opportunity for new entrants to gain an insight into the minds of biggest and the best in business. Its not just a platform to help entrepreneurs interact but also a responsibility to educate and inspire them. Entrepreneurs have to be realistic about what they can get from networking opportunities.

Essentials of Networking:

1. Look at building relationships, not a database.

2. Networking events are not always buyer- seller meets.

3. Aviod western rules for networking. India and Indians have a different approach.

4. Learn to give, seek the giver’s gain.

5. Listen and understand others business first.

6. Look at ways of growing your network through giving

7. Learn to distinguish between networking and fund raising events.

8. Networking events should be informal.

9. Follow up with people or suggestion for people you meet at an event.

10. Do not just collect visiting cards, get to know people.




By: Madhur Bajaj

What is the Relation With Data Communications and Networks?

September 27th, 2009

Data communications and networks make use of an approach that is totally focused on the Internet and was designed to tackle the issues of communicating system design. In order to get to the data communications and networks, a certain integrated approach is taken. The way that this is done is by an emphasis that will begin right at the top level of the obligations and will work downwards from there; while explaining just how the requirements are completed by the lower layers of the broadcasting chain. Data communications and networks are very important when it comes to services like VoIP, as they make up some of the service.

When one talks about data communications they are referring to equipment that was specially designed to give and gather information that is capable of communicating with other similar equipment and systems. Data communications are the tools that are used to make certain adjustments within the network. A simple example of data communications would be connecting two computers together when they are 100 feet away from one another. A cable can be used to plug into each computer and they will then be connected, creating data communications. There are different factors that have to be taken into consideration when trying to determine how data communication will work. For example, some factors in this case might include security, distance, signaling, topology and protocol.

In another equally simple case, a data communication could be the connection of your computer to the internet through a modem. If you have done this, you have established a steady connection between your computer and the World Wide Web. Every time you click on a link from a website you are requesting certain information from that website and it is given to you in the form of data, whether it is in color, letters or graphics. Data communications and networks are needed in an Internet connection. It makes the connection, and therefore it has to be present at all times.

A network is made up of two or more computers that are joined in order for them to share certain resources such as CD-ROM’s, printers or fax machines. They can allow the exchange of files and they may also allow different forms of electronic communications. These computers can be joined by infrared light beams, cables, satellites, telephone lines or radio waves. There are two major types of networks; these are Local Area network (LAN) and Wide Area Network (WAN). Networks are important when it comes to computers and the communications with other computer networks. You need to know and understand networks in order to be able to use them to their optimum capability.

The Internet is the main example that can be used when one talks about data communications and networks. There are numerous modern connection options and services that can be used and these include ADSL, Voice over Internet Protocol and mobile radio. When it comes to current systems and the importance of them, the aspects that are more traditional such as circuit switching still exist and are available.




By: Derek Rogers

Efficient Network Design & Installation Ensures Smooth Business Growth

September 26th, 2009

Every business is aimed towards growth, and network support is amongst those many factors leading to the progress of a business

Today, the IT sector has expanded a great deal, which means that businesses will surely benefit from installing and understanding the latest technology. An efficient computer network raises business outcome, reduces unnecessary costs and increases business efficiency—making Network installation and computer maintenance the two most important aspects of a business.

To have a robust network support, you first need an appropriate computer network installation. Computer network design and installation can be scary but don’t let that worry you. Follow the tips given below and give your business the reliability and efficiency it needs:

Network Planning:

Planning is the initial step in your network installation process. Business growth is greatly dependent on efficient network design and network installation services, which are again dependent on effective network planning. Planning includes defining your needs, establishing strategies and policies to achieve your goals, visioning the probable growth of business, and identifying any security threats.

Network Requirements

Once you’re done with planning, the next stage involves deciding the types of computer devices required for your network in question. These may include things like back-up devices, UPS (uninterruptible power supply), printers, switches, scanners, servers, cables etc.

Network Usage

A part of network design and installation is to identify the number of people using a specific network, how it will be used, and the number of people that will use it locally or remotely. Also design and install LAN (Local Area Network) and WAN (Wide Area Network) to connect people within and outside the organizational premises.

Network Security

Security measures should be the first concern of your network installation service. Important business data and information may be exposed to security threats like viruses, spyware, malware, hackers, or other unauthorized access to the data. Therefore, your network should be designed and installed in such a way that it maintains high levels of protection against all such menaces.

Network Monitoring

Regular monitoring and checkup of network system is essential to recognize the successful installation of your network. Remove any issues that crop up during the network reviewing stage, and this will ensure you have a maximum network uptime, boosting your business growth.

A quick, safe and seamless network design and installation is what your business requires in order to flourish and grow rapidly, and the above given points will tell you exactly how you can efficiently design and install a successful network.

About Author:

Bryan Williams has closely worked with small and medium businesses in analysis, planning & management. If you’re looking for advice regarding IT support, especially Business IT support, network support, network installation and or choosing right network installation services you can always ask Bryan.




By: Bryan Williamz