[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] intrusion detection - benifits?
To everyone, regarding the CISSP and security certifications. Many of you are interested in rounding out your security credentials beyond that of the CCSE. The CISSP is regarded, currently, as the highest level IT security certification. I have some issues with that that I will discuss within, but let me tell you about the program. You may have noticed a lack of security-related education and testing outside of vendor-based products. It is difficult to come up with what the security community as a whole would consider acceptable practices. The CISSP certification developed by ISC2, www.isc2.org , attempts to do just that. And I do believe this to be a worthy goal. However, let me discuss where I see the CISSP program. * The CISSP is a security-officer level program. It is what CSOs and high level Consultants need to know. It is based upon information above the "implementation" level. ISC2 does not necessarily market it as that and that may hurt them in the long run. * Many of the questions are based upon terminology that I do not believe are necessarily industry standardized. Like the term trapdoor in hacking. Hackers don't use the term trapdoor, but the course does. * It is not for the average admin or engineer. You are supposed to have 3 years+ of security experience before taking the test. The test covers 10 domains, 250 questions, 6 hours, and $350. So it is not one to screw around with studying. * My biggest issue is that ISC2 does not produce self-study or training material. They offer an expensive class to pass "their" test. However they do make available on their website a list of books from which the test is developed. You can go to www.srvbooks.com to get study guides however. * I am looking at the GIAC program from SANS to actually become the premier security cert. I am a volunteer for the SANS institute and I am taking their whole GIAC program now. It has project and hands-on requirements that I think will serve it well. * For those interested, what was icsa.net, now www.trusecure.com now offers 2 new security certs as well. However they are in bed with global knowledge only for training. Anyone who limits who can train their product or knowledge, deserves exactly what they get as far as industry acceptance. * I am about 2 more encounters with poor test writers, not Check Point, from developing my own generic security test and making it free. You can also take tests at brainbench.com and one other new one, however I really thought brainbench's test sucked wind. Though their Check Point tests weren't bad. Hope ya'll got something useful from this. ----- Original Message ----- From: "CryptoTech" <[email protected]> To: "Scott Schindler" <[email protected]> Sent: Thursday, November 30, 2000 7:57 AM Subject: Re: [FW1] intrusion detection - benifits? > Scott, > I have heard often of the CISSP, where do I get more info on it and > getting > certified? > > CT > > Scott Schindler wrote: > > > Per CISSP examination textbook Volume I: Theory pg. 18 > > > > The objective of variance detection is to allow management to detect > and > > react to departures from established rules. It can be a very useful > > technique to encourage general awareness of security and to discourage > > dishonest and abusive employee behavior. > > > > This is a summation. There is much more to it. This falls under > > accountability and auditing requirements. > > And if you can't believe EVERYTHING you read, what can you believe? > ;) > > > > ----- Original Message ----- > > From: "Phillip Renouf" <[email protected]> > > To: "Scott Schindler" <[email protected]> > > Sent: Wednesday, November 29, 2000 10:45 AM > > Subject: Re: [FW1] intrusion detection - benifits? > > > > > When I think about IDS'ing an internal network it isn't because I > think > > > all > > > my employee's are untrustworthy. I want an internal IDS for two > reasons: > > > 1. > > > I don't know every employee in the company and someone somewhere > > > probably > > > has enough knowledge and a chip on his shoulder to make my life > > > miserable > > > and 2. if someone makes it through my external IDS and firewall, I > want > > > to > > > know what they are doing on my internal net. The internal IDS will > allow > > > it. > > > > > > It only takes one pissed off employee to break into a system, and > since > > > they already have authorized access to a lot of things it make their > job > > > > > > easier and our job more difficult. It's just another tool for the > job. > > > > > > Phil > > > > > > >Oh and by the way, holding a gun to someone, is not an analogy of > > > network > > > >security. We are not threatening employees. We are an enabler not > a > > > >disabler. Our job is to protect their interests, not frighten > them. > > > This > > > >is not an issue that you are wrong. You do not have to IDS your > > > internal > > > >net. It is simply added security. If it is a cost issue, then you > > > simply > > > >document that and get sign-off on that decision. > > > > > > > > ======================================================================== > ======== > > To unsubscribe from this mailing list, please see the > instructions at > > http://www.checkpoint.com/services/mailing.html > > > ======================================================================== > ======== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|