As of January 1, 2010 CompTIA has instituted some changes to their certification policy.  In the past, if you were A+, Network+ or Security+ certified you would remain certified for life – no need to renew or update the certification unless you wanted to just keep up with new technology.  In keeping up with the times however, and in making CompTIA certifications more relevant, they are now requiring certain certifications be renewed every three years.

The new certification renewal policy is applicable to all individuals who hold CompTIA A+, CompTIA Network+ or CompTIA Security+ certifications, regardless of the date they were certified. Does this apply to ALL CompTIA certifications?  The short answer is no, only to the three listed above for now (Other CompTIA certifications are not affected at this time).

CompTIA advised on their website that there will be multiple ways to renew your certification, including take “bridge” exams that bridge the gap between an older exam and the newest version, by taking Computer Based Training, teaching, presenting, and so on.  For the complete details on this update to their certification policy visit their website.

Many thanks to everyone that followed us on Twitter and commented to enter our 8GB iPod giveaway.  We’re very happy with the response, and hopefully everyone will find value in the tweets we publish.  We tweet exclusive deals and discounts, so keep an eye out!

Congratulations to Tanya Wilson (@twincere) for being the winner of our iPod giveaway.  Tanya was kind enough to send us a photo and let us know how we were able to play a small part in adding to her family’s Christmas cheer!  We hope Tanya that you and your family will enjoy your new iPod for years to come!

Keep an eye out for future contests and giveaways, and most of all make 2010 the best year ever.

We’re a Computer Training company that creates IT Certification Training Videos for Microsoft, Cisco and CompTIA certifications.  We’re looking to do a little viral blogging experiment and expand our audience on Twitter.  We’re going to be giving away an 8GB iPod Nano the first week of December.  Great time to join the contest and enter to win a great gift for yourself or someone special.

Want to Win One?  Here’s all you have to do:

1. Follow us on Twitter at http://www.twitter.com/cdrees
2. Simply tweet “Just entered to win an 8GB iPod Nano.  Just follow @cdrees and retweet http://bit.ly/win-nano” or click here to tweet automatically

We are starting the contest at roughly 800 followers.  At then end of November we’ll pick a new follower and give them a brand new 8GB iPod Nano (choice of color).  If we make to 2,400 followers, we’ll also give away a 32GB iPod Touch.

This contest is open to people anywhere in the world and is free to enter (as long as it is legal for us to ship to you).

This is a very easy contest to enter.

Good luck!

Remember, if we get to 2,400 followers, we’re also going to be giving away 32GB iPod Touch!

Microsoft recently released their free anti-virus, anti-malware and anti-spyware program called Microsoft Security Essentials.

Aimed at the consumer and small business market, this application really takes aim at the existing free anti-virus solutions out there, and even some of the pay solutions that consumers and small businesses use. 

The application is built on the same engine Microsoft’s enterprise solution (ForeFront) is built on, and integrates nicely into the operating system.  When I’ve tried other applications, including AVG Free, Avira, and Avast! I’ve always noticed the fact it was there in that my OS seemed to slow down to varying degrees when the software was scanning or downloading updates.

With Microsoft Security Essentials I haven’t noticed any impact to overall system performance.  In addition, the software caught a few things that the other applications mentioned above didn’t catch for whatever reason.

As a general rule of thumb I prefer built-in or integrated solutions simply because I feel there’s a better user experience, things are less intrusive and it just seems to perform better.

The big AV companies like Symantec, McAfee, Kaspersky and others surely must have at least a little trepidation over the fact the Microsoft has released a free anti-virus solution that they charge for.  Will Microsoft’s Security Essentials replace full-blown suites that Norton, McAfee and the others provide?  No, and it’s not intended to.  The others have firewall applications, inbound/outbound mail scanning, instant  messaging scanning, etc., that Security Essentials doesn’t have.  In my opinion however, those are all things you don’t really need in the first place and just slow your system down.  XP, Vista and Windows 7 has a firewall built-in, most people these days sit behind a cable, DSL or FIOS router which has firewall capabilities, and their IP address is masked behind the router’s NAT (Network Address Translation) feature as well.

Microsoft Security Essentials offers real-time scanning and virus, malware and spyware detection, so having an inbound/outbound mail scanner on top of real-time protection seems a bit like overkill to me as well.

