NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] intrusion detection - benifits?



To everyone, regarding the CISSP and security certifications.

Many of you are interested in rounding out your security credentials beyond
that of the CCSE.  The CISSP is regarded, currently, as the highest level IT
security certification.  I have some issues with that that I will discuss
within, but let me tell you about the program.

You may have noticed a lack of security-related education and testing
outside of vendor-based products.  It is difficult to come up with what the
security community as a whole would consider acceptable practices.  The
CISSP certification developed by ISC2, www.isc2.org , attempts to do just
that.  And I do believe this to be a worthy goal.  However, let me discuss
where I see the CISSP program.

* The CISSP is a security-officer level program.  It is what CSOs and high
level Consultants need to know.  It is based upon information above the
"implementation" level.  ISC2 does not necessarily market it as that and
that may hurt them in the long run.

* Many of the questions are based upon terminology that I do not believe are
necessarily industry standardized.  Like the term trapdoor in hacking.
Hackers don't use the term trapdoor, but the course does.

* It is not for the average admin or engineer.  You are supposed to have 3
years+ of security experience before taking the test.  The test covers 10
domains, 250 questions, 6 hours, and $350.  So it is not one to screw around
with studying.

* My biggest issue is that ISC2 does not produce self-study or training
material.  They offer an expensive class to pass "their" test.  However they
do make available on their website a list of books from which the test is
developed.  You can go to www.srvbooks.com to get study guides however.

* I am looking at the GIAC program from SANS to actually become the premier
security cert.  I am a volunteer for the SANS institute and I am taking
their whole GIAC program now.  It has project and hands-on requirements that
I think will serve it well.

* For those interested, what was icsa.net, now www.trusecure.com now offers
2 new security certs as well.  However they are in bed with global knowledge
only for training.  Anyone who limits who can train their product or
knowledge, deserves exactly what they get as far as industry acceptance.

* I am about 2 more encounters with poor test writers, not Check Point,
from developing my own generic security test and making it free.  You can
also take tests at brainbench.com and one other new one, however I really
thought brainbench's test sucked wind.  Though their Check Point tests
weren't bad.

Hope ya'll got something useful from this.

----- Original Message -----
From: "CryptoTech" <[email protected]>
To: "Scott Schindler" <[email protected]>
Sent: Thursday, November 30, 2000 7:57 AM
Subject: Re: [FW1] intrusion detection - benifits?


> Scott,
> I have heard often of the CISSP, where do I get more info on it and
> getting
> certified?
>
> CT
>
> Scott Schindler wrote:
>
> > Per CISSP examination textbook  Volume I: Theory  pg. 18
> >
> > The objective of variance detection is to allow management to detect
> and
> > react to departures from established rules.  It can be a very useful
> > technique to encourage general awareness of security and to discourage
> > dishonest and abusive employee behavior.
> >
> > This is a summation.  There is much more to it.  This falls under
> > accountability and auditing requirements.
> > And if you can't believe EVERYTHING you read, what can you believe?
> ;)
> >
> > ----- Original Message -----
> > From: "Phillip Renouf" <[email protected]>
> > To: "Scott Schindler" <[email protected]>
> > Sent: Wednesday, November 29, 2000 10:45 AM
> > Subject: Re: [FW1] intrusion detection - benifits?
> >
> > > When I think about IDS'ing an internal network it isn't because I
> think
> > > all
> > > my employee's are untrustworthy. I want an internal IDS for two
> reasons:
> > > 1.
> > > I don't know every employee in the company and someone somewhere
> > > probably
> > > has enough knowledge and a chip on his shoulder to make my life
> > > miserable
> > > and 2. if someone makes it through my external IDS and firewall, I
> want
> > > to
> > > know what they are doing on my internal net. The internal IDS will
> allow
> > > it.
> > >
> > > It only takes one pissed off employee to break into a system, and
> since
> > > they already have authorized access to a lot of things it make their
> job
> > >
> > > easier and our job more difficult. It's just another tool for the
> job.
> > >
> > > Phil
> > >
> > > >Oh and by the way, holding a gun to someone, is not an analogy of
> > > network
> > > >security.  We are not threatening employees.  We are an enabler not
> a
> > > >disabler.  Our job is to protect their interests, not frighten
> them.
> > > This
> > > >is not an issue that you are wrong.  You do not have to IDS your
> > > internal
> > > >net.  It is simply added security.  If it is a cost issue, then you
> > > simply
> > > >document that and get sign-off on that decision.
> > >
> >
> >
> ========================================================================
> ========
> >      To unsubscribe from this mailing list, please see the
> instructions at
> >                http://www.checkpoint.com/services/mailing.html
> >
> ========================================================================
> ========


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.