Six access control:

 

  • Preventive
  • Detective
  • Corrective
  • Recovery
  • Deterrent
  • Compensating

The Access control can fit in the following categories:

 

  • Administrative
  • Technical
  • Physical

 

Preventing: The name is saying, prevent to something happen. For example some companies make some background checks, with this they can find out if a person is getting some economics or law problems and avoid hire somebody for a risky position.

 

For example, if somebody is getting economic problems and it is managing money or secrets, this person could get some money or sell some secrets, the background check will prevent to hire a person for this position.

 

Detective control: This detect something when is happening or after happen, like the intrusion detection system in a network.

 

Corrective: Correct some situations, like the antivirus detect a virus and try to clean the file or quarantine it.

 

Recovery: This control recovery after an incident, for example after a hard drive fail, or user delete some data, or a virus damage data, all this situations require to restore from backups, install OS, reconfigure, etc, etc to restore the functionality of the system or availability of the data.

 

Deterrent: This deter a user to do something, for example when you see signs like "Smile you are on camera" or "beware of dog" or "security on duty" etc. The user/attacker/person avoid to do something because he/she doesn't want to be catch or get problem in that situation.

 

Compensating: This compensate or complement the weakness in one area to full fill the missing part or make it stronger.

 

 

 

 

 

 

 

 

 

 

This is a very common question on the IT forums and it is normal, just take a look in Google and you will find a lot of certifications and most of them promise the high paying jobs or to be an expert, etc. Plus a lot of us like different fields not just one, some people like System and Networks, others System and Programming, etc, etc. Yes and then we want to be very well rounded so we can fit it on a lot of jobs and we can be included in a lot of projects.

 

Now where to start on Certifications?

 

That's depend of what we want to do first or what is our goal. Let's take one example, somebody working on helpdesk, he/she wants to move on, get more hands on (some helpdesk doesn't touch the computers at all, they work on the phone, other helpdesk touch the computers or programs and do real fixes, the last one is not traditional helpdesk).

 

Now let's see the different paths and we will talk computer helpdesk not software support, you can adapt it:

 

From Helpdesk to System Admin

 

If the technician is been in helpdesk less than a year he/she (beginning from here I will refer he, I am implying he/she) needs to be good in that position, certifications like A+, Network or Windows 7/8/10 desktop certs will help the tech to be good in that position, at the same time he would be putting good knowledge base. Now from there he can begin to take any Windows Server certification like MCSA: Windows Server 2012 if is Windows or if is Linux Read Hat certification or CompTia Linux or LPi, etc.

 

You will say I need experience to pass those exams, yes you need experience to pass a lot of those exams and at the same time you need knowledge and NOBODY will give you a change to play with the servers, so what would you do? Lab a lot, yes, it is cheap, create your own virtual machines, install your own servers with roles like domain controllers, file servers, etc, how many servers and configurations you will do that's depend of you, the more you install and configure your domain controllers, dns, dhcp, open and close ports, policies, firewalls, web or email application in Windows/Linux that's depend of you, the more you do it the more you will get your own experience and confidence to pass the exams.

 

From Helpdesk to Network Admin

 

In that moment certification like Network+ will help you to put the base and the Cisco CENT or CCNA will help you to get the knowledge or any basic Juniper certifications, now the key here is the same, you need to practice a lot, yes, practice, buying the equipment is expensive but you are not alone, you have router emulation like GNS3 and the Boson router and switch emulation, you can work with that until you drill your knowledge. Some companies rent online routers/switches/firewalls like INE where you can practice.

 

Moving from Helpdesk to System or Network position is not easy, it will require effort, at the end you will get what you put on it, if you put a lot of effort, trying to know very well all the domains of the certification regardless of you think you will use or not in the future, one thing is clear: If your company doesn't move you to a better position or if your salary doesn't increase in that company other company will do it, they will hire you and give you the position or salary you want.

 

Do you want to know how to study for certification, check this article: http://www.learn-security.net/12-how-study-for-certifications

Every forum or blog where you go and they are talking about the CISSP they will mention that it is 1 mile wide and 1 inch deep. Also when you are applying to a Security Analyst position they require CISSP and the functions are not a CISSP position at all. All of this is true.

 

So why "Thanks CISSP, you help me in this job", guess it is because what the CISSP teach you help you to move around in that Security Analyst job, let me explain you.

 

Imagine that you are at your desk and you receive a ticket where you need to grant access to a user to a shared folder, the ticket just said: Allow access to \\server\data. So the ticket doesn't say what kind of access and you are not a mind reader to know what the person was thinking when submitted the ticket. So you think, the user need the right access to develop his job (probably you do not have any exact idea of the user job), so you manage "need to know" and the least privilege. You tried to contact the person who submit the ticket and it is not available. So what access you provided: Read Only until otherwise.

