Book Review: “Cisco Firewall Video Mentor”
Any time you have a chance to learn the same information you would in a classroom for a fraction of the cost, you should take advantage of it. Additionally, if you can learn the same material but in less time than you would in the classroom, then you’d be foolish not to capitalize.
While there are plenty of books in the market about firewalls — most of which cover the same material you would in a classroom — they all suffer from the fact that they take longer to read and digest than if you just spent a few days listening to an instructor.
Enter Cisco Firewall Video Mentor. This product — you can’t really call it a book even though it has an ISBN and is sold as such — consists of 16 video vignettes on one DVD. Each snippet runs between 10 to 30 minutes and includes configuration tasks — such as setting up SSH access — and walks you through it. A small lab manual accompanies the DVD and includes the elements you’d expect to find in a training guide: scenario, steps, etc.
I was very impressed by the quality and content of the Cisco Firewall Video Mentor and hope to see this format utilized more often.
If Not Windows 7, Then What?
Microsoft is already making noise about Windows 7, the successor to Windows Vista due in late 2009 or early 2010. And while most IT departments that skip Vista will likely move from Windows XP straight to Windows 7, others are considering ditching Microsoft altogether.
“Because of the fiasco with Vista — and what a debacle that OS was — we’re probably not going to wait for another cycle of Microsoft products,” says one IT professional, who communicated via e-mail and asked not to be identified. “We’re looking at open source and the Mac as potential future suitors.”
He’s not alone. While Apple Inc.’s Mac operating system still hasn’t dented the Microsoft enterprise juggernaut, it is making inroads with businesses. Numbers from Forrester Research Inc. released in July show the Mac’s progression: From October 2007 through June 2008, enterprise market share for the Mac OS grew from 3.6 percent to 4.5 percent.
Linux had less penetration and less potential for penetration, the Forrester report concluded. So, while Vista might still take over for XP and Windows 7 looks like a sure thing to replace both its predecessors, Microsoft isn’t quite as much of an enterprise OS juggernaut as it used to be.
LPIC Exam Changes - Part Two
As I mentioned last week, in order to keep its LPIC exams current, the Linux Professional Institute is in the process of updating its Level 1 and Level 2 exams.
The following changes are being made to the second exam required for LPIC Level 1 certification: LPIC 102. A date of implementation is not yet known.
On the old exam, Topic 105 was “Kernel,” and it consisted of two objectives:
- 105.1 Manage/Query kernel and kernel modules at runtime (weight: 4)
- 105.2 Reconfigure, build and install a custom kernel and kernel modules (weight: 3)
All of the kernel topic have been moved out of this exam into higher-level tests. In its place, the old Topic 109, “Shells, Scripting, Programming and Compiling” has been renamed “Shells, Scripting and Data Management” and renumbered as 105. It consists of three objectives:
- 105.1 Customize and use the shell environment (old weight: 5; new weight: 4)
- 105.2 Customize or write simple scripts (old weight 3; new weight: 4)
- 105.3 SQL data management (a new objective altogether and assigned a weight of 2)
The old Topic 110 — the X Window System — from LPIC 101 has been moved to this exam and renamed “User Interfaces and Desktops.” The objectives and weighting are:
- 106.1 Install and Configure X11 (weight: 2)
- 106.2 Setup a display manager (weight: 2)
- 106.3 Accessibility (weight: 1)
Topic 111, “Administrative Tasks,” has been moved to 107 and two objectives have been removed: “Tune the user environment and system environment variables,” and “Maintain an effective data backup strategy.”
Topic 108, “Essential System Services,” borrows from several other topics to create a new entity. 108.1, Maintain system time, comes from 111.6 and the weight changes from 4 to 3. 108.2, System logging, comes from the old 111.3, Configure and use system log files to meet administrative and security needs, and the weight has changed from 3 to 2. 108.3, Mail Transfer Agent (MTA) basics, come from the old 113.2, Operate and perform basic configuration of Mail Transfer Agent (MTA), and the weight has changed from 4 to 3. Objective 108.4, Manage printers and printing, comes from the old Topic 107, “Printing,” and has been condensed significantly (it now has a weight of only 2).
