PolitiHack, Or How I Learned to Stop Worrying About Russians Influencing the US Election and Learned to Love CybersecurityDecember 23, 2016 at 4:12 pm | Posted in cybersecurity, Knowledge | 2 Comments
Tags: attacker, casp, ceh, cfr, CISSP, cozy bear, cybersecurity, DNC, fancy bear, fbi, GSEC, guccifer 2.0, Hackers, Russia, Security+
Hackitivism and cyberespionage are certainly nothing new, especially emanating from Russia. But the 2016 US presidential election was a swift education for Americans and the watching world regarding the widespread consequences of a successful APT (advanced persistent threat). A joint statement issued by the Department of Homeland Security and the Office of the Director of National Intelligence on Election Security stated that the “U.S. Intelligence Community (USIC) is confident that the Russian Government directed the recent compromises of e-mails from US persons and institutions, including from US political organizations” (emphasis ours).
Thanks to the detailed reporting from the New York Times, the fog of war is beginning to clear and the full extent of the cyberattack has become clear. And what is increasingly apparent is that at every stage, cybersecurity training could have significantly mitigated or (perhaps) even prevented portions of the attack altogether.
Enter the low-rung MIS contractor hired by the DNC — Yared Tamene. He claims no cybersecurity expertise, much less any cybersecurity-related certification like GSEC, CASP, CISSP, CEH or CFR. So it’s hardly appropriate to assign him the brunt of the blame. Instead, we should use his example to learn how cybersecurity knowledge and skills could have better informed the fateful decisions that he, and many others, made along the way.
In the fall of 2015, the FBI noticed some unusual outgoing network traffic from the DNC network, suggesting that at least one computer was compromised. The early forensics linked the compromise to a known Russian cyberespionage group going by the moniker “the Dukes” (AKA “Cozy Bear” and “APT29”) , who had in just the last few years, penetrated the White House, State Department and Joint Chiefs of Staff email systems. A special agent picked up the phone, called Tamene, and told him what they knew.
Before we even get to Tamene’s response, any trained cybersecurity first responder knows why the FBI called via phone rather than emailing their dire message. Communication protocol during a security incident should be out-of-band, meaning outside of the primary communication channels (primarily network where the attacker could be listening). Ironically, Tamene was convinced that the FBI call was a hoax, and after repeated calls over the new few months, he ignored the urgency. In November, the FBI even confirmed with Tamene that known malware was routing data to servers located in Moscow.
Tags: casp, exam expirations, Security+
Winter holidays are crunch time for many folks. Certification test-takers are no exception, as vendors typically choose the end of the calendar year to retire exams. Those seeking to earn (or renew) their Security+ have until December 31, 2014 to take the older edition of the exam, SY0-301 / JK0-018.
When the newer edition of this exam, SY0-401, was released earlier this year, Robin Abernathy blogged extensively about the changes to the objectives, topic weighting, and method of item delivery, and how these changes would affect your plan of study. If you’re on the fence about whether to knock out the 301 or wait a little longer to sit the 401, her posts may give you the information you need to make that decision:
- Part One: Depth of topic coverage and item types
- Part Two: Changes to topics in domains 1, 2, and 3
- Part Three: Changes to domains 4, 5, and 6, plus new acronyms
You can still purchase the Transcender practice exam for Cert-SY0-301.
On an additional note, CompTIA has announced they will release an updated CASP certification exam, CAS-002, launching on January 20, 2015. The new exam will repleace CAS-001, which will retire in May 2015.
Tags: casp, CompTIA, Performance-Based Testing, Security+
It’s getting close to that time of year again, folks. The CompTIA Academy Educator Conference will be held on August 1-3 in beautiful Phoenix, Arizona. (Now, I’m just taking everyone else’s word on the beautiful part. This will be my first visit there! But the pictures I’ve seen are lovely.)
