Wednesday, March 30, 2011

New Website!!!!


We are excited to announce the launch of our new website GetCertified4Less.com. The new site has updated graphics and easier navigation. The old site, GetCertify4Less is still up, running and available for your voucher needs  Please check out the new site and let us know what you think.

Thanks!
                                               The GC4L Team

Friday, March 25, 2011

IT Certifications Grow in Hiring Importance: CompTIA Report


Downers Grove, IL. - Employers are inclined to rely more heavily on professional certifications when hiring information technology workers, but are challenged by credential evaluation and validation issues, research from CompTIA, the nonprofit trade association for the IT industry, reveals.

Professional certifications are already viewed by hiring managers as a high-value validation of IT skills. The CompTIA study suggests certifications will grow in importance as organizations seek to fill tech jobs.

Among IT hiring managers, nearly two-thirds (64 percent) rate IT certifications as having extremely high or high value in validating skills and expertise. Eight in 10 human resources professionals surveyed believe IT certifications will grow in usefulness and importance over the next two years.

But employers also expressed concerns about some aspects of using IT certifications in the hiring process. There is a perception among some hiring IT managers that the HR department does not have a solid understanding of IT certifications. Some firms also said verifying a job candidate’s credentials can be a challenge due to the time involved — cited by 44 percent of hiring IT managers — and effort required (38 percent).

“The value of certifications can be enhanced in a numbers of ways,” said Tim Herbert, vice president of research for CompTIA. “Stronger links with education, easier methods of verification, greater understanding of what IT certifications can and cannot do, and more organizational support for certifications as part of a professional development program all would be positive steps in this direction.”

Nearly 1,700 business, HR and IT executives participated in the survey, designed to gain insight into how they evaluate job candidates, the role of IT certifications in the hiring process and how organizations support professionals’ development.

Experience, track record and accomplishments rank as the most important factors when evaluating job candidates, according to the study. Education and credentials such as certifications also rank high. For example, 86 percent of hiring managers indicate IT certifications are a high or medium priority during the candidate evaluation process.

“From the employer’s perspective, top benefits of IT certification are validation of an individual’s ability to understand new or complex technologies, higher productivity and more insightful problem solving,” said Herbert.

The study suggests that certifications will become even more important as employers struggle to find individuals to fill job openings. Roughly 8 in 10 HR executives in the United States said it’s challenging to find the right candidate with the right skill set to fill their openings. Many IT managers in the study share a similar view. For certain positions, the pool of available talent is not as deep as they would like it to be.

“Now more than ever, there’s little margin for error for making a bad hire,” Herbert said. “In an environment of needing to do more with less, organizations cannot afford the time and cost of bringing on a new employee who cannot contribute immediately.”

The CompTIA study, “Employer Perception of IT Training and Certification” is the result of two separate online surveys — the first to 1,385 business and IT executives that made a recent IT hiring decision in the United States, United Kingdom and South Africa, and the second to 300 HR professionals in the U.S.

Visit GetCertify4Less or our new site GetCertified4Less to save on your ITcertification 

Tuesday, March 15, 2011

Security+ Exam Objectives 5.5

5.5 Explain core concepts of public key cryptography.

PKI is widely used system in today’s world as a means to provide for information about what should and shouldn’t happen, which standards need to be applied and complied, but PKI is not a product and therefore does not involve information about what type of algorithms or technologies to use. Instead many see it as a blueprint for how things should be.

