I can the username and ip from the security log but there is no way to tie them together conclusively.

To see if the computer is logged on:
nbtstat -a <ip>

To find the users name, based solely on his username, then look at your local connection cache:
net send <username> "
nbtstat -c

I could be one of those answers where you nod because it totally makes sense, and the go, "wait, what?  he didn't really say anything."

There are people who have built careers out of this.

Be prepared to be told no.  Your company/provider made the decision for terminal services for a number of reasons.  So many people can access the data and make changes, reduce administrative costs, centralize security... they may not be willing to change this model.

(on a side note, even though the newbs are coming in more frequently, at least they take the time to locate the most appropriate forum to post in!)

I think I found my new phone.

But then again, who am I kidding?  I still never did anything with that Compaq Ipaq I was going to make a pen testing platform from.  

looks like this is the full video... haven't watched it yet.

http://www.youtube.com/watch?v=x9XWxD6cJuY&feature=related

little bit of shocked by it.

That is it.  Seems like it should be a ride at EPCOT.

My favorite and most horrifying TCP/IP basic primer is, http://www.youtube.com/watch?v=H760U3QZocs.  It appears to be only part of the video, but you will get the idea.  I've been shown this in EVERY networking class I've had in college.

There are a few threads about CEH books and setting up a testing lab on a budget.  This is my $.02.

The Official CEH Review Guide is only good if you are going for the certification.  It tells you what you need to know.

The best bang for the buck is CEH Exam Prep by Michael Gregg.  He walks you through WHY you need to know the material along with great scenarios for you to try.

SANS is definitely for corporately funded individuals.  There are options for everyone else, (like work study) but that typically means living near a conference city.  Luckily, SANS likes Orlando.

I may not like all the options for renewal, but I'm going to live with it.  I want to go for my GSE certification, which would probably mean going FOR THE GOLD!

Welcome to EH-Net!  Sounds like you are heading in the right place.

Zeroflaw, I'm 33 and I'm sick of college.  I'm returning late to college, but now was the right time.

Oh, yeah, I forgot about that.

Recruiter: "So, what experience do you have with help desk?"
Me: "The past 10 years, my entire resume"

Which prompted a rewrite of my resume coincidently.

I've had some time to review the changes and gather my thoughts.  I appreciate the fact that GIAC/SANS has taken this step.  It is a welcome change.

However, I think there may be a lack of inexpensive options for recertification.  SANS is keeping you "in the family" because they are requiring you advance SANS and attend their training courses.

It appears the three main ways to maintain your certification is to attend live training ($4k+), write a gold paper ($300), or retake the test ($300) on top of the cost to recertify ($300).  While they have options to submit work experience, write test questions, be a facilitator, be a mentor, etc, you cannot make enough credits on your own to recertify.  There needs to be money exchanged with SANS or another training provider (which GIAC will approve or not).

It just seems like there should be more options to give back, without having to open your wallet beyond the money required to obtain the recert.  A lot of times I have to come up with unique methods for training and certification, because my work only pays for so much.  I feel that I should be able to give back and recertify by being a mentor, a facilitator, an ISC handler, or write test questions as many times as I want without a cap on how many credits I receive for each.

I also wish there was not the two year restriction to start your "recertification".  For example, I just obtained my GCIH last year and I am going to be facilitating next week.  My facilitating won't count towards my recertification unless I do it in another year and a half.

Just my $.02.  feel free to discuss.

Good luck!  Working on your degree will be your best asset.  I would recommend working through your school to see if you can get an internship.

I would also recommend focusing on other technical forums, as EH-Net tends to be more specialized in security related issues.  I'm not trying to kick you out the door, just want to set your expectations.

Mixed experience here.  Most of the jobs I've gotten were because the company I was going to work for did not hire directly, they used an agency.

The worst experience with a technical recruiter was when I got an interview and a job on my own.  When i told the recruiter I was no longer looking they tried to strong arm me by saying they deserve credit/commission.  All this just because they vaguely mentioned an available position, without any specific details (like title or company name), which just so happened to be with the company I got the job at.

I've gotten some great temporary gigs through recruiters.  They are a necessary evil in the computer industry where there is a lot of talent, and not a lot of jobs.  Just do not let yourself be pushed around, do not sell yourself short, always ask for more money.  The recruiters job is to pay you as little money as possible, because their company keeps the rest.

I love my job now, but I still entertain the infrequent recruiter call, and keep my information updated semi-regularly with one of them.  Most of the time the conversation ends when I ask their salary range.

Whoa, that's pretty damn clever

Makes you wonder why we didn't think of it first, eh?  Without the " unethical hacking" part.

Ever lose your chance to purchase those ever important, once in a lifetime Miley Cyrus tickets?

Blame Wiseguys!  They found a way to game the reCaptcha system by generating fake requests on Facebook to obtain the captcha IDs.  They obtained all the system captchas, solved them, and then used a massive botnet to purchase tickets to music and sporting events.  Genius.

http://www.wired.com/threatlevel/2010/03/wiseguys-indicted/