This three-day event is well worth your time if you are an educator at any level (high school, college, professional) and you instruct individuals who are seeking CompTIA certifications. As a peer-to-peer networking resource, it’s beyond compare. You also get to rub elbows with some great folks – ehem – ME! Also, you don’t have to be a CompTIA Academy educator to attend. However, the sessions are designed to benefit Academy Partners. If your organization is not an Academy Partner, visit this site to learn how (and why) to become one: http://partners.comptia.org/Academy-Partner.aspx.
With the recent release of a new Security+ exam and the new CASP and Network+ exams due to be released in the coming months, it’s a great idea to attend this conference just to stay on top of things. My presentation on Friday will cover the new Security+ exam, the CASP exam, some techniques for covering the new performance-based items in your classroom. I will also share some information about braindumps/piracy and why you should never use this type of content in your classroom. You can see the full schedule here: http://www2.comptia.org/events/events/academy-educator-conference/agenda.aspx
For all conference related information, including the agenda, registration information, exhibitor information, and hotel information, visit the CompTIA Academy Educator Conference page. If you register before July 31st, you pay $199 instead of $399 at the event. Believe me when I say that this will be the best $199 you will spend.
I would LOVE to see you there!
Tags: casp, CompTIA, DoD
CompTIA recently announced that the CompTIA Advanced Security Practitioner (CASP) certification has been accredited by the United States Department of Defense (DoD) Information Assurance Workforce Improvement Program 8570.01-M.
The CASP certification is intended for IT professionals with at least 10 years of experience, of which 5 years should be hands-on security work. Like other D0D-accepted certifications from CompTIA (A+, Security+, and Network+), it must be renewed every three years or maintained through CompTIA’s Continuing Education program.
Transcender’s CASP practice exam includes 160 practice test questions and 238 flash cards, including several interactive items that help prepare the customers for the live exam experience.
Tags: casp, CompTIA, network+, Performance-Based Testing, Security+
As many of you may know, CompTIA introduced performance-based questions on the CompTIA Advanced Security Practitioner (CASP) certification exam. These questions have really added to the difficulty of the exam. The new A+ series (220-801 and 220-802), to be released in October 2012, will also include this item type. We were told that CompTIA was looking into expanding some of their other certifications to include this item type, but we weren’t told when the changes would occur other than “fourth quarter of 2012.”
Finally, CompTIA has released some concrete details about upcoming changes to the Network+ and Security+ certification exams. And the news? Both of these certifications will be adding performance-based questions in as soon as one month!
Network+ candidates: How the product changes affect you
For Network+, the last day to take this exam WITHOUT performance-based items is November 3, 2012. Starting on November 4, 2012, all Pearson VUE-delivered Network+ exams will include this item type.
CompTIA is encouraging individuals who are already studying for Network+ to take the current exam before the performance–based questions become incorporated. As part of this initiative, CompTIA will allow you to purchase a Network+ exam voucher by November 3 and save 15%. Purchase a Network+ Exam Voucher Now if you plan on taking the exam by November 3rd. Once you buy the voucher, you’ll have between ten and twelve months from the date of purchase to redeem it for a test. After November 3, these exam vouchers revert to full price.
Security+ candidates: How the product changes affect you
For Security+, the last day to take the exam WITHOUT performance-based items is December 31, 2012. Starting on January 5, 2013, all Pearson VUE-delivered Security+ exams will include this item type.
As with Network+, CompTIA is encouraging individuals already studying for Security+ to take the current exam before performance–based question become incorporated. Purchase a Security+ exam voucher by December 31, 2012 and save 15%. Purchase Security+ Exam Voucher Now if you plan on taking the exam by December 31st. The voucher is valid for ten to twelve months from the date of purchase. On January 1, 2013, these exam vouchers revert to full price.
In addition, CompTIA has created a great video all about the CompTIA testing experience that includes information about the PBT item type. The item type discussion section starts at around the 5-minute mark, but I would suggest watching the whole video, because it contains some great information.
