[lpi-discuss]Pare de me mandar e-mail AGORA!!!!

Tiago Drumond tiago at linuxreference.com.br
Thu Feb 12 06:28:14 EST 2004


**** ESTA MENSAGEM FOI GERADA AUTOMATICAMENTE ***

A sua mensagem (abaixo) não foi entregue. Emails vindos do
seu endereço não serão mais aceitos.

Esta medida extrema foi provavelmente tomada em resposta à
email não solicitado de sua parte. Se voce está tentando
promover um produto ou serviço desta forma, saiba que não
possuo qualquer interesse.  É minha política pessoal não
fazer negócios com qualquer empresa ou indivíduo que recorra
a SPAM para promover o seu negócio.

Essa conta de email é protegida:
Antispam Lagoaminas Internet
--- Original Message Follows ---

Date: Thu, 12 Feb 2004 06:25:23 -0500
From: lpi-discuss-request at lpi.org
Subject: lpi-discuss digest, Vol 1 #153 - 10 msgs
To: lpi-discuss at lpi.org

Send lpi-discuss mailing list submissions to
	lpi-discuss at lpi.org

To subscribe or unsubscribe via the World Wide Web, visit
	http://list.lpi.org/mailman/listinfo/lpi-discuss
or, via email, send a message with subject or body 'help' to
	lpi-discuss-request at lpi.org

You can reach the person managing the list at
	lpi-discuss-admin at lpi.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of lpi-discuss digest..."


Today's Topics:

   1. Books/Tutorials (Jan Groote Schaarsberg)
   2. Re: [lpi-examdev]Security Tasks on the JTA (mark at lachniet.com)
   3. Level 3 Security / ISC^2 (mark at lachniet.com)
   4. Re: [lpi-examdev]Mapping the LPIC-3 Security Exam into the ISC2's 7 CBK of
       the SSCP ... (Les Bell)
   5. LPI And Novell CLE (mark at lachniet.com)
   6. Re:Re: [lpi-examdev]LPI And Novell CLE (Albert)
   7. Re: Re: [lpi-examdev]Level 3 Security philosophical
       question (Richard Rager)
   8. RE: LPI test prep (Wickus Botha)

--__--__--

Message: 1
From: Jan Groote Schaarsberg <jan.groote.schaarsberg at locosoft.nl>
To: "'lpi-discuss at lpi.org'" <lpi-discuss at lpi.org>
Date: Wed, 26 Nov 2003 12:39:44 +0100
Subject: [lpi-discuss]Books/Tutorials
Reply-To: lpi-discuss at lpi.org

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C3B411.FCFB57C0
Content-Type: text/plain

Does anyone know where to find complete books/tutorials which prepare for
the new LPIC objectives which have been defined in march'03.

Met vriendelijke groet,

Jan Groote Schaarsberg
Locosoft B.V.


------_=_NextPart_001_01C3B411.FCFB57C0
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.2653.12">
<TITLE>Books/Tutorials</TITLE>
</HEAD>
<BODY>

<P><FONT SIZE=3D2 FACE=3D"Arial">Does anyone know where to find =
complete books/tutorials which prepare for the new LPIC objectives =
which have been defined in march'03.</FONT></P>

<P><I><FONT COLOR=3D"#000080" SIZE=3D2 FACE=3D"Arial">Met vriendelijke =
groet,</FONT></I>
</P>

<P><I><FONT COLOR=3D"#000080" SIZE=3D2 FACE=3D"Arial">Jan Groote =
Schaarsberg</FONT></I>
<BR><I><FONT COLOR=3D"#000080" SIZE=3D2 FACE=3D"Arial">Locosoft =
B.V.</FONT></I>
</P>

</BODY>
</HTML>
------_=_NextPart_001_01C3B411.FCFB57C0--

--__--__--

Message: 2
Date: Fri, 23 Jan 2004 09:20:32 -0500 (EST)
From: mark at lachniet.com
To: lpi-examdev at lpi.org
Cc: lpi-examdev at lpi.org, lpi-discuss at lpi.org
Subject: [lpi-discuss]Re: [lpi-examdev]Security Tasks on the JTA
Reply-To: lpi-discuss at lpi.org

Question - wouldn't BIND and APACHE security be a content area, with
subtasks all their own?  (that way it would be better segmented)

