tag:blogger.com,1999:blog-2031483246159174812024-03-04T23:31:16.981-08:00Josh the InfoSec GuyA blog from an aspiring InfoSec specialist about the world of Information Security and other technological ephemera.Joshhttp://www.blogger.com/profile/14801672997048126223noreply@blogger.comBlogger6125tag:blogger.com,1999:blog-203148324615917481.post-57705612785049719172015-07-13T08:09:00.000-07:002015-07-13T08:11:44.227-07:00Tackling the GIAC GCIA!<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi8GW6C9EoU-EiUWfTa6R6I8lBbpXX1qpzzPU3DwBw2391oh2bxRx5a5UBSkfuNqUyKNJ2r_kenneAMICFi0KmlxjKVM7djlhxxPxtTq499HZm1IjQqvLJxUMzpgZo66DJEh_qqnuBsyZFX/s1600/GCIA.Silver.hi.res.tif" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="198" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi8GW6C9EoU-EiUWfTa6R6I8lBbpXX1qpzzPU3DwBw2391oh2bxRx5a5UBSkfuNqUyKNJ2r_kenneAMICFi0KmlxjKVM7djlhxxPxtTq499HZm1IjQqvLJxUMzpgZo66DJEh_qqnuBsyZFX/s200/GCIA.Silver.hi.res.tif" width="200" /></a></div>
<div class="MsoNormal">
Well, it’s that time again.
Time to tackle yet another certification. The last certification I took was the GIAC
GSEC which was chronicled in depth in a previous journal. In that post, I went over briefly on the idea
of are certifications worth it to someone.
After the GIAC experience I had last year, I couldn’t wait to get back
into the saddle and conquer another GIAC class.
This time, a co-worker and I were approved to take on the GIAC GCIA training
and exam. What follows is another
adventure into the wonderful world of SANS.<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<h2>
You mean I get to travel?!</h2>
<h1>
<o:p></o:p></h1>
<div class="MsoNormal">
The last time I was able to go to a SANS event, it was held
locally. By locally, I mean in my state
of residence, Texas. Roughly translated,
a little over 250 miles. This time I was
approved for some major travel expenses, which made me feel all warm and
fuzzy. This year I was able to go to the
SANS conference in Reston, VA. One
hassle free Virgin Airlines ride and we got on our way! This was my first time in Virginia. My trusty co-worker and I made our way to the
hotel and checked into our rooms ready to wake up, get badged up, and submit
our lives to the one and only Mike Poor.<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<h2>
I blame Mike Poor!</h2>
<h1>
<o:p></o:p></h1>
<div class="MsoNormal">
Upon entering the classroom, our awesome facilitator handed
us our bag of books, which was different from my first time at a SANS
conference where we received our books at check-in, and made our way to our
seats. We picked them strategically… you
know, not at the very back, but not first row.
Others made their way in and filled the seats. You could just feel the aura of nerd
permeating through the rows of tables.
Finally the class started and we were introduced to the man, the myth,
the legend, Mike Poor. Many have said Red Bull runs
through this man’s veins. I’m not sure
if that’s true, but the energy drink company may sponsor this guy due to the
amount of cans he went through during the week.
Although he may not have visual wings, this man is high-powered octane
and will keep you engaged. <o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Like the GSEC and, I assume, any other SANS class, we went
one book a day. This material was very
new to me. Day one I kept up and
understood the majority since it was a lot of TCP/IP concepts and also included
IPv6. Day two was slightly different but
I held on. It wasn’t so much of lack of
understanding, more so than lack of sleep which kicked in the last hour or so
of class. Day three is where I started
getting “deer-in-headlight” face when the topic of IDS/IPS evasion and other
traffic analysis topics came up towards the latter half of the day. The workbook definitely filled in the gaps
and solidified the concepts covered in class. Day four… what can I say about
day four? It was the best of times. It was the worst of times. We were introduced to Snort and Bro. In the past, I was introduced to these two
tools, but never got to play with them in their full capacity. Each package went over their own operational
lifecycle, so by the time you got to the end of Snort, it was like Mike hit the
repeat button but it was all for Bro.
That was morale crushing.
Necessary in the grand scheme of things, but my mind just did not want
to get back in the game after half time.<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
But wait! Didn’t you say it was the best of times? Sure, but let’s take a step back for a moment
and go over a topic I find unbelievably valuable at these conferences;
SANS@Night. These are bonus sessions in
which the instructors give an hour long talk about a certain topic. When I did the GSEC class, I found myself at
these talks every night. Up until day
four, I was in the room as well. What
stopped me from going on night four?