Transcender customers: how the product changes affect you
As far as the Transcender products go, we will definitely be adding performance-based items to our current practice tests. But keep in mind that we do NOT get an advance viewing of these items — so we cannot see what these items entail until November 3rd for Network+ and January 5th for Security+. Once we see how CompTIA handles the performance-based aspect, we will put together a plan for revising our practice products so that they’ll best prepare you for the actual exam. We anticipate that we’ll be adding our own performance-based items approximately 6-8 weeks after the CompTIA exams release.
Any Transcender customers who have an active practice test license at the time we release the product update will be able to update their purchase to the new version at NO additional cost. (What a great value add!)
Feel free to contact us with any questions you may have, and happy testing!
Tags: casp, CompTIA, Performance-Based Testing
At the CompTIA Academy Educator Conference in Las Vegas, I made a presentation to help educators better understand the CompTIA Advanced Security Practitioner (CASP) exam. I received such awesome feedback that I decided to write a blog post based on the presentation. I will explain the CASP exam to you, where the exam fits in the certification world, and how you should prepare to take it or prepare your students to take it.
What the CASP Certification is
First, here are some key numbers for you. In CompTIA’s 8th Annual Information Security Trends study, 76% of those responding indicated that their IT staff probably or definitely need more vendor-neutral security training. 81% of those responding indicated that they would give more recognition and financial rewards to the IT staff members who complete a security certification. Based on the findings in the 8th Annual Information Security Trends and other studies, CompTIA decided that:
- An advanced-level security exam would be good to pursue.
- The exam should be performance-based.
- The exam should fit into other vendors’ certification(s) as an elective.
- The exam should concentrate on new technologies that demand a concentration in security aspects, such as IPv6, VoIP, and SaaS.
- Acceptance of the exam would depend on the U. S. government’s acceptance of the new certification and its applicability to Department of Defense Directive (DoDD) 8570. According to CompTIA’s IT and CyberSecurity white paper, “Those seeking compliance with IA Technical Level III and IA Management Level II of U.S. DoD Directive 8570.01-M. (CASP is proposed to the 8570 Directive for these workforce categories.)”
The result was the CASP, the first certification in the Master Series of certifications released by CompTIA. The CASP exam will certify that the successful candidate has the technical knowledge and skills required to conceptualize, design, and engineer secure solutions across complex enterprise environments.
The CAS-001 exam is available at Pearson Vue testing centers, and is currently available in English only.
How the CASP exam is structured
The CASP exam is a single exam that consists of multiple-choice, scenario-based, and performance-based questions. For the performance-based items, the CASP candidate is given a scenario/problem and prompted to push a button to launch a simulated environment that is created via software.
The candidate has 150 minutes to complete 80 questions. Upon completion, the candidate is given a Pass/Fail score. No numerical score is given. The domain distribution for the CASP exam is as follows:
Enterprise Security – 40%
Risk Management, Policy/Procedure, and Legal – 24%
Research and Analysis – 14%
Integration of Computing, Communications, and Business Disciplines – 22%
Where the CASP fits among security certifications
CompTIA has created a great graphic (shown below) that shows the CASP certification sitting between CompTIA’s Security+ certification and (ISC)2’s CISSP certification.
The way that CASP requires you to put real-world applications into abstract concepts elevates it above the Security+. The CASP exam expects candidates to take the core security concepts introduced in the Security+ exam and apply them to work situations. For example:
- In Security+, you should know the ports used by the HTTP and HTTPS protocols.
- In CASP, you should know the same ports, but you will have to apply them in a router or firewall configuration. This will include opening and closing the appropriate ports via rules or ACLs and ensuring that the rules are in the correct order.
- In Security+, you should know when you would need to deploy a firewall.
- In CASP, you should know when to deploy a firewall, but you would also need to deploy it in the appropriate location and know where to deploy any other devices/servers located in the DMZ/perimeter network.
