From: G. Matthew Rice <[EMAIL PROTECTED]> > Agreed. I only managed to map to 5 of the CISSP topics. > And one or two were pretty light coverage.
In my 2004 post, you'll note I had one (1) of the seven (7) domains of the SSCP CBK at only 5%, while one (1) was 30%, etc... My greater point was that virtually everything I listed filled into the seven (7). > Umm, we are covering some network security topics, too. > OpenVPN, IDS, monitoring, scanning and hardening of > important network services. Network "services" _are_ system security. ;) Even Red Hat breaks it down like ... - 200/RHCT: System administration - 300/RHCE: System (RHCT) + _Service_ administration - 400/RHCA: Specialized service administration IDS is both a host and network concept -- integrity and access, respectively. System _and_ service security. By "network" I mean, "oh, how do I design a PKI?" That's the type of "architect/management" stuff that is covered more in the CISSP CBK, not the SSCP CBK. Again, I really went through this back in 2004, and don't post my views "on-a-whim." ;) > If you've got the time, take a look at the objectives > so far: > https://group.lpi.org/publicwiki/bin/view/Examdev/LPIC-303 > and send some suggestions on reformatting them. I'll do so the weekend (I've wasted 2 hours on this today, 2 hours I really didn't have, but that's my choice ;). I have 3 day weekends now, so I should be able to give it a few hours. Until then, be sure to note my initial, 2004 post: http://list.lpi.org/cgi-bin/mailman/private/lpi-examdev/2004-January/000158.html Oh hell, I'll re-post part of it below (see "=== BEGIN POST ==="). BTW, note Les' own response here from January 2004: ;) http://list.lpi.org/cgi-bin/mailman/private/lpi-examdev/2004-January/000163.html === BEGIN POST === [ NOTE: This is pre-SELinux/LSM ] o Mapping the 7 CBK Domains for the LPIC-3 Exam Most of the domains surround how to implement Confidentiality, Integrity and Availability (CIA). Keep that in mind so you do not go off-track when coming up with tasks. Also, we do not have to distribute the questions "evenly" across _all_ domains. E.g., a possible distribution could be: 5%/each: Administration, Cryptography 10%/each: Data Communications, Malicious Code 20%/each: Auditing and Monitoring; Risk, Response and Recovery 30%/each: Access Controls Note that actual _application_ tasks may be distributed over _multiple_ domains. 1. Access Controls (30%?) This could be the "guts" of the exam (maybe 30%?). I see several "sub-domains" (6 x 5% each?): Local Authentication: NSSwitch, PAM Local Authorization: RBAC (2.6 base + add-ons), Sudo Local FS Authorization: Sticky bit, setacls/getacls, noexec/suid Network Authentication: Kerberos, OpenLDAP, SASL Network Authorization; Apache, FTP, SSH Network FS Authorization: NFS, Samba, AFS Remember that this is a LPIC-3 exam, so we want to move beyond basic usage (e.g., chown/chmod, etc...). 2. Administration (5%?) This one I feel is very important, but _mega-overlooked_ in IT. Maybe it's because I'm an engineer who has worked in aerospace, semiconductor, software plus financial sysetms security. But "configuration management" principles _should_ go here. E.g., simply using "RCS" (ci/co/rlog/rcsdiff) to maintain configuration files on a system should be _known_ to _anyone_ doing sysadmin (let alone security). And there are other tools that should be used when maintaining a system to guarantee CIA from an pure administrative standpoint. Administration also tackles how to address roles and responsibilities, maybe some more RBAC concepts here -- although we want to stick with "tasks" and not the "concepts" like the SSCP. This might only be a 5% category overall. 3. Audit and Monitoring (20%?) Audit and Monitoring will cover both host and network logging and IDS. Like Access Controls, I see several sub-domains (4 x 5%?): Host Logging: Syslog implementation/log format Network App Logging: Apache/FTP/Samba other popular apps logs Host IDS: Tripwire and other "top-5" tools (one begins with "A") Network IDS: Snort, other "top-5" tools 4. Risk, Response and Recovery (20%?) This involves both assessment and safeguards. A bunch of sub-domains may include (4 x 5%?): Host Assessment: Bastille Linux, other top-5 "hardening" tools Network Assessment: Nessus and other top-5 "network scanning" tools Host Safeguards: New 2.6 Exec/other features, Jail/equivalents, Network Safeguards: IPTables, other top-5 firewalling tools 5. Crytography (5%?) MD5, GnuPG, SSH, SSL and other symmetric/asymmetric application configuration _basics_ and use details should go here. 6. Data Communications (10%?) Actual _implementation_ of data communciations, use of crypto (if any) and other security details of network applications (NFS, Samba, Apache, SSH), etc... should go here. 7. Malicious Code/Malware (10%?) Let's talk about actual, _real_ Linux exploits here. Ramen and other worms, exploits of portmapper, LPR and other security issues, etc... Some real "what-if" questions, and common tasks to advert them should go here. Based them on past CERT issues, among others. This might be a tad more "conceptual," but it _is_ specific to Linux and not general. Questions in #7 may be like those you'd see on a Sans Institute GIAC exam, and not so much the SSCP. We should put them under #7. -- Bryan J Smith Professional, Technical Annoyance [EMAIL PROTECTED] http://www.linkedin.com/in/bjsmith ------------------------------------------------------ I'm a PC, but Linux -- Windows: Life Without Firewalls _______________________________________________ lpi-examdev mailing list [email protected] http://list.lpi.org/cgi-bin/mailman/listinfo/lpi-examdev
