In case someone hasn't seen this.  Here is Bruce Schneier's view on wireless security.

http://www.schneier.com/blog/archives/2008/01/my_open_wireles.html

Yeah, it certainly sounds like they have added security.  I would follow g00d_4sh's advice.

Welcome! WOOT for USAF!!!  If you are looking for some cheap IT training/reading material check out the USAF portal.  The Air Force offers free Computer Based Training (CBT) courses on almost every aspect of IT you can possibly imagine.  For USAF members only though.    When I was enlisted the company they used was called Skillsoft so you can try searching for that on the portal.  Good luck.

It's OK don't freak out!    If you lost access to your Gmail account just contact Google support they can reset your password and/or help you possibly restore any emails you have lost.  You might have to provide proof that the account is yours but after that should be able to help you out.  Good luck!

From what you posted it sounds like you are looking to use the server for normal everyday stuff (i.e. check email, play games, surf the Internet).  If that is all you really want to do no matter how much multitasking you do I would recommend that you go with a desktop computer with the quad core and spend the money you saved on packing the PC with as much RAM as it will hold and getting the latest and greatest video card also with tons of RAM.  A lot of the money you will spend to get the server is not so much extra performance as much as it is the ability to upgrade beyond what you can in a normal desktop.

I do agree with Don that if you are looking to setup a hacking lab and money is no object then yes go with a server "with all the fruit".  But unless you are planning to simulate a network with the machine a desktop is probably the way to go.

I think the issue is really about whether an open unsecured WiFi connection can be considered an invitation to use the network or not.  That could actually be the owners intention.  For example the owner could be sharing their Internet connection with their neighbor (maybe they went halves on the Internet bill).  Now this would probably violate the ISP's TOS but it wouldn't be illegal.  In this scenario the issue becomes less murky because the owner is intending their network to be shared with anonymous users.  The question is since they didn't put a big sign out front saying "Please feel free to piggyback my network!" does the open connection itself imply that it's OK to connect.  Now in IL (My great state  ) the issue is fairly straightforward.  See quote below (Thanks for the link Slim).

"Sec. 16D‑3. Computer Tampering.
    (a) A person commits the offense of computer tampering when he knowingly and without the authorization of a computer's owner, as defined in Section 15‑2 of this Code, or in excess of the authority granted to him:
        (1) Accesses or causes to be accessed a computer or
        
any part thereof, a computer network, or a program or data;"

IL clearly says "without the authorization of a computer's owner" which I think indicates that you need express permission from the network owner to use the network but I am not a lawyer so I could be wrong.  Although Slim's kids would be OK in IL since they include the "knowingly and with out authorization" so if you don't know any better your fine.  This is one case where being IT clueless would actually be an advantage.  Well that's my 2 cents.

Welcome!!    Do you really not want to take the CISSP because you read how hard it is or do you not want the certification?  Honestly I just passed the CISSP and my study method seemed about the same as yours.  I skimmed the book (All-In-One) and went in with mostly just my experience in security.  I did fine.  I think you would probably do about the same on the CISSP as you did with CEH.  Well that is my unsolicited 2 cents!  Again welcome!

Thanks for the info!  I need to talk to the boss and see what he thinks.  To bad I missed the ChicagoCon that would have been great!

I am located in IL but I am willing to travel to most anywhere in the US.  My company is looking to send me to the training as long as the cost isn't to exorbitant.

I know this isn't really a certification question, sorry.  I was wondering if anyone knew of a good Cisco Pix Firewall training course.  I found a course offered by Cisco on Pix and ASA but I am not sure that is exactly what I need.  Of course Google comes up with lots of courses but it is hard to tell if they are any good or not.  Primarily I am looking for a classroom/lab training environment with good technical content.  Any suggestions are appreciated.  I hope everyone has a happy New Year!

Excellent post Kev.     I think you and Dean both have good points.  Which I think is the best thing about a good forum you can get different viewpoints of topics.

_Marshel_ sorry to hear about your PC mishap.  One suggestion I would make is that after you rebuild/repair your lab you get a good baseline image of all your machines before you start "messing around" again.  That way no matter what you do it is much quicker to get your lab back up and running again.  Good Luck!

LOL, Well we use it for scanning but usually for only scanning a single PC.  Normally because we have reason to suspect malicous activity from that PC.  We scan the PC to get O/S, patches installed, open ports, local account password settings, and registry anomolies.  Why they only use it this way I don't know.  I am newer to the company maybe it is a licensing issue?  Or it is possible no one has bothered to work in depth enough with it to set it up correctly.

So do you think I am completely crazy and should recommend getting GFILandguard configured correctly thus solving all my problems?

Cause it thats the case my boss is going to love me. 

I am looking to run automated scans on multiple subnets.  Nessus is definitely being considered it's hard to argue with "Free".  Even though we are already paying for ISS I am getting the feeling from the people with the purse strings that they would like a solution that doesn't come with an annual fee or at least something cheap.  I personally don't have a problem with ISS and the cost (from a corporate budget perspective) is reasonable but I don't make the budget decisions.

I like the sound of Qualys but it doesn't sound any cheaper then what we have now.  I really don't know if I could sell the boss on having our vulnerability information stored on an outside company’s server.

We do use GFILanguard but not really for vulnerability discovery.  Does anyone know if you can configure Languard scan similar to ISS or Nessus?

Thanks again! 

I was wondering what everyone thinks is the best available network vulnerability scanner?  My company is currently running ISS but we are looking to move to something else possibly more cost efficient.  We do support a fairly large network so the tool has to be able to handle large scale scanning.  Any ideas are welcome!

Thanks in advance for the advice!