After taking the CASP exam, I will agree that it’s harder than the Security+, but I feel it is equally as difficult as the CISSP exam. The CISSP exam is difficult in the breadth of knowledge that a test candidate must possess, but in the end, it is still just a standard multiple-choice, knowledge-based exam. Including performance-based items in the CASP takes this exam to the next level, even surpassing the CISSP exam when it comes to difficulty (in my opinion).
So while I accept CompTIA’s graphic and its placement of the CASP in the security certification world, I also feel that time will be kind to the CASP exam as it becomes more widely understood and accepted in the industry.
How to Prepare for the CASP Certification
Practical experience is needed for this exam, including:
- Experience configuring ACLs/rule lists for router, firewalls, and so on.
- Experience deploying hardware in a network. Specifically, you’ll need to understand WHERE hardware is deployed in a given network diagram based on requirements.
- The ability to recognize when devices are under attack by viewing logs, including understanding what type of attack is occurring, the identity of the attacker, how to protect against the attack, and where to deploy the protection.
- The ability to verify file security from a given hash value.
You can view a few multiple-choice practice questions on the CompTIA web site here: http://certification.comptia.org/Training/testingcenters/samplequestions/CASP-Practice-Questions.aspx
We at Transcender have created a wonderful product in our Cert-CAS-001 practice test. Our practice test includes simulation items that will better prepare you for the performance-based items on the live exam. At the time of this post, no other practice test provider includes these types of items in their CASP product.
Also, Sybex has released a great study resource: the CASP CompTIA Advanced Security Practitioner Study Guide by Michael Gregg and Billy Haines, which I reviewed in a previous blog post. It is a great place to get started, even if you’re still accumulating those five years of hands-on technical security experience recommended as a prerequisite by CompTIA.
I hope this helps you to take the next step in your career and pursue the CASP certification. If you have any CASP-related questions, feel free to drop me a line!
Tags: casp, resource review, study resources
All of you have probably heard of CompTIA’s first Master series certification: the CompTIA Advanced Security Practitioner (CASP) certification. I took the exam some months back and am proud to say I passed it. If you want to know more about my experience, please read my previous post. In that article, I promised a review of the only CASP reference that is currently available, the CASP CompTIA Advanced Security Practitioner Study Guide by Michael Gregg and Billy Haines. Well, it’s a bit past the promised due date of April (where has the time gone?), but I finally have gotten a chance to complete my review.
I used this book as my primary reference when I was writing Transcender’s Cert-CAS-001 practice test. I found that the book was thorough and covered all of the topics on the exam. I particularly loved the Exam Essentials section at the end of each chapter. I would suggest that any test candidate read the Exam Essentials section for each chapter and think about how to test a particular point using a job task.
If you hadn’t already heard, the CASP exam includes performance-based items. These item types require that you perform certain tasks to fulfill the objectives given in the scenario. The very nature of these item types requires that you actually perform security-related tasks on a daily basis in your workflow; therefore, they are almost impossible to replicate in a book. The book’s method of addressing these item types is to include exercises for you to complete on your own. Each chapter includes several exercises to reinforce the topics presented in the chapter. These exercises, which are included in the Lab Manual (Appendix A in the book), will help you understand the tasks that security professionals must perform.
Performing the exercises requires a standard personal computer (not a server or desktop powerhouse) with the capacity to run VMware Player; some exercises require that you have a copy of a Windows desktop operating system, either as the native OS or running on a virtual machine. The labs direct you to download and install various readily available forensic tools, such as Nessus and Wireshark.
The Exam Essentials sections and the Exercises work together to provide a good all-around experience for the test candidate. But to ensure that you can pass the exam, I would recommend that you take all these one step further. For example, one of the Exam Essentials in Chapter 2 is:
Be able to describe advanced network design concepts. Advanced network design requires an understanding of remote access and firewall deployment and placement. Firewall placement designs include packet filtering, dual-homed gateway, screened host, and screened subnet.
