Wireless security myths 2010

---

• Wireless security myths 2010
• Biggest tech industry apologies of 2010 – so far
• Fix-It Utilities Professional 10
• What Is Your Facebook Data Worth?
• How To use Gmail to safely access email from abroad
• iPhone management tools step it up with iOS 4
• Six tips for finding quality CISSP training
• Network access control vendors pass endpoint security testing
• Firefox add-on encrypts Facebook and Twitter
• Testing reveals security software often misses new malware
• Google Chrome gets 'native' PDF support
• 40/100G Ethernet standard ratified

Wireless security myths 2010 Posted: 21 Jun 2010 09:00 AM PDT Wireless has become a part of our official and personal lives. Securing against wireless threats has been and will continue to be an important piece in the overall enterprise security puzzle. However, as if following Darwin's theory of evolution, wireless security myths too are born, evolve and then die to be replaced by new ones.

Biggest tech industry apologies of 2010 – so far Posted: 21 Jun 2010 09:00 AM PDT AT&T, Facebook, Google, McAfee, Adobe and others say "We're sorry" for assorted security, privacy and performance problems in 2010.

Fix-It Utilities Professional 10 Posted: 21 Jun 2010 09:00 AM PDT Fix-It Utilities Professional 10 ($50, 14-day free trial) is an all-in-one tune-up and security tool that does everything from protecting your PC from viruses with built-in anti-malware, to repairing your Registry, performing hardware diagnostics, recovering lost photos, and more.

What Is Your Facebook Data Worth? Posted: 21 Jun 2010 09:00 AM PDT The gargantuan amount of high-quality user data on Facebook is causing everyone--from marketers to hackers--to salivate like dogs gazing at a steak. They all want a piece of you.

How To use Gmail to safely access email from abroad Posted: 21 Jun 2010 09:00 AM PDT If you can't bear to be parted from your email inbox when you venture abroad, it's important to ensure that the wireless connection you're using to get online is secure.

iPhone management tools step it up with iOS 4 Posted: 21 Jun 2010 09:00 AM PDT The new iPhone and iPad OS adds BlackBerry-like corporate security, which upgraded IT admin tools will tap

