Thursday, June 30, 2011

TCP/IP Skills Required for Security Analysts

This is an interesting article over at Symantec Connect by a Intrusion Detection Specialist names Don Parker. It coveres what the basics are to be a thorough Security Analyst. It's a 2 part article with the first part of the article covers Parker's thoughts on the skills required, then the second installment gives insight into a day in the life of an Analyst. Have a read --

http://www.symantec.com/connect/articles/tcpip-skills-required-security-analysts

Comptia Certification Roadmap




Comptia has put out a interactive roadmap for career paths and certifications. Its interesting to see Comptia's perspective on the IT world and where they places themselves. As of late Ive come under the impression that Comptia has a great marketing team and from what I've read they are DoD required for certian positions.Check it out: Comptia cert roadmap

Wednesday, June 29, 2011

Infosec jobs and descriptions

This post on techexams.net is one of the better explanations of infosec work and process that I have seen. It was posted by keatron, an Infosec professional and trainer. His company, Infosec Institute can be found here: resources.infosecinstitute.com and the post in question can be found here: www.techexams.net/forums/security-certifications. Its a great read as are a good number of his other posts.

Heres a snippet
"...IDS specialist, firewall specialist, penetration tester, forensics investigator, security assessments (not to be confused with penetration testing because they are different), just to name a few. Most people hear the term Infosec, and they automatically associate that with network and telecom security, but in reality it's much broader than that. I know people who do nothing but design and test physical security, they break biometric mechanisms, social engineer the heck outta people, and do tons of other things that require little or no knowledge of network or telecom security. The fact is, in most small and medium sized companies, the security team usually consists of one person (if they have that much)..."

Scott Morris, CCIE 4x, JNCIS-M, etc. talks Subnetting IPv4 / IPv6

This is a great subnetting by binary (and IPv6) lecture by Scott Morris, have a look here. Its well worth the watch and coupled with Odom's take of subnetting its a great foundation. Besides, binary is is pretty easy and impresses your friends!

what is the first usable host of the IP address 212.46.165.199/25

This is a post I did on techexams.net about subnetting. I wanted it here for reference.

You've got two way to look at it 0., Binary and 1., Magic. <-- see that binary humor?!?

Ok, your question is
what is the first usable host of the IP address 212.46.165.199/25

binary
we'll look at 3 different kinds of bits,
N=network bits
S = subnet bits
H= host bits

212.46.165.199 is a class C address which means the first 3 of the 4 sets of 8 bit blocks called octets, are N blocks (Class A = first octet, class B = first two octets, class C = first three octets - are network). like:
nnnnnnnn.nnnnnnnn.nnnnnnnn.xxxxxxxx

thats says the 212.46.165 is the network portion of the address. So the rest is devided up into S bits and H bits. Lets look at that CIDR number again, /25. So the first 3 blocks, our network blocks are /24 (count the Ns in the above class C example). That means we have 1 extra bit to be placed in our network bits, but its beyond the class C first 3 blocks so it ends up being a subnet bit like so
nnnnnnnn.nnnnnnnn.nnnnnnnn.s <--/25 where /24 is the n bits and /1 is the subnet bit

The rest of our bits are then host bits. So IPv4 is a total of 32 bits. We have 24 N bits, 1 S bit, and that leaves us with 7 bits. Those last bits are then H bits which makes the IP 212.46.165.199/25 effectively look like this:
nnnnnnnn.nnnnnnnn.nnnnnnnn.sHHHHHHH

We can then take those H bits and drop them into the equation
2^H= number of hosts per subnet (we can also do 2^s but well save that for later)

We have 7 H bits which gives us, 2^7 = 128

So for each subnet in the address 212.46.165.0 there is 128 hosts. So lets count by 128s
212.46.165.0 <-- first subnet
212.46.165.128 <-- second (and last) subnet

For usable hosts, we need to take out the broadcast and network address' (first and last address)

212.46.165.128 <--network address
212.46.165.129 <-- first usable host
212.46.165.254 <-- last usable host
212.46.165.255 <-- broadcast



Whew! On to magic!

212.46.165.199/25
Again, we look at the CIDR notation /25. If we count up the first 3 octects are 24 bits which means /25 lands us at the first bit in the 4th octet.
nnnnnnnn.nnnnnnnn.nnnnnnnn.nxxxxxxx
----------------------------- ^
first bit last octet

So that 1st bit in the last octet, that points to our magic number. If we look at an octet, its powers of 2,

128 64 32 16 8 4 2 1

if we take that 1 bit left over (25-24=1) then we can drop that bit in the first place on the left side, the 128th place.

128 64 32 16 8 4 2 1
^
1

So that left over 1 is telling us that the magic number is 128. So, to figure the subnets we count by 128.
0 128
In our questioned address 212.46.165.199, it would look like so,

212.46.165.0 <--subnet 1
212.46.165.128 <-- subnet 2 -- it stops here (because 2^8=256 thus an octet can only handle 256).

So the address 212.46.165.199/25 falls into the host range
212.46.165.128 - 212.46.165.255

But as you know, we need to take out the broadcast and subnet addresses in order to get our usable hosts, thus the usable host range is
212.46.165.129 - 212.46.165.254

Great subnetting by binary (and IPv6) lecture here. Also, great practice here.

Honeypot Challenge

While reading a thread on Techexams.net a fellow TE user (docrice) posted a note about giving the honeypot challenges a try for people interested in a career in infosec. Its a pretty nifty site and post CCNA studies I think I'm going to give a challenge a shot and see if its really where I want to land eventually.


Their mission statement:
"To learn the tools, tactics and motives involved in computer and network attacks, and share the lessons learned."

http://www.honeynet.org/


In information security a honeypot is a trap (e.g., a faux server) with fake information stored on it. Its place is to bate hackers into attacking it and give them useless information while being able to gather information on the attack.


From wikipedia:
"In computer terminology, a honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer, data, or a network site that appears to be part of a network, but is actually isolated and monitored, and which seems to contain information or a resource of value to attackers."

Currently working on the CCNA

For the past year Ive been working on the Cisco Certified Network Associate certification (CCNA). Ive attended and completed the Cisco Networking Academy and am now on to the final months prior to taking the certification exam. This to be the first of many to come or so the plan goes. The best laid plans of Mice and Men, right?

So, this blog is to keep a log of the information I put together as I am not just collecting it from one source. Rather, I often find that answers and information regarding something like questions on the OSPF routing protocol come from many different sources (e.g., Wendel Odom's Official Exam Certification guide, Howtonetwork.net, freeciscolab.com, Cisco learning net, etc.). So this is where Im compiling them all.  Hopefully it will not only allow me to compile my thoughts and resources, but possibly help others on their journey as well. We shall see.