GSEC - Week 3

It has been a long hard road of studying for the upcoming GSEC recertification. I just finished a round of study, and tonight was exceptionally fun.

I'm on Module 4 of the GSEC curriculum, which is on Secure Communications. This is not new material, but I find it really fascinating to consider the inner workings of cryptography. Cryptography means "secret writing" and it's a method of hiding data in plain site by applying complex algorithms to existing data to obfuscate the original message. Most people don't know it, but every time you see "https" in the address bar of your web browser, you are employing encryption to hide things like credit card numbers from n'er-do-wells.

Of course, I couldn't begin to explain complex number theory. But the concepts are mind-blowing to me. Tonight a began looking into Virtual Private Networks, and while I work with these daily at work I like getting back to the basics of what exactly is going on when I configure a firewall to tunnel data from one site to another. More of this in the near future.

I've also looked briefly at security policies (the lynchpin of any security posture in corporate America) and I was glad I did, because jsut after my refresher I was contacted by a customer who was in the middle of an audit requiring security policies. I was able to draft some policies for them adn they put their own corporate spin on them and we got them through it. Now, those weren't the most thorough policies I've ever written, but they got the job done.

Another thing that I've been fascinated with again are penetration tests. The tools for this are outstanding, and a lot of people have put a lot of work into making these available. I hope to look at pentesting more after this exam is over and blog about my experiences there. I'm using VMWare Workstation and several different pre-built VM's expressly for pentest labs. Virtual Machines have made this so much easier than it was when I started in information security. Now instead of having a half dozen machines all running, I run one big machine with several virtual machines inside it. When I FUBAR one, I just click "restore to last snapshot" and the thing is right back where I started. Awesome technology.

At any rate, I'm off to bed. I have an episod of "Big Bang Theory" to watch with my lovely wife and I can't wait to relax a little. Tomorrow is hockey practice and I'm not feeling very well so I want to be rested before I have 20 5-year-olds all trying to catch "Coach Greg."