Mike Poor. He invited my
co-worker and me to go eat at a Korean BBQ place somewhere in the area. Let me be the first to say, when you are
invited to go to dinner with a minimum of five SANS instructors, you go. The evening was an epic event that will not
soon be forgotten. However, co-worker
and I had to cut our invite short since it was getting way too late. The rest of the party were out until sometime
the following morning. I can only speak
for myself, but I was destroyed and had to depend on sugar and caffeine to get
me through the next day. For this, I
blame Mike Poor. What is most
impressive, Poor came to the class and didn’t skip a beat. He taught the class with the same intensity
he had the past few days. That man is a
beast or part cyborg! <o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
The last couple of days went off without a hitch. I must say I was confused on a lot of the
material but picked it up with the included workbook exercises. The final day came forcing all of us to
utilize the skills we all gathered throughout the week to recount the steps a
nefarious hacker took within a honeypot.
This was a very exciting exercise as we were split up in teams and
divided the tasks among individuals. I
was not expecting much in the area of results from my area since everyone else
seemed way more experienced than me, but surprisingly enough I nailed my
portion of the investigation including finding a photo of the perpetrator with
some Google-fu.<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<h2>
Ugh… Indexing… Again</h2>
<h1>
<o:p></o:p></h1>
<div class="MsoNormal">
Indexing? Do I really have to? In short, yes. Much like the GSEC experience, you get a ton
of pages with no way of knowing where anything is which necessitates the need
for an index. However the biggest
difference between GSEC and GCIA is the amount of topics covered. Whereas GSEC is a broad spectrum of
information security knowledge, GCIA is more focused on a specific set of
concepts, tools, and commands. Because
of this, your index will be significantly smaller than GSEC. <o:p></o:p></div>
<div class="MsoNormal">
My previous experience in indexing really helped out. But I
deviated in my study method. I went
through each book and took meticulous notes by hand in a spiral first. That’s right. I went through the books twice. In hindsight, I feel I could have done this
study portion without this first step.
But I can’t say it hurt. I am
able to maintain knowledge better if I write stuff out by hand rather than
blindly typing stuff into a Word or Excel document. It’s just the way I work. <o:p></o:p></div>
<div class="MsoNormal">
Round two of hitting the books included indexing which was
not as detailed as my first phase notes, nor my GSEC index. But I did get the main sections I included in
my GSEC version (Book Index, Tools, Commands, References). I added header charts I found over at
nmap.org and a hex, dec, bin chart that definitely helps making quick work of
conversions found in those practice exams.<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<h2>
Am I Ready?</h2>
<h1>
<o:p></o:p></h1>
<div class="MsoNormal">
GIAC gives you two practice exams to see if you are on
target. My first practice exam emulated
my GSEC experience. The biggest
difference was how often I used material to double check my work. I hardly found myself reaching for the index
or books. This can be a very good
thing. For the first half, I was hitting
a solid 90+% score. But something
happened. Mental fatigue and wanting to
figure out what I was going to do later that evening. The increase of bone head mistakes and just
wanting this to be done dropped my score.
I passed, but I learned a ton about the necessity of maintaining
concentration. I also found areas I needed
more work in such as DNS and strangely Wireshark fundamentals (I think this is
due to the aforementioned distractions).
The second practice exam was better, as you’d expect. But that damn DNS category still got me. I did get five stars on Wireshark (At least
the embarrassment of that went away). Other
than that one aspect, I pretty much got it.
I’ll go ahead and schedule the exam and let you know how it goes in the
next section.<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<h2>
It’s Time</h2>
<h1>
<o:p></o:p></h1>
<div class="MsoNormal">
So in the last section, I left off with two practice exams
down and this feeling of just wanting to get this over with. I scheduled a week out at my testing facility
of choice. DNS was a weak spot for both
practice exams so I had that nagging me all week and I really concentrated on trying
to that sorted. Two days before the exam
I felt I was ready and didn’t want to study any more. I just couldn’t force myself to get those
books out again. I took the days off
despite my wife’s words of wisdom.
Something about locking me out of the house if I failed the exam because
I didn’t study those two days. The night
before I went through the books again and firmed up the loose ends I had. Before I went to sleep, I made sure I put all
the material I was to bring in the bag from the SANS convention I got back in
Reston, VA. I had dreams of the
exam. Yes, I was the paranoid about
it. Oddly enough, it wasn’t about taking
the exam, it was about missing my scheduled time and not even getting to sit
for the thing! I woke up the next
morning groggy. In addition to the
horrible dream, my dog found her way on to my pillow and a canine tail was
laying on my face. Looking at the clock,
I realized I had overslept but only by about 30 minutes. Definitely enough time to get to the testing
facility.<o:p></o:p></div>
<div class="MsoNormal">
So with all the worry about waking up late and the traffic
due to construction, I get to the facility 2 hours early. The people there know me and consider me an
expert tester (mainly due to the certs you obtain through WGU). They were nice enough to just put me in the
hot seat immediately. The first few
questions did not phase me. Then the
DNSish questions came…. I plowed through them.
