We would have to nominate the Google Hack this year right?  I mean it forced them to drop Micro$oft Windows.   

Did you get the 2 month or 1 month access to the labs when you signed up? 

I agree with COm_BOY.  It looks like eLearnsecurity will definitely get your hands dirty.  I have taken the CEH and it does provide good information but there is nothing like hands on experience.  I do like exams that cannot be simply brain-dumped, but requires at least some hands on work.  I guess that is what makes OSCP so appealing to me. 

To be fair, there is nothing preventing you from building a PenTest Lab to study for the C|EH.  I guess, you get, what you put into it.  But again, I think if take the eLearnsecurity first, you probably won't take the C|EH. 

Has anyone ever used the SIEM (NitroView Enterprise Security Manager (ESM)) or QRadar?  It seems like SIEM can help get an organization SAS70 certified.  It was noted that "SIEM gives you a true picture of how your network is being used, and by whom. It independently monitors your network to verify security policies, to generate alerts for possible compliance breaches, and to analyze and report on network performance" but has it ever overwhelmed anyone here with false positives?

Posting from TheRegister:



I did not see if they created a RAID 0 SSD setup which would have to make the process even faster with an increase in performance.  They said that it is even faster than the NVidia setup people are using.  Does anyone here have a SSD raid setup and can post about performances in your speed?

Entire Article:
http://www.theregister.co.uk/2010/03/12/password_cracking_on_crack/

Looks like it has already been added to Metasploit.  It is insane how fast the race is to patch systems.  I guess that is why InfoSec people get paid. 


http://www.rec-sec.com/2010/03/10/internet-explorer-iepeers-use-after-free-exploit/

Not sure if this has already been posted but just a heads-up:

http://news.cnet.com/8301-27080_3-10466199-245.html

Thank you everyone for the replies.  I agree that patch management depends on the policies of the organization. I thought it was a good question to ask the community since it is such an important procedure for an organization with a security conscience. I know companies have different ways and applications of accomplishing it.  I have seen SMS, shavlik, WSUS, Altiris, BigFix, etc. I was wondering if anyone was partial to one of them and why? 

Also, I have seen people argue how often it should be done due to the testing required to install patches. Personally, I think once testing is done, you can install all tested patches.  You never know if a low priority patch can be used for a higher vulnerability. 

That is why I just wanted to see how other security minded people handled the task. Also, I think VMware is perfect for patch management because of snapshot.  It is faster than using Ghost or Clonezilla.

Again, I want to say thanks for the comments.

Hello All,

If you guys don't mind, I was wondering if people could share there advice and their experience on patch management.  How often they patch their systems, every day, week, quarter, etc?  What tools they use and their experiences with those tools?  Whether they concentrate on critical patches instead installing all patches?

Thanks in advance.

Thanks for the replies.  I will be signing up at the end of January.  That should give me enough time to take care of the CISSP.  Oh yeah, I did want to say that was a great review for the OSCP.  Thanks again everyone.

I also want to take the course but after, I complete the CISSP.  I was wondering if I have to be an Assembly GURU to pass the course.  I have the two books (Hacking: The Art of Exploitation  2nd Edition) and (Reversing: Secrets of Reverse Engineering).

I figured reading and understanding them would help me before I take the course.  But is it necessary? I am going to anyway since ultimately I wanted to become a researcher for discovering and breaking malware, especially the ones that create botnets.