What do you think?  Does Security Essentials fit the bill for you and your environment or do the added features offered by one of the bigger companies AV “Suites” fill the needs of your environment?

Microsoft is ramping up for the release of it’s newest operating system, Windows 7.  Set for general release on October 22, 2009 it promises to fix a lot of the stigma associated with Windows Vista.  The new OS is much nicer in a variety of areas than in predecessor (in our informal beta tests).  Overall it’s just a more polished OS, nicer interface, less intrusive security, and less of a hardware hog.

If you’d like to get your hands on this new operating system, but don’t want to either buy a new PC with Windows 7 preinstalled or shell out the $120 – $320 for the new OS (depending on the edition and if you buy the upgrade or full-retail version), then host a Windows 7 house party!  Microsoft is giving away special Ultimate Editions of Windows 7 to select groups in the U.S. and select other countries for spreading the word and hosting a house party between October 22 and October 29, 2009.

The folks over at ARS Technica have more information on the program, along with details on how to sign up.  Are you as excited about Windows 7 as we are?

As you have probably heard at this point if you follow the show American Idol, celebrity gossip, or just happen to watch the news from time to time, Paula Abdul is leaving the show American Idol.

She’s walking away from the most popular show in television history and into an unknown future.  Why would she do this you might ask?  Well from what I’ve read and heard, it comes down to several things: Money, Respect and Overall job satisfaction.

You’re more than likely saying “That’s wonderful, with the economy in the shape it’s in, Paula Abdul is walking away from a multi-million dollar a year job; where all she has to do is sit and be nice to aspiring singers and take an occasional chiding from Simon Cowell.”

Well, you’re right with regard to the fact that millions of people around the world are suffering through economic hardships and she’s turning down an eight-figure deal. On the other hand, money is not always the most important thing in life. I didn’t say it’s not necessary, just that it’s not the most important thing in and of itself.

There really must be a combination of financial reward, respect and an overall feeling that your appreciated and valued.  In other words, we need to feel that we matter.

This leads to me to the title of this blog post, in that IT professionals (and anyone for that matter) can learn a lot from Paula Abdul when it comes to career choices.  Simply being paid a lot doesn’t necessarily equate to happiness.  Even though she was making several million dollars a year from the show, her counterparts were making many times more than that.  Simon Cowell is reportedly making upwards of $45 million for doing basically the same job.

As an IT professional, it’s important to balance financial rewards with the intangibles to find a job that is rewarding mentally, physically and financially.  Many people get stuck in a rut where they feel they can’t leave what they’re doing even though they hate it and subsequently their overall quality of life suffers.  This also has an impact on the people around them as well (i.e. family, friends, children, spouses, etc).  Quality of life is more important than simply being well-paid.  Many people who have a lot of financial success find themselves depressed and overstressed because they reach a certain level but haven’t learned to balance the other aspects of their lives.

As IT professionals, it is crucial to keep your skills sharp and learn new things whenever possible.  This also means constantly working toward keeping a balanced life as much as possible.  Training is critical to developing new skills and keeping marketable.  Some people take classes, some learn online and many self-study with computer training videos at their own pace.  Whichever path you choose, it is important that you keep moving forward.  This not only gives you options and allows you to make changes when it best suites your needs, but it also insulates you to a degree should disaster strike and your forced to quickly find a new job due to downsizing, etc.  If you are thinking about working for yourself there a number of things to consider in order to become a successful entrepreneur.

Don’t be afraid to take the step into the unknown or go after the things you deserve.  Take a lesson from Paula Abdul and seek the quality of life that will truly make you happy.

I’d like to know what you think, was it a wise decision or not?  Can IT professionals take a page from her book and improve their quality of life?

Network security has been, and will continue to be, a hot topic among information technology professionals.  As a systems or network administrator, you should not only be aware of the need to keep a close eye on security, you should be actively engaged in it every day.  In addition to the tools listed below, you should also be looking at specialized training like Cisco CCNA Security training, Windows or Linux/Unix Security Training.

New vulnerabilities are discovered every day that could allow an attacker to penetrate your infrastructure.  Company data, company secrets, account information, financial data and more is at risk if your network is compromised. 

Here are 10 hacking tools that you should be aware of and use on a regular basis to help you see what the hackers see, and to keep your networks more secure.