Around a quarter into the exam, I was hitting 90+ on the accumulated
score. I think I’m going to be able to
get this thing done without issue! Or at
least that is what I thought. Half way,
I’m down to 83%. I wouldn’t say panic
hit me, more than disappointment. I took
my break and regrouped. Went outside
with one of the proctors and walked around a bit. Warmed up too; it’s cold in that room! Getting back to the test, I fought through
that thing and stayed pretty consistent.
In the end I ended up with an 84%.
Not too bad keeping that score and not dipping below the lowest
checkpoint score of 83. <o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<h2>
Your Thoughts?</h2>
<h1>
<o:p></o:p></h1>
<br />
<div class="MsoNormal">
I’ll be the first to say, this exam is a definite
challenge. The practice exams provided
seem to be exam preps for the Sec503, not the actual exam. What do I mean by that? I feel the actual exam seemed to be more
targeted/focused instead of the “relaxed” content of the practice exams. I can’t get into too much detail due to NDA,
but details matter in this exam.
Overall, this was a great experience and welcome anyone who is willing
to give it a shot.<o:p></o:p></div>
Joshhttp://www.blogger.com/profile/14801672997048126223noreply@blogger.com0tag:blogger.com,1999:blog-203148324615917481.post-90415214503571187922014-09-10T18:39:00.001-07:002014-11-18T15:06:38.395-08:00A List of 5 Million 'Gmail Passwords' Leaked, But There's No Need to PanicIt might be time to change some of your passwords — again. But if you've used a Gmail password that's unique from other accounts, you might not have to worry.<br />
<br />
A list of almost 5 million combinations of Gmail addresses and passwords was posted online on Tuesday. But the passwords seem to be old, and they don't appear to actually belong to Gmail accounts. Instead, it seems that many of the passwords were taken from websites where users used their Gmail addresses to register, according to some of the leak's victims as well as security experts.<br />
<br />
For example, someone might have signed up for a website with the username "myaddress@gmail.com" and the password "mypassword." The list exposed this week makes it look like "mypassword" is the password for the Gmail account itself, but the user's actual Gmail password might be totally different.<br />
<br />
The list was posted on a Russian Bitcoin forum on Wednesday, and US media started reporting on it overnight.<br />
<br />
We can't confirm the authenticity of all the email addresses on the list, but a Mashable employee, Evan Engel, saw that his old Gmail password, which he hasn't used in years, is part of the leak.<br />
<br />
A Google spokesman told Mashable that the company has "no evidence that our systems have been compromised," and security experts seem to agree that the passwords are either old Gmail passwords obtained through phishing, or are passwords that were actually used on other sites.<br />
<br />
Matteo Flora, a computer security expert, reviewed the dumped file and found that around 60 email addresses were in his address book. After he alerted those people, 30 of them told him that the password either was never used for their Gmail accounts or was very old, Flora told Mashable.<br />
<br />
Chester Wisniewski, a senior security adviser for security firm Sophos, told Mashable that he expects many of these accounts not to be valid. "There is no honor among thieves as they say, and often stunts like this are released as a sad attempt at gaining credibility among other criminals," he said.<br />
<br />
Several Reddit users also confirmed that they found their email addresses in the leak, but that the associated password has never been their Gmail password.<br />
<br />
"The password that I generally use for other services is shown in this list and not my gmail password," wrote a Redditor nicknamed InternetOfficer. "This proves that the hackers hacked into some other service where gmail address (or other email addresses) are used and got the password of that service not gmail password."<br />
<br />
"The password it shows (or at least the first two characters) is NOT from a password I've ever used on Gmail," wrote another Redditor, "but it does match a password I've used on bullsh*t I absolutely don't care about."<br />
<br />
Some hints in the dump seem to point to several different sites that could have been compromised.<br />
<br />
Both Flora and some Reddit users have noticed that some email addresses are followed by a "+" sign and the name of a website. (If you add "+" and a word to your Gmail address, like "myaddress+mashable@gmail.com," emails to that address can automatically be archived in a folder with the word you choose.) This might indicate which websites have been compromised. Some of the sites that have been identified this way include friendster, filedropper, xtube and freebiejeebies.<br />
<br />
Even if this dump is simply a collection of old passwords belonging to minor sites, the issue is always the same: password reuse. If you tend to reuse your passwords, check <a href="https://isleaked.com/en" target="_blank">this website</a> to see if your Gmail address is on the list.<br />
