CISSP Quest: The Lab

I am realizing that rote memorization of CISSP concepts will not be sufficient for the exam. Bug Lab

I have started to develop a modest lab using a small budget and a couple laptops.

There an old POS Dell Inspiron laptop (in shocking orange) with a Core Duo, not very useful for most things, but it can at least run Ubuntu 14.

Here I have a small list of standard apps:

  • Ettercap
  • Zenmap

And other scanning tools.

Next, a slightly more capable AMD Quad Core, a Signature Laptop from Microsoft. A Dell Inspiron 5555. It’s not a power-house but should be sufficient to run VMWare Workstation 12 (which I decided was important so I broke down and purchased a full version).Penny Dreadful

I’ll be working this week to install a VM with Kali Linux and hopefully a network using Microsoft Server 2012 domain controller, maybe Exchange, and some other workstations.

I see that most of what I will learn will be from doing stuff to a network, safe from the wiles of the internet but typical of real-world situations.

Halting steps in the right direction; I’m actually looking forward to it.

Peace

I cannot believe once again terror has occurred in France.

I drove to work, and NPR One reported a trucker plowed into crowds celebrating Bastille Day with fireworks (much as people in my country had just 10 days ago). He killed 84 people, driving about 1 milDovee before police could gun him down.

We were still reeling from news about another racially-charged incident of shooting violence, and of the devastating news from Dallas, TX where five police officers were fatally shot.

In the fundamentalism of my past, my leaders would grandstand and earnestly implore us that these were “Signs of the End Times”, that “Jesus was coming, soon”.

What can happen is we confuse our empathy with attachment; there is a difference. We feel empathy, and quite appropriately say things like “Je suis Charlie” or “Nous Sommes unis“, when responding to these events. As we are connected to all humanity we feel such deep sympathy that indeed we identify with those victims.

It’s another thing to somehow make the tragic about you are about your personal narrative. To sanction your hateful agenda through someone else’s tragedy.  Many want to barre foreigners from my country whom they fear for religious reasons. I fear many will simply make this about “The War on Terror” or “War Against Radical Islam”, and seek revenge, rather than justice, reconciliation . . . and peace.

I simply pray for God to change our hearts, and remove from us the violence and hatred that drives us to make everyone our enemy.

When Christian Music Works

ChurchA miracle happened; I woke up early and worked out at my local Gold’s. It was just 35 minutes on the elliptical but it was something, and I felt great.

The gym naturally pipes in some obnoxious pop while the big-screens shill Fox News or MSNBC.

Staying focused means, for me, a pair of Bluetooth headphones and something wholly other.

This morning, it was the music of Chris Tomlin. “Our God” was especially nice to hear.

On balance, I have had an extremely difficult time coming up with names who consistently write good Christian music.

My years in the Cult were filled with 90’s-era “CCM”; most of that music is pretty lousy. It aged badly and was never very high-caliber work to begin with.

It always depressed me that such maudlin, childish themes worked into banal lyrics with the feeble prosody of mediocre harmonic content . . . just bad songwriting.

It caused me to wonder; whatever happened to Hildegard van Bingen? To Handel? Bach? Musicians who cared deeply about what they wrote, whose work reflected an inner working of the Holy Spirit (or at least had a high degree of sincerity)?Hildegard van Bingen Music so good, so enduring, one need not be a person of faith to find its meaning. Neil Degrasse Tyson (a skeptic who is far too cool to carry some tribal club card) acknowledged one of his favorite works to be Handel’s “Messiah”.

In those occasions my Wife joined me at church, those “Contemporary” worship services and their simpering pop made her cringe. The traditional services with hymnody, on the other hand, inspired her to sing. She may not be a regular attendee but she does enjoy working with the choir on special occasions when the music director (a coworker of hers) selects some amazing works from Mendelssohn, John Rutter, Eric Whiteacre or John Tavener. Compositions rich with art, superior production sensibilities, complex arrangements, and meaningful libretti. Not watered down theology for those with an 8th-Grade acumen and intense fear of sophistication.

The problems I have seen with so much Contemporary Praise and Worship, all too often, are the motives for writing these songs in the first place. First and foremost, make ME feel good. Otherwise, I’ll simply conclude God never showed up, and I was ripped off.

Frank Schaeffer (the son of evangelical author Francis Schaeffer), wrote in his book “Addicted to Mediocrity: Contemporary Christians and the Arts”:

“Any group that willingly or unconsciously side-steps creativity and human expression gives up their effective role in the society in which they live. In Christian terms, their ability to be the salt of that society is greatly diminished” (24).

In the years I spent in an evangelical extremist cult, among those things that we renounced, was the arts. It was a great poverty, the dearth of good music. It left my soul bare and I feel made me a much weaker witness. After all, what could I have shown the world as an example of what was so great about the Church? Certainly not the mediocre pablum we called music.