Mark

>
> We really need to see more traffic on the JTA to get some of the new
> programs moving, particularly the L3-Security topics.
>
> https://www.lpi.org/en/examdev/jta/index.html
>
> We have several good areas started, but we need 200-300 good tasks before
> moving on to the next steps.
>
> Daniel has started a VERY good area surrounding application security.  I
> hope some of you can contribute to this topic as well.
>
> Thanks for the good work!
>
> --
> Kara Pritchard                          Phone: 618-398-7360
> Director of Exam Development            http://www.lpi.org/
> President, K&S Pritchard Inc.		kara at kspei.com
> --
>
>
> _______________________________________________
> lpi-examdev mailing list
> lpi-examdev at lpi.org
> http://list.lpi.org/mailman/listinfo/lpi-examdev
>


--__--__--

Message: 3
Date: Mon, 26 Jan 2004 15:32:19 -0500 (EST)
From: mark at lachniet.com
To: lpi-examdev at lpi.org
Cc: lpi-discuss at lpi.org, lpi-examdev at lpi.org, lpi-alumni at lpi.org,
	lpi-staff at lpi.org
Subject: [lpi-discuss]Level 3 Security / ISC^2
Reply-To: lpi-discuss at lpi.org

1) I think there is value in aligning with existing standards where
possible.  I'm not a SSCP, but I am a CISSP, and I think the CBK is a good
starting place, although overly broad to be immediately useful.  The
translation to the technical side is what needs to be done.

2) One problem with aligning to standards is that, as far as I can tell,
if you weren't the person who submitted the task, you can't edit it. 
Thus, every person who puts in tasks needs to enter their own reference
(ie, CBK-1).  OR, someone needs to go back retroactively to do it.

3) The list below is a good start - I think we just need to start plugging
them in and filling up the JTA database.  Many / some of them are already
in there.

I'd like personally to see high-level groups for some of the important
ones like Nessus, Apache, FTP, DNS, with sub tasks for each of them.  
Right now I think we are scattering such things under other umbrella
groups.  There'll need to be some reordering probably at some point.  I
guess this is normal :)

> Here's my suggestions (_not_ complete, comprehensive):
>
> Application Security:  Apache, FTP, DNS w/Auth, etc...
> Host Access Control:  TCP Wrappers, Sudo, DAC/MAC (as above)
> Host Local/Network Filesystems:  Ext3/XFS ACLs, NFS/Samba, AFS
> Host Auditing:  Syslog, Kernel (maybe 2.6-focused?), Select Add-ons
> Host/Net Filter:  NetFilter/IPTables, IPTable Modules
> Network Authentication:  Kerberos, LDAP-SASL
> Vunerability Scans:  nmap, Nessus, other "top 10/25" tools
> Host IDS:  Tripwire, other checksumming tools (one begins with "A",
> can't remember because I don't use it, but I should)
> Network IDS:  Snort, complementary tools, other "top 10/25" tools


--__--__--

Message: 4
To: lpi-examdev at lpi.org
Cc: lpi-alumni at lpi.org, lpi-discuss at lpi.org, lpi-examdev at lpi.org,
	lpi-examdev-admin at lpi.org, lpi-staff at lpi.org
From: "Les Bell" <lesbell at lesbell.com.au>
Date: Tue, 27 Jan 2004 09:07:20 +1100
Subject: [lpi-discuss]Re: [lpi-examdev]Mapping the LPIC-3 Security Exam into the ISC2's 7 CBK of
 the SSCP ...
Reply-To: lpi-discuss at lpi.org


"Bryan J. Smith" <b.j.smith at ieee.org> wrote:

>>
Okay, I've looked at this the last few days and I've come to the
"opinion" that we should try to map the "top-level" of all LPIC-3
Security exam questions to the 7 Common Body of Knowledge (CBK) of the
ISC2' System Security Certified Practitioner (SSCP) exam.  I believe we
should use an existing framework to "nail down" how we are going to
start defining the tasks.
<<

Good thinking, Bryan - I was thinking along similar lines, though with
reference to the CISSP. I'm of the opinion that a senior administrator -
such as an LPIC-3 would probably be - should be able to bridge the gap
between management thinking and concerns about security rather than being
pure "hacker" type. As is often remarked the skills required to secure
corporate information resources are *not* the same - or even the converse
of - those required to hack into those systems, and I feel that we should
be keeping that in mind.

