CISSP Exam - March 12th - Kansas City

The ISC2 CISSP exam is schedule for March 12^th 2011 in Kansas City.  Usually the Kansas City area schedules this exam twice a year.  Well it’s that time, most people have been studying for a few months for this exam date and are now coming down to crunch time.  Here are my 5 tips for success for the exam.

1.      In the last few weeks of studying you should be going over the questions on the CCCure Quizzer.  You can either do the free questions or pay $39.99 for the 6 month subscription.  The pay option is well worth it.

2.      Create a testing plan that will allow you time to take little breaks in between questions.  You have 6 hours for the exam with no scheduled breaks and all breaks count against your test time.  Using all of you allotted time is beneficial.  Allowing yourself a 5 or 10 minute break after so many questions allows you to keep on schedule and not get behind or go to fast.    Also remember to bring little snacks and something to drink which you can put in the back of the room during your breaks.

3.      Do not cram the night before.  In fact put all of your studying aside and have a quiet evening doing something you enjoy.  Go to bed early and get a good night’s rest.

4.      The morning of the exam, don’t drink a lot of caffeine and eat a little something for breakfast for energy.  You do not want to waste too much time going to the restroom several times during the exam.

5.      Remember to bring your certification ticket and two forms of ID.  You will not be allowed in with any of these items.

Good luck on the exam.

Public WiFi - You are not alone..

One of the concepts I teach in both my consulting business and the classroom is when you are using free public WiFi access you have to take precautions because you are not alone.  Public WiFi access is free but the security is not.  Here is a scenario.

You are at your favorite coffee shop that offers free WiFi.  You connect your laptop and surf out to Facebook or you go check your email.  Now unbeknown to everyone in the coffee shop is a hacker that is "sniffing" the wireless network.  Since you have no security protocols and access does not require any type of password or key, all of the wireless traffic can be recorded on a packet sniffer such as Wireshark, Cain & Abel, or NetResident.  A packet sniffer is software that captures packets on a wired or wireless network.  The packets captured show the network or internet traffic that a person is creating by surfing on the internet or while using the network.  These packets will contain usernames and passwords that you type into a web browser as well as the location of all the sites you are browsing too.  If you put any PII (Personal Identifiable Information) on the internet, the hacker can capture this information and sell it on the internet which would create "Identity Theft" for the user. 

The hacker may even attempt to gain access to your laptop right there in the coffee shop as well.  Also remember the hacker does not have to be in the coffee shop, they can be several hundred yards away using a special high gain antennae to access the wireless network.

Don't think this can happen to you?  Check out what happend at a coffee shop in New York using a tool called Firesheep.

So is there such a thing as using a free wireless network safely?  Yes, you can.  You just have to follow a few simple rules to protect yourself.

1)  If your on a company laptop, make sure you are using a VPN (Virtual Private Network) connection.  This will encrypt your connection and you can safely access the internet through your company.  Don't have a company vpn?  Try AnchorFree, it is a free vpn client that anyone can install and use to surf the internet through a secure vpn server.

2)  If you need to just check your email or access a web site make sure you are using https or ssl to ensure you are checking your email with a encrypted and safe connection.

3)  If you are going to surf the internet in public try using a wireless phone modem device which you can purchase from your wireless carrier.  It is a USB device you plug in to access a secure wireless network for your computer.

Good luck and remember "we are not alone on the internet".

Tom

Consultant/Instructor
CCSI, CCNA, MCSE (NT, 2000, 2003), MCITP SQL 2005, MCDBA SQL 7 & 2000, MCP+1, MCT, CTT+, CISSP, CWNA, CEH, CHFI, A+, Network+, Security+