That is why, every once in a while, a nice piece from somebody in the faith, like Chris Tomlin, Paul Baloche, Kari Jobe, Plumb, Bob Bennet, Phil Keaggy, Michael Card, Matt Maher or John Michael Talbot, can be so incredibly uplifting. In a dry and thirsty land, they can truly bring living water!

The Music Geek: I Sold My iPad Mini to Gazelle

Microsoft Surface Pro 4
Microsoft Surface Pro 4
I have been an early adopter of the Microsoft Surface Pro 4.

October 2015 was early in my Masters program at Strayer, and the SP4 was new.

Truthfully, there were issues. The unit could run quite hot, and frequently blue-screened.

Microsoft kept pushing firmware updates, and their customer service was extremely helpful as they helped me reset the device and rebuild the OS.

Finally, earlier this year, the replaced the unit for me altogether. The tech at the Microsoft Store did a baseline install with fresh drivers and of course with the hardware being brand new, this has turned out to be the panacea for my Surface.

I have been a musician since my childhood. These days I’ve decided that I will not be playing out much, and most of the music I play and create is in my home studio.

I had been using an iPad Mini 2, Retina, for supplemental keyboard sounds and for digital recording.

I found I was using the iPad less and less in favor of a Mac Mini for the lion share of recording (I use Ableton Live 9, Komplete 10, Korg Legacy synths and occasionally guitar plugins like Amplitube 4 replete with the Mesa Boogie Collection).

With the Surface, the Intel i5 and a respectable amount of SSD (256GB), I could use Live 9 and a handful of Komplete synths on the Surface, with room for Amplitube 4. Besides, the Pen can be very handy for controlling some things, even if I don’t happen to have my Push 2 with me.

The iPad became obsolete rather quickly; I sold it to Gazelle.

Honestly, it was likely going to be hobbled by iOS 10 anyway, and with a paltry 16GB of storage, I could not fit the apps I liked. And when some of my favorite synths for iPad (Waldorf Nave, PPG, and Sunrizer) came out with AU plugins, those quickly found their way to my Mac.

I had designs on upgrading my iPad, but frankly, I don’t see it anymore.

As for stage (a rare occasion when I’ll be performing in public), I could use the Mac Mini (I have it contained in a very cool rack-mounted configuration) and a nice controller (Komplete Kontrol S49 or my Korg Krome 88, or both). But with the Surface Pro Dock, a Native Instruments Komplete Audio 6 and the Surface Pro 4, I’m not sure I’ll need to bring my entire studio rig!

The Surface would not likely replace my desktop Mac Mini but it has certainly replaced any laptops or tablets I have used previously.

In truth, if I was not leary about Microsoft’s Nokia moves, I’d replace my iPhone also. Frankly I’m tempted!

CISSP Quest: “I’m Gonna Need Some Time”

Eva Green as Vanessa Ives in Penny Dreadful (season 3, episode 2). - Photo: Jonathan Hession/SHOWTIME - Photo ID: PennyDreadful_302_1845
Eva Green as Vanessa Ives in Penny Dreadful (season 3, episode 2). – Photo: Jonathan Hession/SHOWTIME – Photo ID: PennyDreadful_302_1845
The course is behind me, and I did well.

Preparing for the exam? That’s another matter.

I will be sitting down this evening to another practice exam. I can see that these are critical and that they require the requisite gravitas and a quiet place to think.

The more you do, the repetition and practical application continue to sink in.

But not in a mere month, or even a mere quarter at school.

I’ll be at this for a while.

**

With the course being over I was able to catch up on what has been the final season of “Penny Dreadful”. Sorry to see them go, but I agree with writer John Logan they had to bring this to a close.

There are things I need to wrap up as well; stuff that was once so important.

I want to orient my life toward things that matter.

But the chill time with Vanessa Ives and company was a good tonic for the spirit.

CISSP Quest: of Weightier Matters

sorrow

I had my nose to the grindstone over the weekend, particularly Sunday.

I had been working on a term paper to which I had devoted time in research, drafts and revision. I had the sense that the paper was not going well enough. I had to spend less time with family, and at times I could be a bit churlish to my loved ones.

I missed church Sunday morning, and was not following the days’ events.

It was while at a birthday party for one of my son’s friends that I heard about the mass shooting in Orlando.

As the news has poured in, it was clear that there were matters of grave import that befell this day.

Such an astonishing last few years with mass shootings and stories of hatred, disenfranchisement and terror. All of those come to a dreadful head when contemplating 50 souls perished in Orlando.

My term paper got done; such as it is. I still wonder if I could have written a stronger argument for my premise, added more support to my proposals. So foolish; I had wasted so much mental energy and in my stress been unkind to my loving family.

I’m sure I’ll always remember “When those people were killed at the Prism nightclub I was sweating out a term paper”; I’ll always wonder “Why did I care so much about something almost trivial by comparison?”

I don’t feel guilty for working hard on my courses or on bettering myself. I feel sad for having just a brief moment of frustration or exasperation with my loved ones while working on this thing which, on balance, was nothing compared to the humanity and sorrow which attended Sunday’s awful news. In that moment, I also let myself down and forgot who Jesus wants me to be, and I pray is helping me in becoming.

