Thanks Mike! Yeah that REALLY helps!

Ok, so those questions then aren't just not-great questions; they're indicative of I REALLY need to read the question and actually figure out if they're asking what it looks like on the surface or if there's something deeper behind it. Many tests say to carefully read the question, but that's usually just the boiler plate stuff that gets slapped on almost every test anywhere on any topic. In this case, it's REALLY meant.

I think I'll do something like that at home perhaps. At work I did set up an OpenSUSE machine and threw Snort on it with pulledpork.pl, and eventually Tripwire as well. I did it for personal workstation security reasons (we have interns from another country doing some cyber security research and I'm on the same VLAN as them), but I also remember it being mentioned in the videos that it's something we are really encouraged to work with and play around with.

I had made some flashcards for various port numbers of the known ports, I'll just add another set for malware. I guess the moral of the story is, given it's a mile wide and an inch deep, even if I miss one or two questions based on ports of malware, it's ok. It's about the bigger goal, which is passing the test or to put it the style of Sun Tzu:

The general that fights many battles, regardless of their respective victories, looses resources for the bigger picture, depletes the resources of the state 10 fold, and losses the bigger war. "Thus, winning a hundred victories out of a hundred battles is not the ultimate achievement; the ultimate achievement is to defeat the enemy without even coming to battle".

Basically, don't get bogged down in the "trivia". Obviously I need to continue studying, but I need to pick and choose the battles that I personally feel are worth fighting. If I think the overall exam is based on understanding concepts (with knowledge of some of the tools' parameters), then the "trivia" stuff will probably be only one or two here and there. Of course, I also don't want to suffer a death of a 1000 needles either. I think the way I will approach it, is to continue pushing my way forward through the book , doing the tests after each chapter, work the virtual labs, go through my own personal notes, skim back over through the book where all my color-coded page flags are (benefit of page flags -- don't have to read the entire thing a second time) all the while continually and occasionally working through the "trivia" stuff.. It should sure up my defenses a bit for the test and provide me a fighting shot.

I'm going to go ahead and mark this as solved, since it addressed and answered my questions. Thanks!

@Jae said in Differences:

What are the differences between all the security certifications. I know CompTIA Security+ (which I passed years ago, but expired in November) is the entry-level/security foundation, but I don't really know what the difference is between CEH, CISSP, CASP, SSCP, etc.

The big difference between them is the certifying organization. CompTIA represents a vendor neutral certification, this normally means more generic terms less on specifics and more on theory. All of the others represent either a specific vendor or industry specialization. Usually, with these cert, they call out some of the same items but more specifically and are more in depth because their focus is in a specialization or a particular vendor's product.

When I very briefly studied for the Security+ exam, I enjoyed learning the topics, but I never did anything with it in the workplace so I lost it. Now I'm looking to change jobs and wondering if I should also look at changing roles.

This is a tough one because that normally depends more on market you're in or willingness to change markets. Security and App Development are the two fastest growing field in IT with a high demand for both.

I have forwarded the information to the team who manages the VMs. Thank you for providing the detailed the write-up on the bugs. I'll update with more information as I get it.

@Joel-Sargent
Congratulations to you! I'll definitely let Adam know. Thanks!

@James Glad you found them!

@terrence-danial
Unfortunately, we don't have an official relationship with EC Council. Many of these groups have these types of guidelines in order to make their certifications maintain their value. Maybe other members can help out and provide some creative alternatives to get the security work experience needed. Best of luck to you and please keep us posted.

@nepal2046
CCNP Security is one of our highest requested courses and we are still committed to bringing that to you. We were not satisfied with the quality of what we created and will work diligently to get it back on the schedule soon. Thanks for your patience!

@ranga-loku
ok after playing with pfsense I think the problem is in your firewall rules. Try turning off all the rules for PrinterLanVLAN and add an all access rule. If your printer starts working then the problem is you are blocking the necessary traffic the printer needs to do what you want it to.

alt text

I know it's a lot but can you post screen grabs of all your rules?

Sniffing wireless traffic from other devices is theoretically possible since the radio waves hit your antenna, but the mechanics of setting it up is a bit involved and is very specific to your hardware and OS. Most wireless traffic is encrypted, so that is an additional hurdle. For Wireshark specifics, see https://wiki.wireshark.org/Wi-Fi and the pages it links to.