Six tips for finding quality CISSP training Posted: 21 Jun 2010 02:15 AM PDT The Certified Information Systems Security Professional (CISSP) certification has become a widely recognized credential for broad information security expertise. But the challenging exam for CISSP certification requires such a wide range of security knowledge that many tech pros require some help to pass it, regardless of their experience level. As a CISSP trainer for Certified Tech Trainers, I've heard a lot of horror stories about money wasted on not-so-great instructor-led training. In fact, many of my students have already invested in training that simply didn't work for them. You should look for several common elements when choosing a school and its course. To save you time and money, I've come up with six tips to help you evaluate instructor-led CISSP training. Tip 1: Verify the credentials of the instructor If you expect the instructor to transfer knowledge on a wide variety of security domains, make sure he or she is an expert in each of the security domains. Naturally the instructor should be CISSP certified, but I would argue that CISSP certification alone is not all you should look for. If a Microsoft Certified Trainer is teaching Windows 2000 directory services, you don't really need the instructor to also be a firewall guru. However, if the instructor is teaching Microsoft Internet Security and Acceleration (ISA) server, it would be kind of nice if the instructor really knew firewall implementations and could explain how ISA functions in comparison to Cisco PIX, Check Point Firewall NG, and Linux IP Tables. The CISSP exam covers 10 security domains, and it's really 10 exams in one. Look for an instructor who is a credentialed expert in each of the security domains. Desirable instructor certifications include (ISC)2's CISSP, ISACA's CISA, CompTIA's Security+, SCP's SCNP, Check Point's CCSE and CCSI, Cisco's CCIE, CCNP, and CCSP, Microsoft's MCT, MCSE, and MCSD, Nokia's NSA, TruSecure's TICSA, and SANS's GIAC. It is also desirable for your instructor to have a business or computer sciences degree. Some courses have even been created by recognized authors. Although this is certainly nice, be careful that authoring is not the instructor's only claim to fame. Getting a book deal is not that hard. Having coauthored and edited four books myself, I can speak from experience. The CISSP is an expert-level certification. Make sure your instructor is an expert in each of the 10 security domains before you sign up for a CISSP class. You should also be careful of a school that boasts of a course created by an expert but then uses someone else to teach it. The strength of an instructor-led class comes primarily from the instructor in front of you, since it is the instructor's ability to transfer knowledge that can really deliver the value of the class. I can tell you that it's a lot harder to hire extremely talented and qualified instructors than it is to find or create good base content. Promoting a course created by an expert and delivered by someone else is often little more than bait-and-switch marketing. Tip 2: Beware of the cookie-cutter course Make sure that the course provides a foundation of solid information security training mapped to the 10 security domains of the Common Body of Knowledge (CBK). Is the course adapted solely from a book, or does it include custom content as well? What is the extra content? Oddly enough, you should also make sure that the instructor's presentation actually corresponds to the course materials provided. We've had many frustrated students come to us after attending a presentation that didn't even match the materials provided. Tip 3: Evaluate the after-course study materials Make sure that the course is set up to allow easy review. There's an enormous amount of material to cover for the CISSP, and you'll absolutely have to review on your own to retain all the necessary details. If the course is set up properly, it should already have critical exam points highlighted for you. The school should not rely on your ability to remember what was important to remember for the exam. It will be hard enough just keeping up, let alone discerning what to review. Make sure the school is doing its job by taking as much of the work out of the learning process as possible. You want to have energy and concentration left for pure retention efforts without wasting them on preparatory details the school could have taken care of. Tip 4: Ensure that the course addresses test-taking strategies Although the school should naturally provide solid information security training and knowledge transfer, it should also provide specialized training on the art of attacking ambiguous, subjective, and very tricky exam questions. Many of our students have commented that the CISSP exam seemed as much a test of IQ as a test of infosec know-how. My opinion is that it's both. You'll need to develop the skill of ferreting out the true point of a question and then determining the best answer out of four good and arguable answers. Most instructor-led courses shy from this kind of instruction, but that doesn't mean that testing skill is bad or that you don't need it. Just ask any CISSP about the exam. Most will just grin and swear they will never take it again! Tip 5: Check out the opportunity to practice for the exam Make sure that the course includes plenty of mentoring through practice exams. Simply taking practice exams for the CISSP does not work as it does for many technical certifications. From my experience, I can vouch that you'll probably not see more than 2 to 3 percent of any practice questions on your real exam. That means you can't "Transcender" through this one. In preparing for my own exam, I parsed more than 2,800 commercially available practice questions from Boson, The CISSP Prep Guide, the All-in-One CISSP Certification , and the SRV publications to find and memorize more than 1,100 nonredundant questions. I can't say for sure, but I don't remember more than about 25 real questions that mapped very closely to practice questions. The math says you would need 10 times the memorization to get the content you need. Not much of a shortcut, is it? So why do I recommend seeking mentored practice exams? The key word is mentored. If an exam expert walks you through the logic of attacking tricky questions, you can apply those same techniques to any exam. And if the instructor has the string of certifications mentioned in tip number 1, you can be confident that he or she has plenty of experience in taking tricky exams. Tip 6: Don't buy training based on pass guarantees Beware of making your decision based upon a hollow "exam pass guarantee." Most of these guarantees are not money-back guarantees. They often only enable you to take the class again if you fail your exam. It's kind of like being offered a free meal from a restaurant after showing proof from the hospital that your last meal gave you food poisoning.

Network access control vendors pass endpoint security testing Posted: 21 Jun 2010 09:00 AM PDT One of the main promises of NAC is that you can ensure that endpoint security tools are up to date and that non-compliant machines can be identified or blocked. As regulatory compliance has grown in importance, NAC vendors have reacted by building strong feature sets aimed at endpoint security and compliance. In our NAC testing, we had good, and sometimes great, results across the board when it came to endpoint security.

Firefox add-on encrypts Facebook and Twitter Posted: 20 Jun 2010 09:00 AM PDT Firefox users worried about Internet eavesdropping are being offered a new way to encrypt their interaction with a range of popular websites, including Facebook and Twitter.

Testing reveals security software often misses new malware Posted: 20 Jun 2010 09:00 AM PDT New research has further confirmed the difficulties security software companies are having keeping up with an explosion in malicious software programs on the Internet.

Google Chrome gets 'native' PDF support Posted: 20 Jun 2010 09:00 AM PDT Google has started using its next generation plug-in API to embed support for Adobe Acrobat PDFs more deeply into the Chrome browser. The company believes this will benefit security, performance and reliability.

40/100G Ethernet standard ratified Posted: 21 Jun 2010 09:00 AM PDT The 40G/100G Ethernet standard has been ratified, the first specification to simultaneously utilize two new Ethernet speeds.

You are subscribed to email updates from "Cisco" via ehsan in Google Reader To stop receiving these emails, you may unsubscribe now.	Email delivery powered by Google
Google Inc., 20 West Kinzie, Chicago IL USA 60610