I'd like to just throw one other idea into the pot, though, which occurred
to me at the weekend, but I haven't had time to give much further
consideration, and that is this: instead of modelling the structure of
another certification exam, should we perhaps structure our topics after
the controls that are listed in Annex A (Control objectives and controls)
of BS 7799.2? After all, that is a standard language which is more widely
known than either the CISSP or SSCP CBK domains, and is also more formally
defined (ISC2, for example, claims copyright on the CBK, which could also
cause some problems).

For those who haven't seen BS 7799.2, and the related ISO/IEC 17799, the
major headings or classifications in Annex A are:

* Security policy
* Organizational security
* Asset classification and control
* Personnel security
* Physical and environmental security
* Communications and operations management
* Access control
* System development and maintenance
* Business continuity management
* Compliance

Obviously, some of these do not directly relate to a Linux-specific
certification. Also, there's a lot more detail under those headings; for
example A.9, Access control:

A.9.1 Business requirement for access control
A.9.2 User access management
A.9.3 User responsibilities
A.9.4 Network access control
A.9.5 Operating system access control
A.9.6 Application access control
A.9.7 Monitoring system access and use
A.9.8 Mobile computing and teleworking

And so on and so forth. It's not too difficult to map many of the detailed
controls to the tools and techniques that we're all familiar with, such as
PAM, LDAP, Tripwire, IPSec implementations, Snort and so on.

As I said, I haven't given this a lot of thought so far, so I'm just
throwing it out for discussion. However, I think the fact that the ISO
17799 and BS7799.2 standards are becoming the standard framework for ISMS's
internationally (the US is moving towards adoption of a future version of
BS7799.2, as I understand it, and many US companies use it already),
coupled with the detailed structure, make this interesting, at least.

Best,

--- Les Bell, RHCE, CISSP
[http://www.lesbell.com.au]



--__--__--

Message: 5
Date: Tue, 27 Jan 2004 10:25:37 -0500 (EST)
From: mark at lachniet.com
To: lpi-examdev at lpi.org
Cc: lpi-alumni at lpi.org, lpi-discuss at lpi.org, lpi-examdev at lpi.org,
	lpi-staff at lpi.org
Subject: [lpi-discuss]LPI And Novell CLE
Reply-To: lpi-discuss at lpi.org

Hello all,

For those who may not be aware, I came across a recent Novell powerpoint
where they talked about their vision, programs, etc as it pertains to SuSE
and their open source initiatives.  One aspect of this is a new
certification, called the Novell Certified Linux Engineer (CLE).  This
cert has, as a pre-requisite, the LPIC-1.

I just thought that some might not be aware of this.  I also wonder what
the future potential is here - for example, Novell is really moving
forward with security products - maybe there is even potential for
alignment between LPI and Novell on the L3-Security, if indeed there is a
valid enough "ROI" or business plan to do a L3-sec.  Perhaps this might
strengthen the argument, and possibly even make some resources abailable?

Any comments from the LPI staff or board on this one?

Thanks,

Mark Lachniet

--__--__--

Message: 6
Date: Wed, 28 Jan 2004 23:17:28 +0800 (HKT)
From: "Albert" <albert at lpi.org.hk>
To: <lpi-examdev at lpi.org>, <lpi-examdev at lpi.org>
Cc: <lpi-alumni at lpi.org>, <lpi-discuss at lpi.org>,
	<lpi-examdev at lpi.org>, <lpi-staff at lpi.org>
Subject: [lpi-discuss]Re:Re: [lpi-examdev]LPI And Novell CLE
Reply-To: lpi-discuss at lpi.org

Hi,

My thought:

1. It is important to keep our core exam as vendor independent, which is
what is making LPI stands out from other IT certification.
2. Good to take into consideration on Market products to make our exam
fits into the market needs (obviously commercail products may not be the
best, but good to have consideration on with them).
3. As the pattern with LPIC as the underlying foundation, I think Novel is
pretty smart on this positioning.  On the other hand, Cisco has Cisco pix
security product certification.  If Novell can apply the similar pattern
on security certification as they do on Novell CLE, they can make a big
saving at the beginning level, by positioning Novell security
certification as a further step on product knowledge will result a more
indepth and practical image.
Albert Chung



----- Original Message -----
From: <mark at lachniet.com>
To: <lpi-examdev at lpi.org>
Cc: <lpi-alumni at lpi.org>; <lpi-discuss at lpi.org>; <lpi-examdev at lpi.org>;
<lpi-staff at lpi.org>Sent: Tuesday, January 27, 2004 11:25 PM
Subject: [lpi-examdev]LPI And Novell CLE