 

Five minutes later somebody call you for a physical incident and need to gab more information, then you access the DVR and begin to pull some videos with the incident time frame and in your mind you begin to think how to prevent that incident in the future.

 

Twenty minutes later your boss call you and mention that a company will do internal pentest to compliance with PCI.

 

Yes, in less that 1 hours you use your "wide" knowledge got it in your CISSP, and I am not mention other subject in the whole day. So "Thanks CISSP, you help me in this job" you will be able to move around and going deep with more experience, certifications and all the CPE you have to full fill.

There are a lot of reasons why to study to get certifications, here we will analyze different ways how to get it, you choose what ever is best for you. We will consider videos training, books, classes, exam simulator and labbing.

 

1. Class or Self Study.

 

Yes, some people needs to have a teacher in front of them to teach them and guide them step by step, that's normally the traditional way to do it, and that's the way we study at the school. It worked for years with a lot of modifications. If you like to have a teacher is good, it is one of the best way to learn.

 

Now because when we try to get certifications and the money is tight and schedule difficult some others prefer to self study, now that has some challenges, require discipline, consistency and a lot of curiosity, yes a lot of them because nobody will explain you or give you tips, you will need to deep more and more, and if you do not understand something you will need to drill and drill until you get it. If you like self study then enjoy it.

 

2. Method: First Videos, second books, third exam simulator and lab (if there is any).

 

Yes some people prefer watch all the videos first to get an idea, then read the book one or two, after the book they begin to work with exam simulation and lab. According to them it is easy to for them comprehend all the material in this way. Is this right for you?

 

3. Method: First books, second videos, third exam simulation and lab (is there is any).

 

This is similar to the second method, now some people they feel that if they drill with the book, with the real meat and then they see the videos they will emphasize or understand something that they missed reading the books, then exam simulation or lab. Is this right for you?

 

4. Method: First video, second NO books, third exam simulator and lab (if there is any).

 

Really, some people expect to pass a certification on this way and I see a lot of them trying and failing the exam, you need the meat, the real knowledge of the books, the videos will show you some parts, normally they are between 4 to 15 hours, if they need to cover in detail more, the video would take more than 40 hours. Is this right for you?

 

5. Method: First books, second NO videos, third exam simulator and lab (if there is any).

 

Some people love to read the books and they feel videos are boring, that is the hard way and effective, they really want the meat and go for it, some of them after reading the books go online to keep learning more and more, and sometimes read two or three books for the same certification. Is this right for you?

 

6. Method: video, books, exam simulator and lab all of them at the same time.

 

Yes, this is one of the best method for a lot of people, the idea is to drill one domain at the time until you understand that domain, now this require patience to keep going because some domains are a little boring or take more time than expected. Now the key for this is that sometimes between domains you need do some review of the one you already study, and you can do it using the exam simulation or flash cards to keep the first knowledge fresh. Is this right for you?

 

Conclusion: Remember, everybody has his/her style, we learn differently, chose the one that it is best for you and  if you feel that the method you are choose is not working you can change it on the flight. We were designed to learn all the time, enjoy it.

 

If you have a different method and want to share it with us please put it on the forum, I would be glad to add it to this list.

 

 

 

 

 

Is it worth to pursue the Certified Ethical Hacker (CEH) from Eccouncil ?

 

That's depend of many factors. A lot of people doesn't respect CEH because cover a lot, including several tools and most of the time is theory. In the other hand companies required the Security Analyst to be CEH certified, just take a look in Dice and Indeed and type CEH and you will see.

 

Now the main question is why do you want to get this certification CEH? Sure most of you will say to get a better job, pass HR filter and increase my salary, others will say: "I want to be a Pentester"!!!!!

 

One factor is very clear, from this cert CEH you will not be a Pentester, period, there is too much cover to be one pentester. In the other hand this could be your first step to be one. Really? Yes, you need to know some tools, steps, procedures and begin to think like a hacker to be one, it could begin your career  with this certification.

 

When you begin to study for this certification you will find different attacks, scans, nmap switches, netcat, malware, etc, etc. That is only theory, now in this moment YOU CAN MAKE THE DIFFERENCE!!!. How? You create your lab and you begin to test, for example in the CEH they will ask you about the nmap switches, then you test the different switches, you also can put a firewall between the attacker machines and the target, open some ports and lets see if you can scan without problem or detection. Also you can test netcat,etc, etc.

 

Sure, it will take more time to complete the CEH, but because you are going deep in knowledge the exam is going to be easy and you will begin to build your skill to be one day Pentester or Ethical Hacker.

 

So it is worth it? Yes it is if you do it in the right way.