  • Public Key Infrastructure (PKI) – PKI is a subset of asymmetric cryptography and is also used to deploy asymmetric cryptography as well as hashing, symmetric cryptography, and certificates to create a secure method of communication. When it comes to PKI, certificates are most commonly used.
  • Recovery agent – A recovery agent is the person who is given a public key certificate for recovering user data that is encrypted. This is the most common type of recovery policy used in PKI.
  •   Public key – Asymmetric key. It uses a public and a private key. Each key is related, but having the public key doesn’t allow for the private key to be generated, which makes it secure and protected.
  •   Private keys – Symmetric key. A single-shared encryption key to both encrypt and decrypt the dat.
  •    Certificate Authority (CA) – The CA is the entity that issues digital certificates. Often times the CA is a trusted third-party
  • Registration – Registration is how one obtains a PKI. It involves a CA and specific steps to ensure the PKI is secure.
  • Key escrow – Key escrow involves an arrangement in which keys required to decrypt information are put in escrow so that in certain instances, an authorized third party can get access to the keys.
  • Certificate Revocation List (CRL) – CRL involves revoking a certificate before it expires. This involves the CA knowing when certain certificates need to be revoked. Often times this happens when a private key becomes known. Any owner of a certificate can ask to have it revoked at anytime as well.
  • Trust models – There are several different trust models used when it comes to PKI. Many times a simple trust model is used; however, when the PKI implementation needs to get bigger, so does the trust model. Some of the most commonly used models are hierarchal, bridge, mesh, and hybrid.

Visit GetCertify4Less or our new site GetCertified4Less to save on your Security+ certification

Thursday, March 10, 2011

Security+ Exam Objectives 5.4

5.4 Explain and implement protocols.

Section 5.4 is all about knowing specific cryptographic protocols, how they are used, what they do, and the downfalls as well as the positives of each one. It’s important to know how they are implemented and what they are best used for.

  • SSL/TLS – Secure Sockets Layer (SSL) is often used to create a secure connection between two TCP machines. As a protocol, it utilizes the handshake method of session establishment. Usually when using SSL a connection is requested from the PC to the server, a secure connect is needed by the server to the PC, the PC offers its security capabilities, the server accepts and a secure connection is set up.

Transport Layer Security (TLS) expands SSL and some believe it may even replace SSL in due time. With TLS a session is established, there is a key-exchange, and then a TLS session is established.

  •  S/MIME – Secure Multipurpose Internet Mail Extensions (S/MIME) is used for the encryption of email using signature data and has become one of the most widely used and supported protocols. It uses PKCS #7 and provides for integrity, encryption, and authentication as needed.
  •    PPTP – Point to point tunneling protocol (PPTP) involves encrypting the point-to-point protocol packets (PPP) that are encapsulated in a single point-to-point environment. The negotiation is done out in the open which leaves it open to various attacks such as packet capturing.
  •    HTTP vs. HTTPS vs. SHTTP – HHTPS is simply HTTP secured.
  •  L2TP – Layer 2 Tunneling Protocol (L2TP) is a creation of Microsoft and Cisco products combined into one protocol that is used for point-to-point. It is a hybrid of both PPTP and L2F and can be used in IPX, SNA, and IP networks alongside with the common TCP/IP networks. However, L2TP does not provide for any type of data security because the data is not encrypted. To fix this, IPSEC is often used.
  • IPSEC – IP Security (IPSEC) is slowly becoming the basis for protocols that allow for authentication, encryption, and integrity over IP. It is often used with VPNs as well as L2TP and others.
  • SSH – Secure Shell (SSH) is a tunneling protocol that originated on Unix systems but can now be used across all common environments (Unix & Windows.) the handshake process is very similar to that of SSL but SSH is mostly used for interactive terminal sessions. The connection process takes place in two separate phases the first being the negotiation for the channel connection and the second is using the secure channel to create the connection.

Visit GetCertify4Less or our new site GetCertified4Less to save on your Security+ certification

Tuesday, March 08, 2011

Security+ Exam objectives 5.3

5.3 Explain basic encryption concepts and map various algorithms to appropriate applications.

Section 5.3 is all about knowing and being able to differentiate between asymmetric and symmetric cryptography systems and hashing algorithms.  