A common wireless MitM attack method is to set up a rogue access point with the same SSID as the one your intended victim will connect to.

@DJ-Moore,

I downloaded a copy of the application form from their site... I just copied the Eligibility Requirements and Application Submission Steps from that document. From step 3 it looks like a driver's license or valid Government ID will work.

Please provide me with a link to where you found the requirement you're referring that way I can try to find out more info, thanks ~Ronnie

==================================
Eligibility Requirements
Either one of the following criteria is required by EC-Council so that a determination can be made regarding a candidates eligibility.

a) A candidate has attended "Official" training through an EC-Council Authorized Training Center (ATC).
Accepted "Official" training solutions: Instructor-Led (ILT), Computer -Based (CBT), Web-Based (WBT), or Academic Learning.

b) A Candidate may be granted permission to attempt the exam without "Official" training if:

The Candidate has and can prove two years of Information Security related experience, or can prove prior certification status
in the same certification discipline. (ie. Older versions such as CEH v4,v5,v6, etc.)* The candidate remits a non-refundable Eligibility Application Fee of $100 (USD). The candidate submits a completed Exam Eligibility Application.

Application Submission Steps
Step 1: Complete the application form

Step 2: Ask your Boss / Supervisor / Department head to either write a letter in company letterhead confirming your 2 years security
related work experience ** or complete and sign the verification section on page 3.

Step 3: Attach a copy of your Drivers License or any valid, approved Government identification such as a passport or military I.D.

Step 4: Fax the above documents to 505.341.0050 or Scan the documents and e-mail them to customerservice@eccouncil.org

Step 5: Remit $100 payment for Non-refundable Eligibility Application Fee [Credit Card Authorization Form attached to email.]

Step 6: A representative from EC-Council's Certification Department will contact your Boss / Supervisor / Department head to verify
the information submitted on your application.

Step 7: If your application is approved, you will receive your exam eligibility code. (Please allow 2 weeks for processing.)

==========================================

All a VLAN is is a Layer 2 Tag. You have an Ethernet frame that get's forwarded to a port, that port has a list of VLANs allowed on it .

Simply put if the traffic doesn't match the VLAN allowed on that port it will not get forwarded to that port period. The only attack that I know of that will allow you to bypass this behavior is VLAN hopping using double tagging or taking advantage of switch mis-configurations

VLAN hopping can be avoided by simply following best practice procedures when designing a network. The Native VLAN has to be one that is not used for anything and is not VLAN1 (also don't use VLAN 1) . All trunk ports should prune VLAN1 and the native VLAN (there is no reason to carry traffic on those 2 VLANs anywhere). And set all ports that don't need trunking to access ports.

With Double tagging it's a bit more complicated. I can add 2 tags to an Ethernet Frame. When the first tag is verified my Frame will be forwarded and the first tag will be stripped. then when my Frame needs to be Forwarded a seconded time (let's say the port I am trying to access is on another physical switch and I have to cross a trunk link to get to it or the switch needs to preform a recursive search in the MAC table ) when my frame is checked again the second tag will be seen and the switch will put it on the VLAN of my choosing.

This double tagging I think would be a problem on older hardware since it seems like the only way to protect against this would be to make the switch aware that this is an attack vector and actively search for double tags.

@Ronnie-Wong Thanks Ronnie :)

@robin-ryan,

We're almost there for the labs. With the way that the cisco licensing works, we couldn't offer it as part of our regular subscription price (we tried everything). We are going to be introducing them soon as a "one-off" type of access purchase to those labs. But the delay right now is in developing the pay system and UI and how to best deliver it. So the labs are done, how to get it to our subscribers is not yet done but we see it in the near future. I've not been given any additional timeline information.

See if that Fortinet has the infamous back door.

http://www.securityweek.com/backdoor-found-several-fortinet-products

https://www.exploit-db.com/exploits/39224/

https://thehackernews.com/2016/01/fortinet-firewall-password-hack.html

@Joel-Sargent,

Congratulations! The ITProTV team celebrates with you on your certification!

@Paul-Cureton,

Thanks for pointing these out...We've got some time this month and maybe able to do an addendum to the show.

@Matthew-Franco,

The CISSP content is normally online about 24-48 hrs after the live recording. This is our goal. Sometimes, this is delayed, especially for content that occurs on Fridays and descriptions that must be generated per episode.