Packet Sniffers

1. WireShark (http://www.wireshark.org)

Wireshark is perhaps one of the most widely used (and free) network monitoring / packet sniffing tools out there.  When you download and install, it will also install the WinPcap application.  Once your familiar with WireShark, you’ll be able to sniff your corporate network, trace conversations, identify insecure passwords, etc (especially using additional software like Cain & Abel).

This tools runs on Windows, Linux and Mac systems

2. Kismet (http://www.kismetwireless.net)

Kismet is a very powerful wireless sniffer, often used for “wardriving” (driving or walking around, searching for wireless networks to connect to).  A lot of features in this application including the ability to identity non-beaconing networks (networks that aren’t broadcasting their SSID).  Always a good idea to see how secure (or insecure) your wireless networks are if you have them within your company.  Wireless networks are one of the larger security holes in many networks (and home networks).

This tools runs on Windows, Linux and Mac systems

3. Cain & Abel (http://www.oxid.it/cain.html)

One of the most popular “password recovery” tools for Windows operating systems is definitely one you should be familiar with.  Insecure (i.e. weak) passwords offer little to no defense against a fairly knowledgeable hacker.  If they can can physical access to your network (including attaching to wireless networks) chances are they can sniff the network traffic and crack insecure passwords in a matter of seconds to minutes.  Routinely check your network for the existence of weak passwords using a tool like Cain & Abel to identify user’s who need to strengthen their passwords.

This tools runs on Windows, Linux and Mac systems

4. Metasploit (http://www.metasploit.com)

This tool is geared more toward people who do penetration testing (pen testing), patch installation verification, regression testing, etc.  It’s a framework that allows you to develop tools to test and launch exploits against your system to verify patches, defenses, etc., are working correctly.  A little more learning curve here, but if you really want to take your skills to the next level, this is one tool you should add to your skillset.

This tools runs on Windows, Linux and Mac systems

5. Hping2 (http://www.hping.org)

TCP/IP packet injection and manipulation is again a skill that is a little higher on the food chain, but something you should become familiar with.  Using this tool you can send partial ping packets, IP fragmentation, etc., to test firewalls, discover firewall rulesets, remote OS fingerprinting and more.

This tools runs on Windows, Linux and Mac systems

6. Nikto (http://www.cirt.net/nikto2)

If your organization maintains web servers, or you have a hosted solution that you want to ensure is up to snuff, a tool like Nikto might very well fit the bill.  It is a web scanner that can scan for thousands of potential vulnerabilities, and best of all it’s free and open source.

From the cirt.net website: Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers. Scan items and plugins are frequently updated and can be automatically updated (if desired).

This tools runs on Windows, Linux and Mac systems

7. Nmap (http://nmap.org)

Nmap is a network mapping tool that can be used by security administrators to scan and test their networks for unidentified servers, hosts with vulnerabilities and/or unnecessarily open ports, etc.  Nmap is a popular tool among security administrators and hackers alike, and has been featured in such Hollywood movies as the Matrix: Reloaded and Die Hard 4: Live free or Die Hard.

This tools runs on Windows, Linux and Mac systems

8. Nessus (http://www.nessus.org)

Nessus is one of the most powerful network scanners available, and most serious security administrators tool of choice.  They have moved from offering a free version to a commercial version, which is potential cost prohibitive to some administrators.  However when you factor in the cost of remediating a hack to your network or infrastructure, potential loss of data, critical systems, and/or reputation it’s a small price to pay.

This tools runs on Windows, Linux and Mac systems

9. Snort (http://www.snort.org)

Snort is an Intrusion Detection System / Intrusion Prevention System (IDS/IPS) that is widely used by security administrators to detect intrusions into their networks. It combines the benefits of signature, protocol and anomaly based inspection and is one the most widely deployed IDS/IPS technology worldwide.  There are a few pre-requisites for installing and running Snort, including Libpcap, PCRE, Libnet and Barnyard.

This tools runs on Windows, Linux and Mac systems

10. Retina (http://www.eeye.com/html/Products/Retina/index.html)

A commercially available network and security scanner from the folks at eEye Digital Security, Retina is a full-featured network monitoring application.  While not free nor open-source, it’s a popular tool used by many corporate and government security administrators.  Retina can also report on compliance with many corporate policies including SOX, HIPAA, GLBA, PCI and others.