  • DES – Data Encryption Standard (DES) is a block cipher that uses shared secret encryption. It has been widely used throughout the world, but today use of DES has declined because it only uses a 56-bit key size, which today is seen as too small, therefore not as secure as long bit key sizes available today. DES was and still is prone to brute force attacks.
  • 3DES – Triple DES (3DES) is a block cipher which uses DES three times per each data block. 3DES was created to better secure the old 56-key bit offered by DES. Its basic purpose was to increase the DES key size to protect against brute force attacks. 3DES allows for higher protection without the need for an entirely new block cipher algorithm.
  •    RSA – RSA, standing for Rivest, Shamir and Adleman, is a public-key cryptography algorithm that is used for encryption as well as signing. It stands as a huge advancement in asymmetric key cryptography. Today RSA is popularly used on e-commerce websites and is secure due to its long keys.
  •   PGP – Pretty good privacy (PGP) is used for email security and is similar to S/MIME. It was developed in 1991 and is used when sending secured-private email. PGP uses RSA and makes use of digital signatures. A PGP user can send an email to a PGP or non-PGP user. The receiver, no matter a PGP user or not, can read the message, but a PGP user has the extra ability to verify and authenticate the message through the digital signature.
  • Elliptic curve – The elliptic curve is another type of cryptography that can be used with any sized key, much like RSA. When using the elliptic curve, the encryption is said to be about half the size of a key. For instance a 256-bit key would have an encryption of about 128 bits.
  • AES – Advanced Encryption Standard (AES) is a specialization of the Rijndael cipher with a 128-bit cipher block. AES cipher blocks can be identified by their bit key lengths, for example AES-128, AES-256 and so on.
  • AES256 – AES256 is the maximum length often used and is said to be secure.
  • One time pad – One time pads are said to be the perfect way to encrypt information but are known for their impracticality. One time pads involve the use of a stream of random characters which are then securely distributed between the sender and the receiver of the information. The stream sent (the one time pad) has to be the same size as the stream that has to be encrypted.  To send, the plain text is combined with the one time pad which then generates cipher text. For the recipient to see the plain text, the entire process is reversed.
  • Transmission encryption (WEP TKIP, etc) – WEP and TKIP were created to protect IEEE 802.11 WiFi traffic. WEP has often been a target of attacks due to its severe weaknesses. On the other hand, TKIP has become a part of the Wi-Fi Protected Access (WPA) protocol and is well known for its securities and success. TKIP encrypts each data packet with a different key, utilizing the key mixing functions.

Visit GetCertify4Less or our new site GetCertified4Less to save on your Security+ certification

Thursday, March 03, 2011

Security+ Exam objectives 5.2

5.2 Explain basic hashing concepts.

Section 5.2 is all about the various types of hashes used today to provide for a unique identifier to be created, such as a hash, hash value, checksum, message authentication code, fingerprint, and others. You’ll of course want to know what a hash is, what it is used for, and how it provides an extra layer of security. Know that a hash is used to detect violations of integrity that may happen along the data transfer.

  •  SHA – Secure Hash Algorithm better known as SHA is used to ensure a message’s integrity. It is a one-way hash with a hash value of 160-bits that is often used with an encryption protocol. SHA-2 is a popular hash today but there are four standards of the hash that are used.
  • MD5 – A part of the Message Digest Algorithm (MDA), MD5 creates a hash value, is a one-way hash, and is also used for integrity purposes.
  • LANMAN – LANMAN is sometimes known as LM or LAN Manager, was used as a legacy storage mechanism. It was created by Microsoft to store passwords but today is completely obsolete as it was replaced by NTLM on Windows NT 4.0. It is not advised to use LANMAN on current OS.
  • NTLM – NTLM offers two different versions. NTLM v1 is used as a challenge-response protocol that uses a server-issued random challenge alongside with a user’s password to create two responses that are sent back to the server. NTLM v1 utilizes the LM and MD4 hashes throughout the process. NTLM v2 is said to be more complex because it uses the MD5 hash. Each version creates a nonreversible hash-like result which is highly secure. NTLM relies on the length of the password for even more security.
 Visit GetCertify4Less or our new site GetCertified4Less to save on your Security+ certification.
 