Topic 109, “Networking Fundamentals,” used to be 112. Topic 110, “Security,” was formerly known as 114 and has a few changes to its weighting of objectives.
As convoluted as the changes may be to follow, what’s most interesting are the topics and objectives that are in the current version of the exam that will be removed from the future version. Consider the following:
- Booting, initialization, shutdown and runlevels have been moved to the first exam.
- Documentation (which included notifying users, finding Web sites, etc.) has been removed.
- Backup strategies (formerly weighted 3) have been removed, but knowledge of many of the tools (tar, cpio, dd) has been moved to exam 101.
- Configuring Linux as a PPP client (formerly weighted 3) has been removed.
- Operate and perform basic configuration of Apache (formerly weighted 4) has been removed.
- Properly manage the NFS and SAMBA daemons (formerly weighted 4) has been removed.
LPIC-1 Study Guide
I always find it somewhat humorous that the best vendor-neutral Linux certification is so broad in scope that it can’t really be called an entry-level certification. To become LPIC-1-certified, you must pass two exams from the Linux Professional Institute (LPI).
Those exams not only exhaust your knowledge of command-line options, but also expect you to know hardware, the kernel, security and a plethora of other topics.
Given that breadth, it’s not uncommon for books about these exams to be meaningful to anyone working with Linux — not just those cramming for an exam. The best of those books, by far, is the “LPIC-1 Linux Professional Institute Certification Study Guide” by Roderick W. Smith. Certified by LPI as one of its “Approved Training Materials,” the book is both thorough and engaging. Instead of just walking through the objectives from start to finish, the chapters build on each other and the material is covered in a much more logical manner.
If you’re looking for a good overall Linux book to fill in your coverage of general topics, you can’t go wrong by picking this one.
Rent-A-Proctor
BUSINESS IDEA NO. 965: RENT-A-PROCTOR
As I was reading the latest press release from Prometric — which has been awarded a contract with the U.S. Patent and Trademark Office to deliver exams to patent attorneys — it suddenly hit me how we can solve what’s wrong with today’s exam environment.
I’ve been bothered for some time by the fact that we still expect candidates to be physically present at a brick-and-mortar storefront in order to answer multiple-choice questions on high-end IT questions.
I’ve ranted about this before, and each time, someone — usually multiple someones — points out the need for a candidate to verify their identity and to make sure that they don’t cheat (I’ll hold off on sharing my thoughts about the ability to cheat in existing test centers for now).
In other words, people can’t be trusted; therefore, and we must proctor their actions by using VUE or Prometric centers. The Linux Professional Institute (LPI) FAQ says it best:
“Unfortunately, for Web-based exams in unproctored situations, you cannot get around the fact that someone else could take the exam for you — or be right with you as you take the exam. At this time, there’s really no way to securely offer exams online without a proctor present.”
As I was reading the Prometric press release, however, I had an epiphany: If the issue is simply that you need someone to verify your identity and watch you take the exam, why do you have to go to them? Why can’t the proctor make house calls?
Suppose ACME Inc. wants Johnny Administrator to gain ABC certification so it can continue to say that its entire staff is certified. Johnny gains the knowledge needed through books, training, etc. Under the current scenario, he then takes a day off and drives to the testing center in City Y. There, he shows two forms of ID, walks into a closet of a room and answers 75 multiple-choice questions on the oldest workstation and monitor that the testing center owns. To remind him that he shouldn’t cheat, he must leave his belongings at the front desk and take note of the closed-circuit camera overhead that may or may not be monitored.
