Objectives -- 2006 style
I am nudging admins to list for me the security issues that we face in the 2nd half of this decade. SY0-101 is a bit --- humm --- quaint in its questioning.
Biometrics is now sorta working well. Same for IDS.
Keystroke loggers that are installed as trojans is costing millions of $ per day /365 days a year. Smartcard prices have fallen like PC prices.
Spam? I see maybe 1 piece a day. Sure 12,000+ are mailed daily to tcat.net and spam filtering is 99.999% perfect.
User education seems more important than ever due to better spoofing...
So if there was a security test written for this half of the decade, what do you think it should cover?
Biometrics is now sorta working well. Same for IDS.
Keystroke loggers that are installed as trojans is costing millions of $ per day /365 days a year. Smartcard prices have fallen like PC prices.
Spam? I see maybe 1 piece a day. Sure 12,000+ are mailed daily to tcat.net and spam filtering is 99.999% perfect.
User education seems more important than ever due to better spoofing...
So if there was a security test written for this half of the decade, what do you think it should cover?
Save A Frog! Join the ETA!
http://snipurl.com/SaveAFrog
http://snipurl.com/SaveAFrog
Comments
-
RussS Member Posts: 2,068 ■■■□□□□□□□Hey Tcat - always excellent to see your esteemed self around these parts
You are doing well with your spam filers - I wish our resident propellor head (at work, not on this site) could build a better mousetrap
As far as keyloggers go - I am fortunate that I do not run across too many at the various sites I administer. A few of the users have been hit on their home machines though.
One of the current hot topics here in NZ is Credit card Skimming - is alive and well here currently. Once the banks start using credit cards with a smart chip and not just the data stripe things should get a little more secure.www.supercross.com
FIM website of the year 2007 -
Tcat Member Posts: 66 ■■□□□□□□□□Very nice to find you again Russ!
Even down under countries are getting nailed, but not like the US/UK/Canada areas...
The end game is put together a fair test that doesn't go out of date in 9 months.
No issue with giving generous credit to contributors!
If ya don't hear from me in 72 hours, I didn't get your email or I am dead.
Lets not lose each other again. I really enjoyed that moment of sunshine as I soaked up the rays in CA, USA chatting with you on the phone... maybe we can do that as I stand in the MX sun...
TcatSave A Frog! Join the ETA!
http://snipurl.com/SaveAFrog -
sprkymrk Member Posts: 4,884 ■■■□□□□□□□Tcat wrote:Biometrics is now sorta working well. Same for IDS.
Keystroke loggers that are installed as trojans is costing millions of $ per day /365 days a year. Smartcard prices have fallen like PC prices.
Spam? I see maybe 1 piece a day. Sure 12,000+ are mailed daily to tcat.net and spam filtering is 99.999% perfect.
User education seems more important than ever due to better spoofing...
So if there was a security test written for this half of the decade, what do you think it should cover?
Hi Tcat -
I agree with the "sorta" part of biometrics. It has it's place but is not a panacea by any means. I would only use it as part of a multi-factor authentication process and then only where a smart card or something similar is inappropriate.
I would slightly disagree with the whole idea of IDS as a security measure anyway, but rather as a means of troubleshooting. If one uses IDS as a means of defence, that usually indicates they are using some sort of "allow by default/deny by exception" policy. If someone uses a "default deny/allow by exception" you really don't need an IDS. Many here will disagree with me, and that can be the topic for another thread I suppose.
Anywho, you asked for ideas for a written test this half of the decade (though anything in the IT world is subject to change within a few months let alone 5 years ) and the one thing I would add to your list is the Spyware threat. Organized crime is making good use of the different forms of malware out there for crimes such as identity theft.
Take care!All things are possible, only believe. -
sprkymrk Member Posts: 4,884 ■■■□□□□□□□Oh, and don't forget the emphasis on root kits. I know they're not new, but the frequency, availability, and ability to infect Windows instead of just *nix makes them a growing threat.All things are possible, only believe.
-
seuss_ssues Member Posts: 629Well i dont really know where Sprkymrk come up with his idea on IDS, but i feel as though its is an extremely valuable tool. (no disrespect) and i would enjoy discussing it further.
But on the note about a 2006 exam.
Probably the topics i would have to hit hardest would have to be:
More indepth wireless security (its here ... and will be forever) and it definately has its problems.
Spyware has blown up the last few years and should be listed along with all the classical threats (trojans, virus...etc)
I do agree with Sprkymrk on the issue of rootkits.....the number of kits developed/used per year has grown near exponentially and has shifted to windows as well.
possibly touch voip security, it has definately went big since Sec+ came out.
Other than that i guess im running short on ideas.....sql injection or the like.
anyway cheers Tcat.....
edit: also i agree with whoever mentioned all the fishing, it has gone crazy(no longer does fake ebay look like a 10 year old made it, but looks/seems to function perfectly, and possibly mention botnets..... -
Ye Gum Noki Member Posts: 115Wireless, Absolutely! Enryption, Spam (the spammers just get smarter and smarter) Phishing and ID theft. IDS and IDP for the borders are being integrated into firewalls theses days. Patch management and Spyware too. And DR/BCP. These are the real security issues we face today.
I think it funny that Tcat slams CompTIA on his website, but has links to sell training for their certs.
Peace out y'all,
Mr. Ye"What we think, or what we know, or what we believe is, in the end, of little consequence. The only consequence is what we do." John Ruskin. -
sprkymrk Member Posts: 4,884 ■■■□□□□□□□Ye Gum Noki wrote:I think it funny that Tcat slams CompTIA on his website, but has links to sell training for their certs.
Mr. Ye
I kinda noticed that too, but no big deal I guess. I think he supports security awareness in general, he just stopped promoting CompTIA as the best route to go due to politics.
By the way, I see we are from the same planet. Small galaxy, eh, Mr. Ye?All things are possible, only believe. -
Ye Gum Noki Member Posts: 115It's all good, Sparky. We all gotta make a living.
By the way, I like your picture of the Colt Commander. I have a stainless one that I absolutely adore. Shoots a little high oustide of 20 yards, but it is has always been my "in close" weapon.... talk about Security PLUS!"What we think, or what we know, or what we believe is, in the end, of little consequence. The only consequence is what we do." John Ruskin. -
sprkymrk Member Posts: 4,884 ■■■□□□□□□□Ye Gum Noki wrote:talk about Security PLUS!
So true, so true!
What neck of the woods are you from, if I may ask? Sounds like we both like our guns as much as our computers. PM me if you prefer, otherwise I understand if you prefer your anonymity.All things are possible, only believe.