headers
kartik.netsec | 1 Mar 2012 09:35
Picon

Maintaining CISSP

Hi,

I need to submit CPE for my CISSP. I have recently passed CISM, can someone help telling me on how much CPE I can
quote while 'self studing'/ achieved CISM? Is there a criteria?

ISC2 says "If you have done preparation work to obtain another professional certification, which is not a
certification from (ISC)²® and if this other certification is one in which you have increased your
knowledge-base, then you are entitled to CPE credits for the preparation or self-study work you did to
achieve this other certification."

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL
works, how it benefits your company and how your customers can tell if a site is secure. You will find out how
to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout,
best practices for set-up are highlighted to help you ensure efficient ongoing management of your
encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
Permalink | Reply | 2 comments |
headers
Jerry Warner | 1 Mar 2012 15:30
Favicon

Firewall logs and Event log Analyzers

I am looking for recommendations on firewall log and windows event log
analyzers.  Hoping to find an inexpensive software package for the small
to mid sized business.  One that I have been looking at is manage
engine, does anyone have experience with their tools?

Thanks,

Jerry 

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL
works, how it benefits your company and how your customers can tell if a site is secure. You will find out how
to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout,
best practices for set-up are highlighted to help you ensure efficient ongoing management of your
encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
Permalink | Reply | 2 comments |
headers
Hannes Holm | 1 Mar 2012 11:49
Picon
Picon

A survey on web application security

Hi all,

I would like to invite you to participate in a survey investigating the effort required to discover web
application input validation vulnerabilities given different scenarios - a topic that needs further
exploration. This survey is carried out by a research group from the Royal Institute of Technology in Sweden.

By completing this survey you will:

  * Help the community to quantify relevant properties related to the discovery of web application input
validation vulnerabilities.
  * Be able to compare your answers to the answers of others.
  * Have the chance to win a 100 USD gift certificate on Amazon.

The survey can be found at: http://surveys.ics.kth.se/WASecurity  

Please contact us if you have any questions related to this study.

Thank you for your attention and sorry about the cross-posting.

Regards,
Hannes

Hannes Holm, Ph.D. student 
Industrial Information and Control Systems KTH - Royal Institute of Technology
10044 Stockholm, Sweden
Web: www.ics.kth.se 
E-mail: hannesh <at> ics.kth.se

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
(Continue reading)

Permalink | Reply | 0 comments |
headers
David Frier | 1 Mar 2012 17:24
Favicon

Re: Maintaining CISSP

CPE credit is 1hr = 1CPE

So for every clock-hour you spent you can claim one CPE credit

On Thu, Mar 1, 2012 at 03:35,  <kartik.netsec <at> gmail.com> wrote:
> Hi,
>
> I need to submit CPE for my CISSP. I have recently passed CISM, can someone help telling me on how much CPE I
can quote while 'self studing'/ achieved CISM? Is there a criteria?
>
> ISC2 says "If you have done preparation work to obtain another professional certification, which is not a
certification from (ISC)²® and if this other certification is one in which you have increased your
knowledge-base, then you are entitled to CPE credits for the preparation or self-study work you did to
achieve this other certification."
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL
works, how it benefits your company and how your customers can tell if a site is secure. You will find out how
to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout,
best practices for set-up are highlighted to help you ensure efficient ongoing management of your
encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------
>

--

-- 
--David (Kahomono)
(Continue reading)

Permalink | Reply | 0 comments |
headers
Patrick Kobly | 1 Mar 2012 17:27

Re: Maintaining CISSP

Probably a good idea to talk to (ISC)^2 directly, but the general rule is report the time you actually spent
learning at 1:1 under class a, multi domain, web / self study...  Hang onto the books / web addresses you were using.

Pk

On 2012-03-01, at 9:16 AM, "kartik.netsec <at> gmail.com" <kartik.netsec <at> gmail.com> wrote:

> Hi,
> 
> I need to submit CPE for my CISSP. I have recently passed CISM, can someone help telling me on how much CPE I
can quote while 'self studing'/ achieved CISM? Is there a criteria?
> 
> ISC2 says "If you have done preparation work to obtain another professional certification, which is not a
certification from (ISC)²® and if this other certification is one in which you have increased your
knowledge-base, then you are entitled to CPE credits for the preparation or self-study work you did to
achieve this other certification."
> 
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL
works, how it benefits your company and how your customers can tell if a site is secure. You will find out how
to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout,
best practices for set-up are highlighted to help you ensure efficient ongoing management of your
encryption keys and digital certificates.
> 
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------
> 

------------------------------------------------------------------------
(Continue reading)

Permalink | Reply | 0 comments |
headers
David Bridgman | 1 Mar 2012 17:28
Favicon

Re: Firewall logs and Event log Analyzers

Check out Splunk free up to 500meg per day or Qradar.

