Thursday, September 1, 2016

CompTIA Cybersecurity Analyst+ Beta Exam
I had the opportunity to take the CompTIA Cybersecurity Analyst beta certification exam (CompTIA CSA+) beta certification exam. This intended to be a new certification that is a vendor neutral certification path between CompTIA's Security+ and the CompTIA Advanced Security Practitioner (CASP) certifications. Similar to other CompTIA exams, the exam consists of both multiple choice and performance based questions. The exam I took had a total of 103 questions with 5 of those questions being performance based. The total test time allotted for the beta exam was 165 minutes. CompTIA plans to release the final exam in 1Q2017 so the makeup could change for the final exam.

The performance based questions rely on the test taker's ability to analyze snippets of log files and then using that information from the log files to determine what is occurring within the network or with an external source. You could be faced with questions to review a scan and answer the questions (e.g. determine false positives and scan type), review network traffic/workstation/server logs to determine the host containing malware and the infected process running. These are more detailed than the CompTIA Security+ performance based questions so prepare yourself and budget your time. The only nit I had with these questions is the floating dialog box with the simulation description. It can be resized but it was getting in the way of the log file analysis.

The multiple choice questions have the typical CompTIA wording flavor. The questions are to the point but remember to look for the specific keywords that are essential to answering the multiple choice question with the best answer. The beta multiple choice questions included but limited to Incident Response Management, Security Information and Event Management (SIEM), choose the correct open source tool invocation to perform a task, identify what has occurred based on a snippet of network traffic. The tools in the exam and log files are based on common open source software tools available to security analysts. CompTIA's examples from the beta exam website are:

Open Source Software Description URL
Wireshark Network protocol analyzer / packet capture tool
Bro and/or Snort Network intrusion detection systems (NIDS)
AlienVault Open Source SIEM (OSSIM) with Open Threat Exchange [OTX]) Security Information and Event Management (SIEM) software

I do not know if this will be identified in the DoD 8570 Approved Certification list but it will be in CompTIA's best interest if it is ultimately included. My guess is, if it is included, it will fall in with the CND-SP certifications instead of IAT, IAM, and IASAE.

The exam is intended for someone with a couple of years of cyber analyst experience with hands on tool experience. I found the beta exam to be refreshing and if the final is similar to the beta exam then I believe that CompTIA will have a great exam for Cyber Security Analysts. Based on the beta exam, I recommend keeping eyes open for the release of the final exam in 1Q2017 and taking a look at it.

Saturday, June 25, 2016

HOA Activity - Meet Your Neighbor

Historically, our Home Owners Association has not sponsored events for the residents of our community. Our Board of Directors, of which I am serving as president, has changed over in recent years and is becoming much more active. We held our first, of hopefully many, Meet Your Neighbor event at our community pavilion and it was a success!
Because this was our first event of this type. we went small. Our offering was grilled hot dogs, chips, cookies, water, and juice. As an incentive, we also held a drawing for all of the residents who attended for two $25 gift certificates to a local restaurant. We purchased food for 64 residents for under $100 plus $50 for the door prizes. For a little under $150 we had a great afternoon and met with some wonderful people.

I am looking forward to many more of these community events.

First Response Bluetooth enabled pregnancy test

First Response now has a Bluetooth enabled pregnancy test. 

It is said to make it easier... Because waiting the required time and looking at the mark on the stick was too difficult????

Thursday, March 24, 2016

Questioning Donald Trump's punative tariff threat on US manufacturing

Donald Trump threatens Ford with a 35% punitive tariff on automobiles manufactured abroad. I am not only concerned that he is spouting these statements but that the American people are not asking questions and instead buying it lock, stock, and barrel.

Staying away from legality of a punitive tax on US companies, how does this help our economy? We've been hearing ad nauseam how the Affordable Care Act will hurt the economy but a 35% tax that will be transferred to the American public on products that are produced abroad is good for the economy? Does Mr. Trump propose to apply this punitive tariff to products with foreign made semiconductors? How about on companies that use foreign labor to write software for their products? What about call centers in foreign countries? How far is he willing to take this punitive tariff?

Some of Mr. Trump's business ventures manufacture abroad. If US companies manufacturing abroad is an economic issue then why do his businesses partake in foreign manufacturing? IIf Mr. Trump is such a great businessman then what is it ok for Mr Trump to manufacture abroad and it is not ok for Ford and Apple to do the same?

A President cannot just make laws, so how exactly would he implement a punitive tariff? How would he get congress to vote for it?

These are just a few questions on this single statement made by Mr. Trump. Lets raise the bar for this election and begin to ask the important questions of our candidates and stop taking what they say as fact.