> Hello all,
>
> For those who may not be aware, I came across a recent Novell powerpoint
> where they talked about their vision, programs, etc as it pertains to SuSE
> and their open source initiatives.  One aspect of this is a new
> certification, called the Novell Certified Linux Engineer (CLE).  This
> cert has, as a pre-requisite, the LPIC-1.
>
> I just thought that some might not be aware of this.  I also wonder what
> the future potential is here - for example, Novell is really moving
> forward with security products - maybe there is even potential for
> alignment between LPI and Novell on the L3-Security, if indeed there is a
> valid enough "ROI" or business plan to do a L3-sec.  Perhaps this might
> strengthen the argument, and possibly even make some resources abailable?
>
> Any comments from the LPI staff or board on this one?
>
> Thanks,
>
> Mark Lachniet
> _______________________________________________
> lpi-examdev mailing list
> lpi-examdev at lpi.org
> http://list.lpi.org/mailman/listinfo/lpi-examdev
>



--__--__--

Message: 7
Date: Fri, 23 Jan 2004 07:25:03 -0700 (MST)
From: Richard Rager <kb8rln at penguinmaster.com>
To: lpi-examdev at lpi.org
Cc: lpi-discuss at lpi.org
Subject: Re: [lpi-discuss]Re: [lpi-examdev]Level 3 Security philosophical
 question
Reply-To: lpi-discuss at lpi.org


On Fri, 23 Jan 2004 kara at lpi.org wrote:

> On 19 Jan 2004, Bryan J. Smith wrote:
> 
> > Here's my suggestions (_not_ complete, comprehensive):  
> > 
> > Application Security:  Apache, FTP, DNS w/Auth, etc...
> > Host Access Control:  TCP Wrappers, Sudo, DAC/MAC (as above)
> > Host Local/Network Filesystems:  Ext3/XFS ACLs, NFS/Samba, AFS
> > Host Auditing:  Syslog, Kernel (maybe 2.6-focused?), Select Add-ons
> > Host/Net Filter:  NetFilter/IPTables, IPTable Modules
> > Network Authentication:  Kerberos, LDAP-SASL
> > Vunerability Scans:  nmap, Nessus, other "top 10/25" tools
> > Host IDS:  Tripwire, other checksumming tools (one begins with "A",
> > can't remember because I don't use it, but I should)
> > Network IDS:  Snort, complementary tools, other "top 10/25" tools
> > 


  DRP?

  Forenics recovery?



--__--__--

Message: 8
Date: Tue, 25 Nov 2003 18:37:28 +0200
From: "Wickus Botha" <Wickus.Botha at za.tiscali.com>
To: <lpi-discuss at lpi.org>
Subject: [lpi-discuss]RE: LPI test prep
Reply-To: lpi-discuss at lpi.org

------_=_NextPart_001_01C3B372.6A3A6BF5
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

--------------------------------------
   Please visit www.tiscali.co.za
--------------------------------------
Hi Nick
 
I also used the O Reilly book and passed both 101 and 102 with it. Other colleagues that also works with me has passed 101 and one other guy passed 102.
 
I hope this helps. Other people might not agree with me but the O Reilly book is enough ( it might depend how much experience u have).

-----Original Message-----
From: nick frate [mailto:n_frate at yahoo.com]
Sent: Tuesday, November 25, 2003 3:49 PM
To: lpi-discuss at lpi.org
Subject: Re: LPI test prep


How long did it take you to get ready to take the exams? I'm only have LPI Linux Certification book from O'Reilly, Do you think I can just use this book to study and pass both exams 101 and 102?

Blomberg David <dblomber at Libertec.com> wrote: 

I just took and passed 101 and 102 and still the best prep materials out
there are "Linux in a nutshell" and "Running Linux" I read the prep
materials from IBMs website and while they are okay they have many
holes. I am also reading "Linux Administration Handbook" which is very
good Oreilly also makes "LPI Linux
certification in a nutshell" while written for release 1 it is good for
over 90% of the exam objectives. 
-- 
David Blomberg
AIS, APS, ASE, CCNA, LCP, LCA, Linux+, LPI I, MCP, MCSA, MCSE, RHCE, Server+
Nihon Libertec
dblomber at libertec.com
_______________________________________________
lpi-discuss mailing list
lpi-discuss at lpi.org
http://list.lpi.org/mailman/listinfo/lpi-discuss