Dave Bridgman, CISSP

Sent from my iPhone

On Mar 1, 2012, at 8:20 AM, "Jerry Warner" <jwarner <at> wwsport.com> wrote:

> I am looking for recommendations on firewall log and windows event log
> analyzers.  Hoping to find an inexpensive software package for the small
> to mid sized business.  One that I have been looking at is manage
> engine, does anyone have experience with their tools?
> 
> Thanks,
> 
> Jerry 
> 
> 
> 
> 
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL
works, how it benefits your company and how your customers can tell if a site is secure. You will find out how
to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout,
best practices for set-up are highlighted to help you ensure efficient ongoing management of your
encryption keys and digital certificates.
> 
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------
(Continue reading)

Permalink | Reply | 1 comment |
headers
joseph | 1 Mar 2012 18:09
Favicon

Re: Firewall logs and Event log Analyzers

yes,I agree with dave recommendation.
Splunk. Windows event log management 
Sent from my BlackBerry® smartphone from Sinyal Bagus XL, Nyambung Teruuusss...!

-----Original Message-----
From: David Bridgman <David.Bridgman <at> lifelock.com>
Sender: listbounce <at> securityfocus.com
Date: Thu, 1 Mar 2012 09:28:48 
To: Jerry Warner<jwarner <at> wwsport.com>
Cc: security-basics <at> securityfocus.com<security-basics <at> securityfocus.com>
Subject: Re: Firewall logs and Event log Analyzers

Check out Splunk free up to 500meg per day or Qradar.

Dave Bridgman, CISSP


Sent from my iPhone

On Mar 1, 2012, at 8:20 AM, "Jerry Warner" <jwarner <at> wwsport.com> wrote:

> I am looking for recommendations on firewall log and windows event log
> analyzers.  Hoping to find an inexpensive software package for the small
> to mid sized business.  One that I have been looking at is manage
> engine, does anyone have experience with their tools?
> 
> Thanks,
> 
> Jerry 
>
(Continue reading)

Permalink | Reply | 0 comments |
headers
Michael Painter | 2 Mar 2012 05:32
Favicon

Re: VPN Service

erik wrote:

> And the addresses located in The Netherlands (endpoints) is a perfect
> reason NOT to use this provider
> since no other country in the world has (relatively speaking) more
> lawful intercepts than The Netherlands.
>
> Really. Sad but true. All traffic is logged by law, and kept for the
> duration of 2 (two) years. The bill you talk
> about for Canada was passed here a couple of years ago. Police are known
> to (illegally) conduct
> search operations in these logs.
>
> I would look for a vpn provider with endpoints in Sweden or (better)
> Switzerland.
>
> Erik.

I showed the above to my vpn provider (in Europe) and his reply follows:

"Hello!

Unfortunately the author of the article has very confused ideas about the Netherlands, Switzerland and Sweden.

In NL data retention applies to Internet Service Providers that bring connection to the end-user, and
applies for 6 
months, not 2 years, a shorter period than Switzerland." 

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
(Continue reading)

Permalink | Reply | 1 comment |
headers
erik | 2 Mar 2012 18:15

Re: VPN Service

Op 2-3-2012 5:32, Michael Painter schreef:
> erik wrote:
>
>> And the addresses located in The Netherlands (endpoints) is a perfect
>> reason NOT to use this provider
>> since no other country in the world has (relatively speaking) more
>> lawful intercepts than The Netherlands.
>>
>> Really. Sad but true. All traffic is logged by law, and kept for the
>> duration of 2 (two) years. The bill you talk
>> about for Canada was passed here a couple of years ago. Police are known
>> to (illegally) conduct
>> search operations in these logs.
>>
>> I would look for a vpn provider with endpoints in Sweden or (better)
>> Switzerland.
>>
>> Erik.
>
> I showed the above to my vpn provider (in Europe) and his reply follows:
>
> "Hello!
>
> Unfortunately the author of the article has very confused ideas about 
> the Netherlands, Switzerland and Sweden.
>
> In NL data retention applies to Internet Service Providers that bring 
> connection to the end-user, and applies for 6 months, not 2 years, a 
> shorter period than Switzerland."
>
(Continue reading)

Permalink | Reply | 0 comments |
headers
s garcia | 2 Mar 2012 21:25
Picon

Give your advice, pls!

Hello guys!

Im a guy whose duties are doing a lot of security stuff; stuff like
scanning for vulns at our entire infraestructure (mainly pcs and
servers) and web apps, also some pentesting work, checking vulns on
changes made on web apps, and of course, a lot of reports and so on..
My boss wants me for administer an IPS. At this point I'm not pretty
sure. I have a personal lab based on virtual machines including an IDS
and some virtual PC's with different OS's on it.. The size of log
recorded for the virtualized IDS in my lab its very insignificant
rather than IPS real world. I just checked out the event log and there
are millions of records...naturally. All info recorded into log Is not
unknow to me, but the management is my concern, I'm already reading
IPS manuals, but how to deal with hundreds and hundreds of records
classified as attacks, web:bots and so on???? I love challenges, no
doubt...and this is a big one. Definitively I could do it, but I just
I need somebody show me the path, the rest I will do.
with no doubt, I see this as a big chance to give a higher step in my
knwoledge..

what is your best advice?

thank you all you guys and have a nice weekend ahead!

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL
works, how it benefits your company and how your customers can tell if a site is secure. You will find out how
to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout,
best practices for set-up are highlighted to help you ensure efficient ongoing management of your
(Continue reading)

Permalink | Reply | 0 comments |

Gmane