Certification Magazine - October 2007 - (Page 39) INTERFACE continued from page 33 “Every individual in DoD is supposed to have an individual development plan, which lays out the training they think they need, and their bosses sign off on it,” Bieber said. “If it’s approved, they go to the training, and if they have to pay, they get reimbursed, or the government pays for it after the fact.” The DoD also has an IA scholarship program, which is part of its scholarship-for-service program and acts as a recruiting and retention aid for qualified IA and IT personnel. The program is restricted to certain universities that have been approved or designated as centers of academic excellence by the National Security Agency and the Department of Homeland Security. To meet the scholarship program requirements, newly recruited students must participate in a summer internship and pay back each funded year of school with a year of service. Although certification has been tapped as a way to manage and educate the DoD’s IA workforce, Bieber said standards development body ASTM International (formerly the American Society for Testing and Materials) is working to come up with a standard definition for certification. While ASTM works on that, DIAP will pursue other enterprisewide solutions, training tools and exercises to quickly build IA personnel experience and capability. Two additional, specialized chapters to the DIAP manual are in the works. One will address the needs of information system architecture and engineering, and the other will outline computer network defense service providers or computer emergency response teams. “We’re trying to make sure that everybody who’s doing an IA job sees themselves someplace in the manual,” Bieber said. “It may not require a new certification or anything, but we’re trying to define the workforce, and we’re looking at additional chapters to cover certification and accreditation and other areas. I still have some concerns with certifications. I’d like them to pay more attention to what they accept as continuous learning. I’d also like to see more performance-based testing and more hands-on technical versus lecture in the training, but I think, over time, that will come.” 8 – Kellye Whitney, kwhitney@certmag.com TECHNIQUES continued from page 37 try, the real value in Metasploit is its “free” price tag, which enables companies with low security budgets and even those that do not have a formal budget devoted to security protection to obtain basic tools to examine the security and vulnerability of the network infrastructure. Unlike tools such as Ethereal or NMap, which examine the network-based traffic patterns over the network, Metasploit is more geared toward taking advantage of known exploits on an application or service. The Metasploit Project is a little more advanced than some of the other products, and administrators who would like to take advantage of Metasploit’s vulnerability-testing capability might want to invest some time in the documentation before trying to use the tool to examine their own network integrity. For more information, visit http://www.metasploit.com/. Hiring a Professional Although there are a multitude of security tools listed here, and many that were not included (there are entire books on available security tools), it is also important network or systems professionals recognize when it is time to hire an expert. A network professional or manager should certainly examine developing a policy by which security assessments are executed against the network environment, particularly environments in which applications are hosted that are exposed to the outside world. If the threat to your infrastructure warrants an outside professional, look for a firm that can provide customer references that are similar to the size and nature of your company, with preference given to a company with experience in your industry. Even if your firm is not in the market to examine professional security services, you as an administrator have the opportunity to apply these and other tools to enhance your recognition of security threats, protect your infrastructure and make yourself more valuable to the enterprise. 8 Wayne Anderson is a highly certified system engineer course developer for Avanade, a global Microsoft consultancy. He can be reached at editor@certmag.com. http://www.metasploit.com/
Table of Contents Feed for the Digital Edition of Certification Magazine - October 2007 Editor's Letter Contents Data Stream Tech Careers Dear Techie Academic Connection Virtual Village Rebooting Your Career Development Inside Certification Forensics Investigators: Cybercrime Fighters Interface Building Your Skills Through Security Tools Ad Index Endtag Certification Magazine - October 2007 Certification Magazine - October 2007 - (Page Cover1) Certification Magazine - October 2007 - (Page Cover2) Certification Magazine - October 2007 - Editor's Letter (Page 3) Certification Magazine - October 2007 - Editor's Letter (Page 4) Certification Magazine - October 2007 - Contents (Page 5) Certification Magazine - October 2007 - Contents (Page 6) Certification Magazine - October 2007 - Contents (Page 7) Certification Magazine - October 2007 - Data Stream (Page 8) Certification Magazine - October 2007 - Data Stream (Page 9) Certification Magazine - October 2007 - Tech Careers (Page 10) Certification Magazine - October 2007 - Tech Careers (Page 11) Certification Magazine - October 2007 - Dear Techie (Page 12) Certification Magazine - October 2007 - Dear Techie (Page 15) Certification Magazine - October 2007 - Academic Connection (Page 16) Certification Magazine - October 2007 - Academic Connection (Page 17) Certification Magazine - October 2007 - Virtual Village (Page 18) Certification Magazine - October 2007 - Virtual Village (Page 19) Certification Magazine - October 2007 - Rebooting Your Career Development (Page 20) Certification Magazine - October 2007 - Rebooting Your Career Development (Page 21) Certification Magazine - October 2007 - Rebooting Your Career Development (Page 22) Certification Magazine - October 2007 - Rebooting Your Career Development (Page 23) Certification Magazine - October 2007 - Inside Certification (Page 24) Certification Magazine - October 2007 - Inside Certification (Page 25) Certification Magazine - October 2007 - Forensics Investigators: Cybercrime Fighters (Page 26) Certification Magazine - October 2007 - Forensics Investigators: Cybercrime Fighters (Page 27) Certification Magazine - October 2007 - Forensics Investigators: Cybercrime Fighters (Page 28) Certification Magazine - October 2007 - Forensics Investigators: Cybercrime Fighters (Page 29) Certification Magazine - October 2007 - Interface (Page 30) Certification Magazine - October 2007 - Interface (Page 33) Certification Magazine - October 2007 - Building Your Skills Through Security Tools (Page 34) Certification Magazine - October 2007 - Building Your Skills Through Security Tools (Page 35) Certification Magazine - October 2007 - Building Your Skills Through Security Tools (Page 36) Certification Magazine - October 2007 - Building Your Skills Through Security Tools (Page 37) Certification Magazine - October 2007 - Building Your Skills Through Security Tools (Page 38) Certification Magazine - October 2007 - Building Your Skills Through Security Tools (Page 39) Certification Magazine - October 2007 - Building Your Skills Through Security Tools (Page 40) Certification Magazine - October 2007 - Ad Index (Page 41) Certification Magazine - October 2007 - Endtag (Page 42) Certification Magazine - October 2007 - Endtag (Page Cover3) Certification Magazine - October 2007 - Endtag (Page Cover4)
For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.