  _____  

Do you Yahoo!?
Free  <http://us.rd.yahoo.com/slv/mailtag/*http://companion.yahoo.com/> Pop-Up Blocker - Get it now


------_=_NextPart_001_01C3B372.6A3A6BF5
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

<div align='left'><a href='http://mercimail.tiscali.co.za/sup/goto/cugDpLAZaxP6JJ83zMThCcaq_mX5EA0JqzkTpGyjyKdIc0r3hywkq0o91JYvc8yGMth8AnCmEX7X-3h7w1ewsV' target='_blank'><img src='http://mercimail.tiscali.co.za/sup/image/cugDpLAZaxP6JJ83zMThCcaq_mX5EA0JqzkTpGyjyKdIc0r3hywkq0o91JYvc8yGMth8AnCmEX7X-3h7w1ewsV.gif' border='0' alt='--------------------------------------
   Please visit www.tiscali.co.za
--------------------------------------'></a></div>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">


<META content="MSHTML 6.00.2800.1264" name=GENERATOR></HEAD>
<BODY>
<DIV><SPAN class=423393116-25112003><FONT face=Arial color=#0000ff size=2>Hi 
Nick</FONT></SPAN></DIV>
<DIV><SPAN class=423393116-25112003><FONT face=Arial color=#0000ff 
size=2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=423393116-25112003><FONT face=Arial color=#0000ff size=2>I also 
used the O Reilly book and passed both 101 and 102 with it. Other colleagues 
that also works with me has passed 101 and one other guy passed 
102.</FONT></SPAN></DIV>
<DIV><SPAN class=423393116-25112003><FONT face=Arial color=#0000ff 
size=2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=423393116-25112003><FONT face=Arial color=#0000ff size=2>I hope 
this helps. Other people might not agree with me but the O Reilly book is enough 
( it might depend how much experience u have).</FONT></SPAN></DIV>
<BLOCKQUOTE>
  <DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma 
  size=2>-----Original Message-----<BR><B>From:</B> nick frate 
  [mailto:n_frate at yahoo.com]<BR><B>Sent:</B> Tuesday, November 25, 2003 3:49 
  PM<BR><B>To:</B> lpi-discuss at lpi.org<BR><B>Subject:</B> Re: LPI test 
  prep<BR><BR></FONT></DIV>
  <DIV>How&nbsp;long did it take you to get ready to take the exams? I'm only 
  have LPI Linux Certification book from O'Reilly, Do&nbsp;you&nbsp;think I can 
  just use this book to study and pass both exams 101 and 
  102?<BR><BR><B><I>Blomberg David &lt;dblomber at Libertec.com&gt;</I></B> wrote: 
  <BLOCKQUOTE class=replbq 
  style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #1010ff 2px solid">I 
    just took and passed 101 and 102 and still the best prep materials 
    out<BR>there are "Linux in a nutshell" and "Running Linux" I read the 
    prep<BR>materials from IBMs website and while they are okay they have 
    many<BR>holes. I am also reading "Linux Administration Handbook" which is 
    very<BR>good <KINDA long for test prep>Oreilly also makes "LPI 
    Linux<BR>certification in a nutshell" while written for release 1 it is good 
    for<BR>over 90% of the exam objectives. <BR>-- <BR>David Blomberg<BR>AIS, 
    APS, ASE, CCNA, LCP, LCA, Linux+, LPI I, MCP, MCSA, MCSE, RHCE, 
    Server+<BR>Nihon 
    Libertec<BR>dblomber at libertec.com<BR>_______________________________________________<BR>lpi-discuss 
    mailing 
    list<BR>lpi-discuss at lpi.org<BR>http://list.lpi.org/mailman/listinfo/lpi-discuss</BLOCKQUOTE></DIV>
  <P>
  <HR SIZE=1>
  Do you Yahoo!?<BR><A 
  href="http://us.rd.yahoo.com/slv/mailtag/*http://companion.yahoo.com/">Free 
  Pop-Up Blocker - Get it now</A></BLOCKQUOTE></BODY></HTML>

------_=_NextPart_001_01C3B372.6A3A6BF5--


--__--__--

_______________________________________________
lpi-discuss mailing list
lpi-discuss at lpi.org
http://list.lpi.org/mailman/listinfo/lpi-discuss


End of lpi-discuss Digest





More information about the lpi-discuss mailing list