Cisco CCNA Security 640-553 Secure Network Management

This video is from our Cisco CCNA Security Series – Implementing Cisco IOS Network Security (IINS) for exam 640-553.

The full series contains 20 videos and is over 11 hours of world class training you can watch anytime, anywhere. Our training comes in High Resolution AVI, iPod and mp3 formats to give you a number of choices in how you want to study and train.

Our training also comes with MeasureUp exam prep software, to fully prepare for the exam and the real world.

Palaestra Training creates IT Certification Training videos for Information Technology professionals looking to achieve Microsoft, Cisco or CompTIA certifications as well as people looking to learn new skills. 

We’re pleased to announce that we now offer the award-winning MeasureUp exam simulation software with most of our training titles.

We include a full copy of MeasureUp’s award-winning exam prep software with most of our training titles.  This allows us to provide students with the best possible training experience.

MeasureUp has been a long time favorite among IT professionals and was awarded Redmond Magazine’s Preferred Product award as well as being a CertCities Reader’s Choice Awards finalist. 

Palaestra Training President, Christopher Rees states,  “MeasureUp’s exam preparation software is a great addition to our product offerings, and a perfect compliment to our already solid training.  Students are assured of getting the best training at a great price, now with the addition of exam prep tools to make sure they’re able to apply what they’re learning.”

Even in today’s economy, IT professionals continue to be in high demand and this trend is likely to continue for the next decade.  Our Computer Training Videos allow you to learn anytime, anywhere at your own pace.  Now is the time to invest in yourself and learn the skills that will make the difference in your career.

For more information, visit us online at www.PalaestraTraining.com

Every few years it seems like a massively virulent worm makes its way around the internet, and certainly this year is no exception.  The worm that everyone has been talking about the last few weeks is the Conficker Worm (Conficker.C to be precise, as this is the third variant of this worm).  This little piece of code does a lot to hide itself and takes advantage of a flaw in unpatched Windows systems.  It has the potential to be very nasty and can quickly spread around a network (and beyond) if left unchecked. 

Over 15 million PCs have reportedly been infected, and all of these suspected infections are supposed to kick in and “phone home’” on April 1st.  What happens when all these machines start phoning home?  No one knows for sure since it hasn’t happened yet, but the general consensus is that one goal may be to create a giant distributed computing environment that can be used for many different purposes; from spamming to snooping, collecting data, logins and passwords, sensitive information and so forth.  Another potential use would be a large-scale Distributed Denial of Service attack (DDOS attack).

Most of the Anti-Virus companies out there have been talking about conficker for weeks or more, and offer ways to keep your systems updated.  Make sure whatever anti-virus package you use, you keep updated.  Also install all the latest patches and/or service packs for your operating system (Mac users don’t have to worry about conficker unless you’re running Windows in a virtual machine or dual booting (i.e. bootcamp)).

Another great weapon against worms like conficker is the free DNS service called OpenDNS (www.opendns.com).  We’ve talked about OpenDNS before and how it can keep your browsing safer and more secure.  They’re an excellent service that enables you to fine tune your DNS and control what your users (or children) can and can’t get to.

OpenDNS has been actively updating their blocklist to include all the domains conficker may try to contact.  Worms like conficker, once activated, contact sites on the internet to get further instructions on what do to, where to go, etc.  Conficker.C supposedly generates some 50,000 domain names a day so trying to keep up with your own blocklist by hand would be a daunting, if not impossible task.

That’s one of the beautiful things about OpenDNS, is that they keep those blocklists updated for you.  By blocking access to those domains at the DNS level, you can effectively shut out any possibility (or most possibilities) of the worm actually being able to do anything.

So to protect yourself, some things to consider:

1. Update your anti-virus programs as soon as possible
2. Ensure real-time scanning is enabled on your Anti-Virus programs
3. Install all hotfixes, patches and updates
4. Turn on firewalls if appropriate (at the router or perimeter as well as individual machines – Again, do so where appropriate and make sure doing so doesn’t break any critical applications or connectivity)
5. Utilize a service like OpenDNS that blocks the vast majority of threats like the Conficker worm at the DNS level

Following these steps can go a long way to preventing the spread of worms, viruses and other general nuisances.

If you have a method or tool you use to keep your networks safe, please feel free to share!