    Tuesday, March 01, 2011

    Security+ Exam objectives 5.1

    5.0 Cryptography

    5.1 Explain general cryptography concepts.

    Section 5.1 merely involves you understanding some of the key concepts you’ll often hear when talking about cryptography, which is basically the practice of secret communications for security purposes. All of these terms are needed for you to truly comprehend how cryptography works, its methods, and why it’s an important part of security.

    • Key management – Key management involves using, distributing, storing, controlling and protecting cryptographic keys. Key management requires that a key be stored and shared securely, long enough to provide the necessary level of protection, destroyed properly when no longer needed, and so on. There are many different ways to do key management, from centralized to decentralized, and others.
    • Steganography – Steganography is simply when one type of communication is hidden within another type of community. Something embedding a text file in an audio file is steganography.  Hidden text inside of graphics is another common form of this technology.
    • Symmetric key – Also known as a private key or secret key, a symmetric key utilizes a single-shared encryption key to both encrypt and decrypt the data and is known for its speed and strength. When this type of key is uses to encrypt and decrypt a hard drive, the user is the only one with possession to the key. When it is used between two people sharing information, each user has possession of the key. Think of SSL when thinking of symmetric key. The user will send the key encrypted along with data, once the data is sent the other user is able to decrypt it.
    • Asymmetric key – Sometimes referred to as public key cryptography. It uses a public and a private key. Each key is related, but having the public key doesn’t allow for the private key to be generated, which makes it secure and protected. Each partner within the given communication has to have a pair of keys, both a public and private key. The private key must always be kept secure and the public key can be distributed openly without security concerns.
    • Confidentiality – Confidentiality is needed to protect the secrecy of data, resources, information, and so on. It is used to minimize, if not prevent any type of access to data that is no authorized. It is used to ensure that no one else but the intended reader is able to view sent information. It allows authorized used to see, read, use, etc. certain files and data and keeps unauthorized users out.
    • Integrity and availability – Integrity involves a system’s ability to not only ensure but prove 100% that information being sent is not modified. If the data is modified, it is only done so through proper approval.Availability involves the ability to offer and provide data to specific approved users. It’s known as the reverse part of confidentiality but is also an important piece to proper integrity.
    • Non-repudiation – Non-repudiation is used to prevent a sender of a message from denying that it was that specific user who sent it. It is used in both symmetric and asymmetric key.
    • Comparative strength of algorithms – When it comes to algorithms, the comparative strength is based on key length and work factor. Work factor is a measurement of the amount of effort and time needed for a successful brute force attack. Of course, larger work factor algorithms are said to be stronger and vice versa. This measurement isn’t based on numbers alone, but things such as the amount of computers needed, keyspace, the speed of the attack, and so on.
    • Digital signatures – A digital signature is used to prove that a message was sent from a specific user and that the message was not changed along the way. They are used electronically, often times in emails and documents, to provide for integrity as well as non-repudiation.

    • Whole disk encryption – Whole disk encryption is pretty self-explanatory. It is when the entire hard drive is encrypted. This is often done through encrypting specific hard drive volumes that include the operating system data.
    • Trusted Platform Module (TPM) – Trusted platform module is a specification for a cryptoprocessor and a chip used in the mainboard that supports the cryptoprocessor. The TMP chip is needed to store and process the keys for the implemented encryption system. When whole disk-TMP encryption is used, the user must have a password or USB token device to authenticate access which then allows the chip to release the keys into the computer’s memory.
    • Single vs. Dual sided certificates – Single or one-way certificate exchange occurs when only one party provides a proof of identity. Think about the internet and SSL encryption when using a website that allows a user to purchase an item online. E-commerce uses single-sided certificates.Dual sided certificates, also known as mutual and two-way exchange requires that each side provide a certificate for proof of identity. This is a much more reliable and secure method, as it is not prone to man-in-the-middle attacks.
    • Use of proven technologies – Obviously, when any company or business is looking to implement security technology, they want to use the things that are not only proven, but the most recent. It’s vital to use technologies that have proven to be successful for a long time period. Without proper security, data can be compromised and outside attacks can be successful.
     Visit GetCertify4Less or our new site GetCertified4Less to save on your Security+ certification.