"Bryan J. Smith" <[EMAIL PROTECTED]> writes:
> Again, I think it's important that we map practical,
> real-world tasks down to the seven (7) domains in the
> system-level Common Book of Knowledge (CBK):
>
> 1. Access Controls
> 2. Administration
> 3. Audit and Monitoring
> 4. Risk, Response and Recovery
> 5. Crytography
> 6. Data Communications
> 7. Malicious Code/Malware
>
> So many security exams get tunnel-visioned on Access Controls and other
> things. Sure, the objectives could easily cover #1 for 1/3rd of the exam,
> but we should ensure all seven (7) domains are covered in the end.
In principal, I agree but I still don't want to cover ground already tackled
in the LPIC-1, LPIC-2 or LPIC-3 (aka the 301 exam) certs.
But I did look through your posts and stole lots of ideas. Thanks.
Let's deal with these areas one at a time, too. I'll be referring to some of
your emails (implicitly, not with citations :)).
1. Access Controls
In your list (nsswitch, PAM, sudo, sticky bits, etc) are covered in LPIC-2.
SELinux is the big new one, no? I did add a 'host based access control'
objective, though, based on Etienne's e-mail to keep everyone happy :)
Plus, we do have apparmor and smack on there, too.
2. Administration
To quote you:
"This one I feel is very important, but _mega-overlooked_ in IT."
And I can't agree more.
RCS, sure. What about puppet or cfengine, though?
I've added an objective for this. And picked puppet over cfengine. Complain
if anyone has a strong preference for cfengine.
I'm more prone to calling this 'configuration management'. However, that
could be confused with SCM.
3. Audit and Monitoring
Tripwire or AIDE? I don't think that we should cover both and AIDE looks
kinda dead. But I'm open to opinions. I picked tripwire for now.
I did add an objective on nagios, though. (I know they kinda mean something
else by monitoring but too bad :)).
I ignored the syslog part. snort kinda covers that plus, unless, we're going
to talk beyond the stock syslog, is there anything significantly more to say?
[oops spoke to soon, I did add an objective on syslog in the 1st draft. Now
we have to justify it :)]
4. Risk, Response and Recovery
The big ones are in here already: nessus and iptables.
Bastille has been poopoo-ed in some of the circles I've been getting feedback
from. My issue with it (for the cert) is that I'd rather see the underlying
hardening tasks explored instead of the hardening tool. To some extent, that
is the 'service hardening' topic. I know more could be added...
5. Crytography
Anything more to add than GPG and OpenSSL? I think that encrypted
filesystems has been shot down for now.
You also mentioned MD5...Is that worth a whole objective?
Plus, I love this paragraph from:
http://en.wikipedia.org/wiki/MD5
MD5 was designed by Ron Rivest in 1991 to replace an earlier hash
function, MD4. In 1996, a flaw was found with the design of MD5. While it
was not a clearly fatal weakness, cryptographers began recommending the
use of other algorithms, such as SHA-1 (which has since been found
vulnerable itself). In 2004, more serious flaws were discovered making
further use of the algorithm for security purposes questionable.[2][3] In
2007 a group of researchers including Arjen Lenstra described how to
create a pair of files that share the same MD5 checksum.[4]
6. Data Communications
7. Malicious Code/Malware
I think that ISC2 has reorganized their CBK. I can't find any current
references to these (in this form) in my books or online.
That's good, though, because a) I'm at a loss on how to turn #6 into useful
and testable objectives and #7 seems like a moving target that could get
stale fast.
Thanks, again. This has been a great posting from the past to revisit.
Regards,
--
g. matthew rice <[EMAIL PROTECTED]> starnix care, toronto, ontario, ca
phone: 647.722.5301 x242 gpg id: EF9AAD20
http://www.starnix.com professional linux services & products
_______________________________________________
lpi-examdev mailing list
[email protected]
http://list.lpi.org/cgi-bin/mailman/listinfo/lpi-examdev
