Welcome to the Interconnect-IT weblog. In this weblog we will comment and focus our attention on security-related information in the broadest sense of the word. Most of our effort will be put into cryptography (ancient and contemporary), interesting security documents and tools we spot on the web and security trends.

Friday, 21 November, 2008
Biometrics Overview

Both the CISSP and ISSAP exam focus on the theory of biometrics as a way of authenticating a subject to a system. Although many course books spend several pages explaining the different types of biometrics, how they sprang into existence and what the advantages and disadvantages of each are, the Biometrics "Foundation Documents" PDF file takes the theory one step further. The 167-page document can be found by following this link. It's very easy reading material and has a nice font, which allows you to read the file in a relatively short amount of time.

posted by casper van eersel on 21:21PM

Friday, 14 November, 2008

Many of us have our favorite security website we surf to when we have some time to spare. That way, we miss hundreds or even millions of interesting webpages we normally wouldn't have come across. A browser plugin called StumbleUpon will change that for you. All you have to do is install the add-on in your Firefox or Internet Explorer webbrowser (preferrably running in its own sandbox of some sort; we don't want insecure code on our systems, do we?), select the categories you are interested in (e.g. Computer Security, Network Security, Hacking, ...) and start stumbling. Sometimes it's amazing where the tool brings you. Happy surfing!

posted by casper van eersel on 22:10PM

Sunday, 9 November, 2008
Networking Poem

All this networking stuff sometimes makes all our heads spin. The following poem by Joseph Bardwell captures this frenzy prefectly.


Sometimes it amazes me
that routers work at Layer 3
when switches very well could do
the job at simply Layer 2
But switches work at Layer 3
Oh, how confusing this can be
When bridges work at Layer 2
and routers can be bridges too!
And when you hope there'd be no more
you find a switch at Layer 4
So Layer 4, and 2, and 3
imply OSI conformity
But these are simply building blocks
in what we'll call an "Interconnect Box"

posted by casper van eersel on 21:01PM

Sunday, 9 November, 2008
IEEE protocol standard download

Many of the 802.x IEEE standards that appear in the CISSP and ISSAP exam can be downloaded for free from the IEEE, a leading developer of standards in a range of industries. It might take some searching, but eventually you will end up on their download site, where numerous 802.x standards are available for download. Although many people will find the standards dry in nature, it serves as fine background information if you want to dig just a little bit deeper into the theory behind networking protocols.

posted by casper van eersel on 19:40PM

Wednesday, 6 November, 2008
Internetworking Technology Handbook

The largest domain one will have to study for the CISSP exam is the Telecommunications and Network Security domain. This domain, together with the information in the Cryptography chapter, gives quite some people headaches. We usually recommend some additional background reading to fully grasps all the technologies discussed. One of the most valuable sources on the Internet for high-quality network-related information is the Cisco website, especially the Internetworking Technology Handbook. The handbook can be found by following this link. It contains a set of documents in which the most importrant networking concepts are explained, each in only a handful of pages. At the end of each document, a Q and A section is included to test what you have just read.

posted by casper van eersel on 13:33PM

Monday, 4 November, 2008
Shon Harris AIO 4th Edition Errata

There are many books out there that do a fair job of preparing people for the CISSP exam. One of the most popular books in the field is the CISSP Certification All-In-One Exam Guide by Shon Harris. Although the book is complete and manages to explain intricate concepts fairly well, the book contains a fair number of typos and errors. All the inconsistencies that I came across can be found in this file. (The contents of this file have also been posted to the CISSP Study Books forum on the excellent http://www.cccure.org/ website, a site I recommend when preparing for the CISSP exam - or any security exam for that matter.)

posted by casper van eersel on 08:58AM