The Security Zealot

Let me first state that I am usually not one to doubt others research, but I just read this article stating that an Professor in Australia and his team at Queensland University of Technology who have created what has been claimed to be an amazing way of identifying intruders on a wireless network by use of the following method;

“The strength of the signal travelling in a wireless network and the round trip time of the signal are both monitored because they will change if an intruder enters the network.”

When reading this a question seem to come to mind.

Radio frequency are susceptible to several forms Radio Frequency Interference (RFI) from a number of natural and man-made occurrences ranging from pine needles and heavy rain to microwave emissions. With this being said, what would be the signal attenuation and degradation threshold have to be sent at before this product is not throwing “false positives” throughout the day making a poor security guys job a living nightmare. If you have any IDS installation experience you will appreciate the threshold headache.

In an environment with a large amount of RFI which fluctuate daily, e.g. Philadelphia; this would required the reporting thresholds to be so high, would this technology truly be able to distinguish between interference and an intruder adequately? I am skeptical.

I will commend the team on an approach that may be a step in the right direction, but it could not stand alone as a security product. Maybe by combining it with other preexisting technology such as AirDefense WIDS Solution we are getting closer to a security wireless network, but again that is years to come.

Please leave some comments and let me know what your thoughts are.

SZ

17 days and counting…

As I read through the System and Infrastructure Life Cycle Management chapter discussing Project Management,; I find myself questioning what exactly could the exam trying to cover? Will it be meticulous about what charts to use and whose roles is it creates them? Or be broad and asking what is the functions and benefits of Project Management? Only time will tell.

In an attempt the help myself get a better grasp of what possibility could be on the exam, I have been Googling more Free CISA Questionnaires and past comments of CISA candidates.

There is an inherit risk with Googling online question. Are they current? Is the author correct in there answers? In knowing the risk, I have decided tol take each test with a grain of salt and use them as sampling. If I disagree on a question, I always refer back to CISA Review Manual.

To share my efforts, here are a few more links for CISA Study Questions.

Quinotaur’s CISA Study Exam

ISACA CISA Study Questions

The Big4Guy Blog with CISA Questions

****This is NOT an endorsement for any of this sites or an attestation of their accuracy. Use at your own risk****

In closing… Good Luck to all the candidates.

Happy Holidays

SZ

18 days till the CISA exam…

As the days count down, I am spending more and more time trying to locate any possible resource that could provide me with the edge that is required to past the CISA exam.

To help others in the same dilemma, I have create a short list of what free Certified Information System Auditor (CISA) Study Materials I have found so far.

Suaveguru’s CISA Blog

@LearningCorner’s CISA and CISSP Quiz

iGoogle Add on - Adaptive Test:CISA

****This is NOT an endorsement for any of this sites or an attestation of their accuracy. Use at your own risk****

SZ

First, this post is not a debate or comparision between the CISSP and CISA certifications, nor is it a question their of value within the Information Security Field. This is purely a personal observation of the studying resources available during my exam preparation.

It has been 2 years since I passed the CISSP exam, but one of the strategies I used as I began to prepare for the exam was to ask all of the CISSP’s that I knew what resources they used for their studying. Unanimously, they all replied CISSP All-in-One Exam Guide by Shon Harris. With such a strong following, I took this advice to add this book to my arsenal of study materials. I also used the ISC2’s Official (ISC)² Guide to the CISSP® Exam and SearchSecurity.com Security School for high level review of CISSP exam covered by Shon Harris herself.

I found that both the All-in-one book and the Security School held my interest and detailed the contain is such a way that not only did it cover what was required for the exam, but provided a strong understanding of all the 10 Common Bodies of Knowledge. I then reviewed the ISC2’s Official Guide honed in the knowledge base towards the test, ultimately passing with no problems.
Keeping with same tradition, I asked the same question to my CISA peers and unanimously they all could NOT get a suggestion of a “BIBLE” for the CISA Exam. So this leaves me with reading the ISACA’s CISA Review Manual which seems to be a great cure for insomnia and an older Exam Cram 2 book, which I borrowed.

With a little luck, I will be able to keep up with my beauty sleep and pass with these resources.

SZ

As I posted yesterday stating that I have no time for posting, I felt am small feeling that I was letting myself and others down. Just as aspiring blogger, I feeling that my experiences and ideas are a value for the world to read.

Then Reality Hits… time management and writers block comes crashing in like a the Kool-Aid Guy!!!

With that said, I am one who believes that things happen for a reason, good or bad. Yesterday I made my and today I found the following blog from Northxeast.com explaining some great tips to help every blogger.

So to help me write some valuable content and still move forward my other tasking; I decided to be geared my next posts towards my CISA Preparation studying and how this topics relate to my years of experience.

SZ

I am have not written in a few weeks, basically because I have been overly busy. I am currently studying for the CISA (Certified Information Systems Auditor) Exam which is held on December 8th, working on my BS in Computer Science Degree part-time, working full-time and being a family man. Whew!

With all that said, I still plan on moving forward and adding some valuable contain to this blog in the next few months.

I have a few projects and articles brewing in the back of my mind some include Information Security Career Advise and others contain some physical security information. (A fascination I stumbled across during DEFCON this past summer.)

Until then… I am off running at full throttle.

SZ