Under the proposed scenario, a proctor would show up at ACME at the allotted time and be introduced to Johnny by his supervisor, thus confirming identity. The two of them would move to Johnny’s workstation (which would most likely be far superior to that at any testing center) where Johnny would be given information on how to begin the test (either by logging in to a Web site, downloading an executable, or — heaven forbid — actually performing some actions on the live system). At the end of the test, the proctor would deliver the results to both Johnny and his administrator and then move on to his next appointment.
The benefits of this scenario are legion. Not only could multiple types of exams be given, but the proctor could actually be knowledgeable in the topic area (gasp!) and able to give meaningful feedback. The candidate would not miss more work than the time the exam consumes, and be able to work with equipment that they are comfortable with and use daily. The supervisor can have immediate feedback on their employee and know what areas they are strongest (and weakest) in.
I can’t imagine a greater win-win scenario.
What you need to know about Cisco’s new CCNA specializations
What are the new CCNA specializations?
To become a specialized CCNA, you must first be a “regular” CCNA, and then pass a single certification test in your specialist area.
There are three new CCNA specializations:
- CCNA Security
- CCNA Voice
- CCNA Wireless
Each of these is an area of technology in which Cisco is pushing for a very strong presence.
What do I need to know about these specializations?
CCNA Security
The CCNA Security grounds you in core security technologies that every Cisco admin should know and use to secure the network. To pass the certification test, you need to demonstrate that you have the knowledge to set up a security infrastructure that will defend your network from outside threats. For example, you will be tested on security threats, securing a Cisco router with the IOS, implementing AAA, ACLs, the IOS Firewall, and IOS IPS features. This specialization became available on June 24, 2008, and is valid for three years. The prerequisite is a valid CCNA. The exam number and name that you will need is 640-553 - IINS (Implementing Cisco IOS Network Security). To learn more about this specialization, please see the official CCNA Security page.
CCNA Voice
The CCNA Voice certification ensures that you have the skill set to perform installation, operation, and administration of VoIP solutions. In preparing for the certification, you will gain a solid foundation in voice applications and their concepts, including Cisco Unified Communications architecture. This specialization became available on June 24, 2008, and is also valid for three years. The prerequisite is a valid CCNA. The exam number and name that you will need is 640-460 IIUC (Implementing Cisco IOS Unified Communications). To learn more about this specialization, please see the official Cisco CCNA Voice page.
CCNA Wireless
This is the “wave” of the future. You will be able to support wireless LANS in your network, as well as be able to configure, monitor, and troubleshoot any Cisco WLANS, which can be of great benefit to you on your Cisco career path. This specialization will be available on July 25, 2008, and is also valid for three years. The prerequisite is a valid CCNA. The exam number and name that you will need is 640-721 IUWNE (Implementing Cisco Unified Wireless Networking Essentials). To learn more about this specialization, please see the official CCNA Wireless page.
Should you consider a CCNA specialization?
While you may have your own reasons for pursuing these certifications, here are the reasons that I came up with:
- Career opportunities — I don’t think you have to look very far in the want ads to discover that the workplace is not only looking for people who have a broad range of skill sets, but they are looking for people who have skill sets that fit a special niche. These specializations could give you an edge up on other candidates.
- Confidence — Obtaining a new certification always helps you to build confidence in your skills. Additionally, when you are interviewing for a new position, management feels much safer knowing that someone who knows how to secure a network from Internet attacks is in charge of their network.
- Capability for advancement — Although you have to be CCNA-certified to obtain any of these specializations, they will broaden your understanding of specific areas and make you a more rounded and confident Cisco admin. Also, it is a good next step in your career path initiative to the CCNP or CCIE.
Conclusion
What do you think of Cisco’s new CCNA specializations? These three specializations are a newly available stepping stone in the certification ladder. Which, if any, will you choose? Do you feel that new CCNA certification levels were necessary?
COMPTIA ADDING VIRTUAL TRAINER CERTIFICATION
On July 1, CompTIA announced that it was adding a module to its Certified Technical Trainer (CTT) certification for virtual classroom trainers.
The CTT+, a vendor-neutral certification for IT trainers, requires passing a proctored exam and creating/submitting a video presentation for grading.