Specific scenarios that address this Exam Essential may include: knowing when to deploy a firewall, knowing how to configure ACLs, and knowing where in a complex network a firewall is best deployed. So you should take some extra time to ensure that you understand network diagrams, and research best practices for device deployment.
This book is an excellent reference to start you on your journey to becoming a CASP. If you pair this book with Transcender’s practice test, you will be well on your way to success. It’s worth noting that Transcender’s practice test actually includes 8 performance-based scenarios that will expose you to the type of items you will see on the live exam. This is the ONLY practice test on the market right now that includes these types of items for the CASP product. It is just one more way that we demonstrate why our products are considered leading-edge test prep materials and have been preferred by IT professionals for nearly 20 years.
Check back with us over the next few weeks as I hope to provide you with a bit more information on the CASP exam, including where this exam fits into the current certification pathways, and how to prepare for the CASP. Feel free to drop me a line with any CASP questions you may have.
Tags: a+, casp, cloud, HIT, jean andrews, joy dark, michael gregg, mike meyers, mike murray, mobile, study resources
I was fortunate to be able to attend the CompTIA Academy Educator Conference over this past weekend. CompTIA promised that we would learn about the new A+ exams, the CompTIA Advanced Security Practitioner (CASP) exam, and the Healthcare IT Technician (HIT) exam. This promise was fulfilled with presentations from Mike Meyers, Jean Andrews, Joy Dark, and yours truly. Following is a quick recap on each of these topics, with more detailed posts to follow in the next week or two.
Virtualization in A+
Mike Meyers gave a presentation on virtualization. He covered the different virtualization products, including several free options as well as the major vendor products. He explained the installation and configuration processes for the various technologies. Educators reading this post should keep in mind that virtualization is a newly introduced topic to be included in the upcoming release of A+. In the A+ 220-802 exam, objective 1.9 states the following:
Explain the basics of client-side virtualization.
Purpose of virtual machines
Keep your eye out for my upcoming post about virtualization content in the new A+ exams.
Mobile technology in A+
Author Jean Andrews, best known for her CompTIA study guides and PC repair guides, also spent some time discussing the upcoming A+ exam changes. Her presentation included a great demonstration of mobile phone emulators that can be installed in a classroom environment. If you’re wondering why this is important, let me remind you that in the A+ 220-802 exam, objective 3 is dedicated to mobile devices (9% of the overall exam coverage). Look for my upcoming posts regarding mobile devices, including one on installing the mobile phone emulators and one on a new technician toolkit for mobile devices.
New certification: the HIT
I had the pleasure of meeting Joy Dark. Joy has recently released a book, which she co-wrote alongside author (and mom) Jean Andrews, all about the CompTIA Healthcare IT Technician (HIT) exam. Any A+ technician who is considering working in a healthcare environment should consider obtaining this certification. While A+ and Network+ knowledge is vital, a technician working in a healthcare industry must also understand healthcare terminology, regulations, and processes. This certification melds the world of IT with the needs of administering healthcare and healthcare records. I would highly recommend that educators take a serious look at this certification. CompTIA is expecting great things for it in the coming year.
Security+ and the CASP
In my presentation, I tried to explain to educators three main points about the CASP exam: What the CASP certification is, where the CASP certification fits in our industry, and how to prepare for the CASP certification. Look for an upcoming post that gives the details of this presentation. I will also be posting about the primary reference I used for this exam (see the “study guides and resources” header below for a quick link).
The event also included two great security presentations: one from Mike Murray of Mad Security on training the security professional and one from Michael Gregg, the author of the CASP book mentioned in the previous paragraph, on the role of certification in security. Again, look for an upcoming post regarding security training solutions.
Study guides & resources
Joy Dark and Jean Andrews wrote the book that maps directly to the HIT exam objectives: The CompTIA Healthcare IT Technician HIT-001 Authorized Cert Guide (Cert Guides), published by Pearson. This book is released and shipping.