There’s never a good excuse to not act in loving ways to a spouse and child, who support me and my quest to be a better Dad and to finish school before I’m 50.

There is never a day when humanity does not march on outside your meager environs, your comfortable shell. Beyond our cushy existence, humanity exists.

There’s never a moment more important than right now.

**

My CISSP quest is almost over, and I have finals and about 600 questions worth of practice exams to go over in ensuing weeks. I’m proud of how far I’ve come but have no intention of resting on any plastic laurels; I’ve not earned that brass ring yet.

Redwine Project: Final Pieces

New Pickups Installed: Dimarzio Crunch Lab and Liquifire
New Pickups Installed: Dimarzio Crunch Lab and Liquifire

Finally nearing the end of this project!

I have completed most of the recording for a piece I have dedicated to my son, Connor. My foray into the “Power Ballad”. May not seem very “Prog” but it came from the heart and I’m excited to have it as a capstone for the project.

At least one more “throwback” piece which Paul and I wrote in the 1980’s is going to get the modern “30th Anniversary” treatment as well.

I have upgraded the pickups in my beloved Ibanez Prestige RG3727 guitar; new Dimarzio Crunch Lab and Liquifire. A popular combination from the “John Petrucci School of Tone”, they are precisely what that guitar needed. With increased output and definition, they have made a great guitar even better.

Don’t forget you can listen to an advance track, “Sleepless“, a 1987 song given the 30th Anniversary redux.

CISSP Quest, Week 7: Everything is a Target

The SANS Stormcast identified a vulnerability found in iOS 9.3.2 (which Apple patched on May 16th). Attackers demonstrated that they could use Siri to access a device’s passcode on images.

An interesting read I recommend from the Washington Post; “the Threatened Net: How the Web Became a Perilous Place” by Craig Timberg.

 AdobeStock_97830788_WM

What I came appreciate this week; everything is a target.

This has been made especially clear to me in this day and age of the much-ballyhooed Internet of Things (IoT).

Teddy Bears, Jeep Cherokees, Nanny Cams . . . anything is an attack surface. Plug in a search using Shodan and you can find any of a number of nodes that comprise the vast network of The Internet of Things.

Control Stations for wind turbines, license plate readers, cameras, are cataloged at Shodan. This means that if you are a company who has an online monitor, you can see who your customers are and how they use your service.

Shodan can help you secure your IoT device; from what I’ve read, when it comes to hardening IoT, we need all the help we can get.

Ask analysts like Forrester and they’ll tell you we have a long way to go to secure IoT.

In Timberg’s book for WaPo, there were reports on the importance of Linux in IoT. Linux’s founder, Linus Torvalds, has been accused of taking a dismisive tone when it comes to building security into the kernel.

Perhaps Torvalds is simply taking the view that security is an ancillary concern to building robust capabilities into Linux; security should instead be built into whatever form Linux takes in the application it supports.

Perhaps that was the tack adopted by the Linux Foundation in their proposal for a real-time operating system, Project Zephyr. Security will be baked in using TinyC Cryptography among other innovations.

IoT is being taken seriously in terms of its opportunity for being extremely lucritive. Now let’s see if CIOs and the Powers That Be will pay attention to security.

CISSP Quest Week 6: SPQR

I had once read that the much-ballyhooed “666” (used as plot devices in horror movies, such as “The Omen” to denote that somebody was “The Antichrist”) was an early example of 1st

http://www.cryptomuseum.com/crypto/caesar/img/302021/000/full.jpg
Caesar Cipher

Century Cryptography.

 

One interpretation is that 666 is cryptogram which translates to “Nero Caesar” or in essence, a reference to “Nero” who’s nickname was “The Beast”. Believe it or believe it not.

Cryptography traces it’s origins to the days of Caesar. Transposing each letter of the alphabet, the “Caesar Cipher” allowed the conveyance of secret messages for military intelligence.

Understanding today’s range of encryption requires a staggering amount of math and will be a challenging aspect of the CISSP exam.

Understanding math functions as the modulus had never been in my area of study. To somebody challenged in basic algebra, who detests accounting and finds statistics to be the bane of his existence, modulus seems intimidating.

Modulus can be used for example to deduce public key encryption for the Diffie-Hellman Key Exchange. Assuming, of course, this is important to the aspiring security professional.

I am now investigating the policies that concern protecting America’s infrastructure. Government bodies such as NIST are part of the ongoing effort to harden American Cybersecurity, which includes protecting the infrastructure.

CISSP Quest: Rebooted

The new page .  .  . reimagined! Suitable for framing!

Honestly, I don’t have enough time this quarter to thoroughly learn Dreamweaver, and decided not to renew with Squarespace. And though I thought I had all my old content backed up . . . er, I didn’t.

Not to despair. I’ll catch everyone up with the CISSP course, the music from the Redwine project and other assorted fruit flavors.

Looking forward to sharing and thanks for following.

IT Professional, Musician, Geek