October 26, 2016

CompTIA Security+ certification review


Overview

   I will start my certification story with Security+. At the beginning of 2015 my wife and I decided to relocate from Russia somewhere in Europe, because technical security jobs in my city are at low demand with pretty shit salaries by the way. So one of the first steps for us was to convert my knowledge in something more recognizable all around the world. I read some reviews regarding different certifications and decided to start with CompTIA Security+. I knew that this certification is an entry level one for security, so I it didn't take much time to prepare. Another important reason was that English is not my native language, so I wanted to get a feel of enterprise security terms and approaches.
   I have quite weird thoughts about certification process itself. It is not rare that certification is used not for proving skills, just to move up for career ladder regardless what you know and your abilities. That is why I am a big fan of Offensive Security guys, their approach and frustration. Obviously for Security+ you can easily google dumps, but if you don't understand the actual material you will struggle a lot in feature. By the way price around 300$ is quite challenging in Russia I decided to pass exam myself as I did before in school and University. I was always bad in "copy-paste" way.
   I examined CompTIA site and found more details about themes:
  • Network Security - 21%
  • Compliance and Operational Security - 18%
  • Threats and Vulnerabilities - 21%
  • Application, Data and Host Security - 16%
  • Access Control and Identity Management - 13%
  • Cryptography - 11%
All questions were divided on these categories. 90 questions/90 minutes to complete exam. 900 points maximum, 750 to pass. Let's prepare.

Preparation

There were 2 books for Security+ preparation:

Both books were excellent preparation guide. Let's dig a bit in. Topics were quite similar, so I will speak about both books in general.
  1. Network Security. Here you will find all variety of topics about firewalls, IPS/IDS, VLAN, DMZ, NAT, protocols from different layers of TCP/IP stack and etc. In exam most of the questions in these domain would be about port numbers and associated protocols, effective security measures to lock down security on network level, wireless security.
  2. Compliance and Operational Security. This part is quite boring and annoying, but I can't but mention the fact that these topics would be very helpful for you when you will decide to ask security budget increase or buy new fancy useless security toy=) Disaster recovery, backup plans, incident response, risk management - understanding all these topics would be handy to speak with business. More interesting to read about physical security and security administration. Remember all abbreviations, what they mean and how technical stuff influence them.
  3. Threats and Vulnerabilities. I think most interesting topic in both books. You will dive in malware classification, application and general attacks, social engineering. Most questions from this category would be about choosing best way to mitigate some threat or to distinct one threat from another.
  4. Access Control and Identity Management. Here you will deal with authentication/authorization (802.1x, port security, RADIUS and etc), host-based security software, ways to improve security on endpoints. Most questions would be about how to implement these features to address specific threat in most effective way.
  5. Cryptography. Key concepts of symmetric and public key cryptography, hashing, most common protocols, limitations and recommended parameters to use. Also network protocols which use cryptography heavily would be described: IPSec, TLS, HTTPS and etc.

Exam

   My review would not be really full without my impression about exam. Actually it was not too bad. CompTIA gave you various number of situations and asked for best solution in this situation. 2 out of 4 answers were quite stupid, but to choose right one you will probably need to think a bit. It was all about choosing best variant. You need to remember 2 parameters from situation in your head to do right  choice. Also you can find performance-based questions, which were far away from practice. In one question you will probably found parts from different domains. For question examples-have a look at samples in books above.
   I spent 2 weeks to prepare for this exam. I did it in PearsonVue center. I used about 60 minutes to achieve 880/900, probably I missed 1 or 2 questions. My first step towards relocation was made.

Conclusion

This exam can prove your entry level of understanding security. It is not hard technical exam, more situation based. Obviously, good university would provide all necessary background to pass this exam quickly. If you are looking for Level 1 position or your first infosec job it is a good choice. With my current level of experience and knowledge I would not bother to recertify after expiration.

October 17, 2016

Share is fun!

   A lot of things happened since my last blog post. During last 2 years I could not find time to write a blog post=) Lie! However, now my wife and I raise 2 beautiful kids and we teach them that "share is fun". As you know, in order to show best example for kids you need to follow your own words. Let's get it started!

   I have a lot of material to share in my blog. I will try to write frequently, at least 2 times a week. I am going to cover different things:

  • my experience of passing Security+, CEH, OSCP, OSWP, OSCE, SANS GXPN. Also I hope to achieve SANS GREM and SLAE this year, so probably I will cover them too.
  • talk about Info Sec books, blogs and other resource I use to broad my knowledge. Unfortunately, there is not too much really good resources and books, so I will try to cover them.
  • describe interesting stuff that I face during my way in Info Sec. I am not going to copy/paste excellent materials from Corelan, fuzzy security and etc, but I am going to explain moments that was not clear for me during reading and I spent some time to research it.
  • create series of articles regarding Linux exploitation and some other things that is not clearly described in the Internet. Before starting something like this I will examine carefully available resources in order not to reinvent a wheel.

My main goal for this blog is to make it unique, interesting to read and valuable for different folks in Info Sec field.