Starting in August, those seeking CTT+ can choose whether they want to be certified with the virtual designation (which will include a recorded online assessment) or just the standard classroom trainer designation.
BASH YOUR WAY THROUGH EXAM STUDY
Over the years, I’ve seen many approaches to certification exam study. You can do everything from taking an exam blind — the idea being that it will help you get a feel for what questions and topics are on the exam, even if you fail — to sitting through weeks of expensive vendor training designed to help you pass.
Between those two ends of the spectrum reside all the books, test engines, flashcards and other products intended to help you prepare.
This past week, however, I ran across one of the most unique study methods I’ve seen in a while, and I wonder whether the concept can be adapted to more uses. A candidate, who asked to remain anonymous, wrote a very simple Bash script. That script randomly pulls the name of a utility from a list of those you need to know for Linux Professional Institute (LPI) exams, and then accesses the man page for that utility. It takes key items from the man page (freely available in every Linux distribution, as well as online from numerous sites), parses what it finds, and presents it in a quiz format.
For example, one time the candidate would see several of the options that work with the ls command, but not what they do. He would then have to correctly identify what each option does, and check his answers by pressing a key that then revealed only that portion of the man listing for ls. Many iterations later, the same question might appear, only now it would be the description (”Which option with ls will show the index number of each file?”), and he’d have to guess the option (-i).
It wasn’t a perfect script by any means - grammatical errors and other oddities crop up when you’re just parsing man pages to get your questions - but it impressed me immensely. And that fact that the study solution he had created was free opened my eyes to thinking about other implementations.
Information Security Certification Guide
Information Security Certifications are part of the credentialing landscape for an information security professional, and in many ways, those just generally interested in the subject.
Setup32.com writers have put together the definitive list of the top 50 information security certificates and certification paths for those who are serious about getting their information security certification.
In fact, the sheer number of credentials can make navigating the security certification landscape a dizzying experience. Simply identifying the vast array of offerings can be time consuming and overwhelming — never mind determining which certification best fits your situation.
There is always going to be concerns about the money, the time, and the value of a security certificate. The question comes in as to how much you want to have any hope at job security. There is job security in information security by keeping your skills up and adopting life long learning. That is a reality, even if you get canned from one company, having a string of letters after your name can help, as long as it is not too many. If you have a dozen use only the three latest ones on your title, while interesting, if you have a dozen, it looks like all you did was go to school.
The very good part about the article is that they really do cover the whole certificate landscape in line with what people might want to do. Do you want a generalist or a specialized certificate? One thing they do not do is go into the comparable wage process for each security certificate (you have to make sure there is a payoff for the certificate, if there is no bump in dollars for having it, then it is not worth getting because everyone else has it and the market is diluted).
This is one of those career planning articles that would do folks looking to start out, or those seasons veterans looking for something new, to plan and plot out their information security careers. The key here is to keep on learning, keep on being challenged, and keep on building your marketability always.
Check it out: Information Security Certification Guide
Almost ready: OCA Linux Certification
Oracle is almost ready to go live with the Oracle Enterprise Linux Certified Administrator (OCA) certification. This certification, a stepping stone to upper-level Linux certifications to come, requires passing two exams:
- 1Z0-402, the Enterprise Linux Fundamentals exam (which went live on March 22).
- 1Z0-403, the Enterprise Linux System Administration exam (which closed beta on March 31).
The Fundamentals exam — which you can skip if you’re already certified for LPI, Linux+, Ubuntu, Red Hat or Novell — consists of 87 questions that must be answered in 120 minutes (with 57 correct required to pass). The exam’s topics include messaging, printing, text editing and enterprise Linux fundamentals, among others.
The System Administration exam — for which appointments are now being taken for the production exam — consists of 113 questions that must be answered in 120 minutes (with 62 percent correct required to pass). Topics include Linux kernel compilation, client networking, enterprise Linux installation and more.
Both exams are administered through Prometric testing centers.