Sunday 27 January 2013
Saturday 26 January 2013
How I passed my CISSP - Tips
As you might have already heard that CISSP is one of the toughest certifications out there.... YES it is!!
Well I am going to share a few tips which helped me pass my exam..
1. Make a plan!
Yes, a plan/schedule for your preparation is ideal way to start. I would recommend planning for 30-60 days study schedule depending on your priorities and free time available.
2. Book a test date!
As CISSP is now available in CBT (computer based test) format, it is more flexible option and one no more has to wait long to take the test. Booking a test date will set a goal in your mind and will help you get serious on your preparations.
3. Tackle distractions!
Yes, we all have busy life. However, this exam needs some serious preparation and you should dedicate time sincerely. Share your plans with friends and family and make them aware that you might not be available for some time.
4. No easy way out!
This point makes this exam stand out from other common certifications. There are no dumps available on internet which would be similar to real exam. There is no way you can pass using any dumps or question bank. So, my advice - get your concepts clear. Although you can use practice tests like cccure.org which are good at evaluating your domain knowledge but make sure you study from atleast two sources and get your concepts right.
5. Exam day!
This one is a marathon. Few of the questions are so tricky that they not only test your knowledge on security domains but also test your mental agility. So stay focused, take regular short breaks. Get refreshed and attack the questions!
Good luck!!
Well I am going to share a few tips which helped me pass my exam..
1. Make a plan!
Yes, a plan/schedule for your preparation is ideal way to start. I would recommend planning for 30-60 days study schedule depending on your priorities and free time available.
2. Book a test date!
As CISSP is now available in CBT (computer based test) format, it is more flexible option and one no more has to wait long to take the test. Booking a test date will set a goal in your mind and will help you get serious on your preparations.
3. Tackle distractions!
Yes, we all have busy life. However, this exam needs some serious preparation and you should dedicate time sincerely. Share your plans with friends and family and make them aware that you might not be available for some time.
4. No easy way out!
This point makes this exam stand out from other common certifications. There are no dumps available on internet which would be similar to real exam. There is no way you can pass using any dumps or question bank. So, my advice - get your concepts clear. Although you can use practice tests like cccure.org which are good at evaluating your domain knowledge but make sure you study from atleast two sources and get your concepts right.
5. Exam day!
This one is a marathon. Few of the questions are so tricky that they not only test your knowledge on security domains but also test your mental agility. So stay focused, take regular short breaks. Get refreshed and attack the questions!
Good luck!!
Thursday 24 January 2013
Running Nessus 5.0 in offline update mode
You might have come across situations where there is no internet access available to your Nessus scanner and you were unable to bring it up. Most of you might run into issues while installing nessus in offline mode as it is not straight forward. Unfortunately even tenable security does not have "enough" or "complete" documentation for installing nessus in offline mode.
My guide will help you install your license without any hassles. The steps I use will work on any operating system. However, the commands and syntax are specific to Linux operating system (Backtrack 5). You can change the commands according to your operating system but the logically flow remains the same. OK here we go!
Please note this is a logical flow. So make sure you follow all these six steps in their order.
Step 1: Reset Nessus configuration on your machine
We have to reset all the configurations and settings of Nessus. This step will reset nessus instance on your machine to factory install by removing any old license or configuration information.
Stop the Nessus server using any of the following command:
/sbin/service nessusd stop
or
/etc/init.d/nessusd stop
Now let us reset the Nessus license and configuration on your local system:
# /opt/nessus/sbin/nessus-update-plugins all-2.0.tar.gz
My guide will help you install your license without any hassles. The steps I use will work on any operating system. However, the commands and syntax are specific to Linux operating system (Backtrack 5). You can change the commands according to your operating system but the logically flow remains the same. OK here we go!
Please note this is a logical flow. So make sure you follow all these six steps in their order.
Step 1: Reset Nessus configuration on your machine
We have to reset all the configurations and settings of Nessus. This step will reset nessus instance on your machine to factory install by removing any old license or configuration information.
Stop the Nessus server using any of the following command:
/sbin/service nessusd stop
or
/etc/init.d/nessusd stop
Now let us reset the Nessus license and configuration on your local system:
Command:
cd /opt/nessus/sbin
./nessus-fix
--reset
Enter "Y" when prompted for confirmation.
Step 2: Download and copy the necessary registration and plugin files.
Now we have to download the registration file (nessus-fetch.rc) to register your license offline and latest plugin updates file (all-2.0.tar.gz).
run command:
# /opt/nessus/bin/nessus-fetch --challenge
This will
produce a string called “challenge” that looks like the following:
569ccd9ac72ab3a62a3115a945ef8e710c0d73b8
Next, go to https://plugins.nessus.org/offline.php
and copy and paste the “challenge” string as well as the Activation Code that
you received previously into the appropriate text boxes.
This will produce a custom URL that can be used to
download the latest Nessus plugin feed (all-2.0.tar.gz) along with a link to
the nessus-fetch.rc file at the bottom of the screen.
Note: Save this URL because you will use it every time
you update your plugins, as decribed in the next section.
Copy the nessus-fetch.rc file to the host running Nessus
in the following directory:
/opt/nessus/etc/nessus/
Not let us register the scanner in offline mode: run the following command.
cd /opt/nessus/etc/nessus
nessus-fetch --register-offline nessus-fetch.rc
You will receive a message output stating registration was successful.
Step 3: Obtain and install latest plugins
Perform this step each time you perform an offline update
of your plugins.
To obtain the newest plugins, go to the URL that was
provided in the previous step, download the file named “all-2.0.tar.gz” and
save it in the directory /opt/nessus/sbin/. To install the plugins, perform the
following command:
# /opt/nessus/sbin/nessus-update-plugins all-2.0.tar.gz
Step 4: Create an admin user
Let us create a user which will be used to login to GUI and manager nessus.
command:
nessus-adduser
Follow the instructions and create a admin user.
Step 5: Rebuild the installed plugins
Run the following command to rebuild the plugins on your system:
#/opt/nessus/sbin/nessusd -R
This usually takes time.... So please have some patience.
Step 6: Start the nessus server
Start your nessus server and try to login using a browser
https://127.0.0.1:8834
use the credentials you created in Step 4 and login.
Good luck!!!
Subscribe to:
Posts (Atom)