1) I think there is value in aligning with existing standards where possible. I'm not a SSCP, but I am a CISSP, and I think the CBK is a good starting place, although overly broad to be immediately useful. The translation to the technical side is what needs to be done.
2) One problem with aligning to standards is that, as far as I can tell, if you weren't the person who submitted the task, you can't edit it. Thus, every person who puts in tasks needs to enter their own reference (ie, CBK-1). OR, someone needs to go back retroactively to do it. 3) The list below is a good start - I think we just need to start plugging them in and filling up the JTA database. Many / some of them are already in there. I'd like personally to see high-level groups for some of the important ones like Nessus, Apache, FTP, DNS, with sub tasks for each of them. Right now I think we are scattering such things under other umbrella groups. There'll need to be some reordering probably at some point. I guess this is normal :) > Here's my suggestions (_not_ complete, comprehensive): > > Application Security: Apache, FTP, DNS w/Auth, etc... > Host Access Control: TCP Wrappers, Sudo, DAC/MAC (as above) > Host Local/Network Filesystems: Ext3/XFS ACLs, NFS/Samba, AFS > Host Auditing: Syslog, Kernel (maybe 2.6-focused?), Select Add-ons > Host/Net Filter: NetFilter/IPTables, IPTable Modules > Network Authentication: Kerberos, LDAP-SASL > Vunerability Scans: nmap, Nessus, other "top 10/25" tools > Host IDS: Tripwire, other checksumming tools (one begins with "A", > can't remember because I don't use it, but I should) > Network IDS: Snort, complementary tools, other "top 10/25" tools _______________________________________________ lpi-examdev mailing list [EMAIL PROTECTED] http://list.lpi.org/mailman/listinfo/lpi-examdev