Mike’s newest edition of the A+ study guide is the CompTIA A+ Certification All-in-One Exam Guide, 8th Edition (Exams 220-801 & 220-802) from McGraw-Hill Osborne Media, which is currently available for pre-order by clicking here.
As I prepared my CASP presentation, I referred extensively to the CASP CompTIA Advanced Security Practitioner Study Guide: Exam CAS-001 (Comptia Study Guide), published by Sybex. This book is released and shipping.
As you can see, the event gave me a plethora of information that I feel I MUST pass on to you. So expect to be bombarded with posts from me over the coming weeks.
I am already looking forward to next year’s CompTIA Academy Educator Conference. You should start making plans to be there!
Tags: casp, CompTIA, Performance-Based Testing
As many of you know, there is quite a bit of buzz over CompTIA’s Advanced Security Practitioner (CASP) exam. Last year, CompTIA launched the CASP exam as the next level in its security-related certification products. For years, IT professionals have looked to CompTIA to provide vendor-neutral certifications, the most popular of which are the A+, Network+, and Security+ certifications. But the CASP exam takes CompTIA’s offerings to the next level.
Last month, I finally had a chance to take the CASP exam. I knew going into the exam that I would see what CompTIA has called performance-based testing (PBT) items. Well, I wasn’t disappointed, as my first question on the exam was a PBT item. Overall, I thought these item types had the appropriate level of complexity and covered a wide-range of topics. So what did they look like? For the most part, they were drag-and-drop items that involved matching things up or placing items in the right location. There were others that required particular actions to be taken at a command prompt or at the server level. The only specifics I can share about these items, without violating the Non-Disclosure Agreement (NDA), is that PBT items take the WHAT from your usual multiple choice items and place the focus on the HOW or the WHERE.
For example, consider SubObjective 1.5 from the CASP Exam Guide: Distinguish among security controls for hosts. A bullet point in this SubObjective is Host hardening, which includes the Standard operating environment, Security/group policy implementation, Command shell restrictions, Warning banners, and Restricted interfaces. A possible PBT question that would fit into this SubObjective is a graphically presented task where you enable and configure the appropriate group policies for password length, password age, and password lockout.
In addition to the PBT items, the exam still includes the old stand-by multiple-choice questions. These, however, were a bit more expansive than the typical questions included in the A+, Network+, or Security+ exams. I often found myself reading and re-reading the options while trying to eliminate incorrect answers. I can remember thinking that this exam seemed much harder than the CISSP exam, not because of its length, but because of its depth. It takes those tidbits of security knowledge that all security professionals must know and expects you to APPLY them. For example, you not only need to know the different types of hacker attacks, you should know HOW to recognize the attacks which are occurring, WHAT tools to deploy to protect against those attacks, HOW to deploy them, and WHERE they should be deployed.
You can expect between 70-80 questions total, including the PBT questions. When I was done with the exam I was a little nervous, because truthfully, I felt it could have gone either way. I made an audible sigh of relief when I learned I had passed; to say that I was happy would be putting it mildly! I can’t give you my score, because CompTIA doesn’t give you one – this exam is just graded as PASS or FAIL. (But you know, maybe I didn’t really want to see that score anyway!)
So what can you do to prepare for the CASP? After you go over the exam objectives on the CompTIA Web site, I would start with CASP CompTIA Advanced Security Practitioner Study Guide by Michael Gregg and Billy Haines recently published by Sybex (an imprint of Wiley). Look for my comprehensive review of this guide in April. Next, take some time to research the day-to-day tasks of the security professional. I can assure you: if you don’t have any experience in security-related tasks, you should not take this exam until you have had some time to expose yourself to these tasks.
With that said, I can tell you that I am working diligently to create Transcender’s practice test for the CASP exam. And we will be including some interactive items that simulate what you will see in the live exam. My experience in taking this exam and working on our practice test so soon afterward can only help you, so keep an eye out for our announcement regarding our CASP practice test, which should come in May….and in the meantime, start prepping today!