Thursday, July 9, 2015

How-to Create a Dog Patch (Dog Pee Patch) - The Refresh

In one my previous posts How-to Create a Dog Patch (Dog Pee Patch) I showed how I created an area for out two Labrador Retrievers to do their business. After a while it may develop an odor that even vinegar or other concoctions will not handle. Here I'll show how easy it is to refresh the area for many more years of use.

First, you have the existing patch. If you are looking to create one for the first time take a look at my post on How-to Create a Dog Patch (Dog Pee Patch).

On top of the rocks and under the pea gravel I had laid mesh screen so begin by using a shovel to pull back the pea gravel around the edges exposing the mesh. The mesh can be pulled up to bring the gravel into a pile that is easier to shovel.
You will want to remove the old pea gravel and you have two options, clean and reuse or dispose of and use new gravel. For this refresh I use all new pea gravel. After removing the pea gravel and mesh you end up with the original base. Other than cleaning with vinegar or something to help with any odor the base stays untouched.
Our patch has a PVC drain so while I had it uncovered I made sure that we did not have any blockages by running a snake through the pipe and I ensured that there were not rocks blocking water entry into the pipe. It all appeared in great shape so I covered it back up. and moved onto the deodorizing of the patch.

In my dog patch, the odor was mainly coming from the pea gravel in the areas of the darker black spots. I cleaned this area (I opted for a light solution of bleach and water). I poured the solution over the rocks and then let it air dry in the sun while I did some weeding elsewhere. After a hour or so I then sprayed the rocks down with a hose to wash out any solution and excess dirt and voila a clean patch!

At this point all you will need to do is put new or cleaned mesh on the patch and add cleaned or new pea gravel. For the size of this patch, I needed at least 3 bags of pea gravel from Home Depot. I initially tried 2 bags but it really didn't cover all of the mesh and left some blank spots.

And there we have it, the refreshed and no odor patch. The dogs immediately took to it so it meets their standards.

It it easy and ignoring the wait time for it to dry, it took about a 1 to 1.5 hours to complete. It is really simple and extends the life of the patch with little expense and effort.

Wednesday, May 20, 2015

Using APRS along the Ohio and Pennsylvania Turnpikes

On a trip from Maryland to northern Ohio I wanted to give relatives an idea where I was along my travels. For this I fired up my Argent Data Systems Tracker2 and Kenwood TM-V71A. For the entire drive, I ran the Kenwood at 10W and transmitted on the Automatic Packet Reporting System (APRS) frequency of 144.390 MHz as K8ESR-9. The outcome was much improved over past trips do to better coverage by digis and I-Gates. In previous trips, I could drive an hour and a half without a packet being received at an I-Gate. As can be seen in the plot, this is no longer the case. I'd like to thank the amateur radio community for improving the coverage by adding digis along this heavily traveled route. plot of received APRS packets on Ohio and Pennsylvania Turnpikes.
As a side finding, I discovered that I do need to look at my setup. Unless I unknowingly have a car-airplane hybrid then I think there could be an issue with the GPS. At least one transmitted packet shows the speed to be 219 MPH. The elevation at that point checks out but the speed... uhmmmmm, suspect.

As always, your results may vary depending on radio and antenna setup but when traveling on this part of the turnpike you'll have decent coverage for most of the drive. Happy travels!

73's K8ESR

Sunday, May 17, 2015

Yaesu VX-8GR APRS Backpack Portable Performance

At the 2013 Hamvention I picked up a Yaesu VX-8GR which unfortunately Yaesu discontinued when they released the FT-1DR for their System Fusion concept. In 2015 I still own the VX-8GR and I decided to use it for my Saturday trip. My primary HT is a Kenwood TH-F6A and to keeps things simple I decided to make my APRS backpack portable. This was a simple build consisting of a backpack, a 3 foot extension cable SMA male to BNC male, BNC female to SMA female adaptor, and tie wraps.
Yaesu VX8-GR backpack portable
I attached the stock antenna to the backpack and ran the extension cable to the side pocket. A nice quick "build" so to speak. With all of the APRS traffic at Hamvention I was not entirely sure how well this was going to work. I set the HT to transmit at 3 minute intervals and let it go for the day. From 9 AM until about 2 PM 39 packets were picked up and available to map in APRS-IS. map of VX-8gr at Hamvention 2015
Yet again, I am impressed with how well this little radio performs in a crowded environment. The GPS has sufficient sensitivity to provide some position packets from within Hara Arena. As you can see, we did a decent job making our way through the flea market on Saturday.

So, if you are looking for a good HT with great APRS battery performance (blows the Kenwood TH-D72A away on battery life) I still highly recommend the VX-8GR. These radios are no longer in production so you'd have to pick it up on Ebay or in a flea market. If you do buy one I don't think you will be disappointed.

73's K8ESR