Security+: An Overview

After a semester of working 40 hours a week on top of taking 12 credits at school I felt very unproductive during the first few weeks over winter break. Since the need to "accomplish" something seemed overwhelming I decided to set some time aside to study for the Security+ certification, with the assumption of attempting the exam at the end of break. I did end up taking the exam and would like to share my overall experience.

Overview:

The Security+ certification covers a great deal of information ranging from general security concepts to organizational security. Below is a list of the official domains the exam covers:

• General Security Concepts
• Communication Security
• Infrastructure Security
• Basics of Cryptography
• Operational/Organizational Security

As stated on their website CompTIA recommends 2 years of Info Sec experience and the Network + certification as prerequisites for the certification.

Studying:

I knew a great deal about the concepts that would be covered on the exam, either from school or my work experience which was the reason I chose the self study method. I would recommend self study to just about everyone who meets the requirements but especially to poor college kids like me :-p.

To prepare I read over one book titled "All in One Security+ Certification Exam Guide" published by Osborne. I read each chapter once and then picked out a few I needed to reread to fully understand the concepts. These included the chapters on PKI, Remote Access protocols, Standards and Protocols which all had a vast amount of very detailed information. Upon my completion of the book I used the practice exam that came with it and the exam that came with my voucher to get a feel for what the test would actually be like. I passed the book test with flying colors on my first try but I was getting far below passing on the other test.

It was at this point I began to panic. I was scheduled to take my test in a week and here I was not even able to pass a practice test. After hours of researching the exam on Google I was convinced that the Security+ test was not well written and a horrible experience altogether. Despite the face I was very nervous for the test, I showed up on exam day.

The exam:

I personally found the Security+ exam to be very well written and I was able to understand each and every question I was asked. If you hear any reports saying that the test is confusing or anything like that disregard that information. As long as you are familiar with the information in the domains you will be able to pass this exam with no problems what so ever. As you might have guessed I passed the test first try w00t!

Conclusion:

Overall I learned a great deal from the preparation for this exam. I especially learned new things about PKI (Public Key Infrastructure) and different protocols such as PPTP, L2TP, and IPsec. Along with knowledge I also gained a great entry level certification into the Information Security field. Feel free to check out the Security+ website for more info.

Formatting A Hard Drive: The Real Way

Some of you might thing that after you click the "Empty Recycle Bin" button on your windows computer that the data you deleted is gone forever; this is not the case. You also might have been led to believe that reformatting your hard drive completely destroys all of your data; this is also not the case.

In reality all you are removing is the reference to your data on your hard drive, not the data itself. Since the data you meant to remove is still on your hard drive anyone with the correct tools could easily have access to it. There are hundreds of examples of where this might cause a problem but anyone who is selling or donating their computer hardware should defiantly be concerned.

In this situation it would be beneficial to have a tool that would completely overwrite all the data on your PC. One such tool that I have recently become familiar with is called DBAN short for "Darik's Boot and Nuke." This tool will allow you to boot from a CD and completely wipe your hard drive of any and all data. It works by writing random data over your hard drive hundreds of times which "prevents or thoroughly hinders all known techniques of hard disk forensic analysis."

Check out DBAN's website for more information: http://dban.sourceforge.net/

This software provides an easy way to be certain that selling or donating your old computer hardware will not result in identity theft. If you have any questions on using the software feel free to contact me.

First Blog Post Ever W00t!

So I just got this blog thing going today.

I'm not really sure what I am going to be posting just yet but it will most likely deal with any interesting things I find out about Information Security. I've noticed in the last month or so that just about every Information Security professional out there has a blog of some sort or another so I guess it would be beneficial for me to have one.