<br />
If it is, change your passwords, and choose long ones that combine special characters and numbers. Password managers can help you keep track of your accounts.<br />
<br />
"And stop being silly and use the same password for everything," Flora said.<br />
<br />
Also, as usual, enable two-factor authentication on services that provide it, including Gmail. That way those accounts are more secure, even in the event that someone steals your password.<br />
<br />
Oh, and don't freak out.<br />
<br />
"Ignore the man behind the curtain, keep your PC up to date, use a strong password and a second factor whenever possible," Wisniewski said. "Keep calm and move along."<br />
<br />
(Source: <a href="http://mashable.com/2014/09/10/5-million-gmail-passwords-leak/" target="_blank">Mashable</a>)Joshhttp://www.blogger.com/profile/14801672997048126223noreply@blogger.com0tag:blogger.com,1999:blog-203148324615917481.post-16792299665768677982014-09-02T20:14:00.000-07:002014-09-02T20:14:32.422-07:00My Experience with the GIAC GSEC Exam (Part 2)<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjsChqHJnnOuLggWmzHG3mcxl_e7BshHJhebghZyOqtW9Ywdse-dj0sfhdOz-uM8i1G032t1habF471ZQbMtAy9WVkAeoHkN53Bz7P4m-fHJVjF9gQ8I8bVpq1WKcWnT_QkKiNVFil5zBP/s1600/GSEC.Silver.hi.res.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjsChqHJnnOuLggWmzHG3mcxl_e7BshHJhebghZyOqtW9Ywdse-dj0sfhdOz-uM8i1G032t1habF471ZQbMtAy9WVkAeoHkN53Bz7P4m-fHJVjF9gQ8I8bVpq1WKcWnT_QkKiNVFil5zBP/s1600/GSEC.Silver.hi.res.png" height="198" width="200" /></a>In the first part of my experience with the GIAC GSEC exam, I promised I would let you all in on how the exam went. The following is to be my post exam report.<br />
<br />
<h2>
Let’s Get It Started…</h2>
So we left off last time with the idea of having practice exams to get a good feel for where you stand in your general knowledge of the topic objectives and having a good detailed index. Next, we answer the question, how do we even get this exam setup in the first place? To do this, head over to the <a href="https://www.sans.org/" target="_blank">SANS</a> webpage, log in to your account, and under Certification Attempts, you’ll be able to schedule your exam at your nearest <a href="http://www.pearsonvue.com/" target="_blank">PearsonVUE</a> testing facility. Luckily for me, my favorite testing center, <a href="http://computerminds.com/" target="_blank">ComputerMinds</a>, was able to accommodate me for a morning slot. The process was really easy in my opinion and wasn’t too difficult to navigate. The only problem I had with the PearsonVUE page was that I couldn’t schedule the exam on the Saturday I wanted. I had to settle for a Friday. I think this had something to do with either it being too far into the future or that it was Labor Day weekend. I shrugged that issue off and chalked it up to some bad juju. I was ready to take my exam and looking forward to closing out this journey.<br /><br />
<h2>
Even the TSA Gets a Pat Down</h2>
The morning of my exam arrives and I’m awaken to the hellish sounds of the alarm clock. I knew I’d be fighting rush hour traffic and awful construction on the way so I tossed down a couple granola bars and started driving to the testing facility. In my excitement for taking the exam, I may have misjudged my arrival time and showed up two hours early. Luckily for me, my favorite certification instructor was there and we caught up on lost time. He eventually had to start his MCSA class and I was stuck in an empty lobby with a cup full of coffee in hopes to keep my mind alert during the upcoming security onslaught. <br />
<br />In no time, the lovely proctor showed up. She gave me the option to start early as there was an available seat in the time slot an hour before my scheduled exam time. I thought it over and agreed just as a line of the regularly scheduled testers walked in. One by one they were escorted into the testing room. Finally there was only me and someone I’ve never seen there. I asked what exam he was taking and surprisingly, it was for a TSA exam. Who knew there was an exam to be a TSA agent? Anyway, the proctor du jour came back and went through the usual “sign these forms to take the test routine” and went so far as to make him raise his pant legs to make sure there were no “prohibited materials” anywhere on his person. I had to get my dig in by informing him that we have to get our turn to search ‘em sometime in our lives… might as well be now. We all had a good laugh and in he went. Minutes later it was my turn.<br /><br />
<h2>
He Gets to Take What?!</h2>
There I was… in the hot seat and ready to go. My testing cubicle was a little cramped to fit all the allowed material, but I managed. Wait! Allowed material? Yes, during the GSEC exam, you are allowed to have any printed material with you. No electronic funny stuff here. Just good ol’ paper and ink, or toner if you prefer. My space was limited so I stacked my books in heaps of three to the right. So books 1-3 are in one pile, and 4-6 are in another. I had my index to the left of me. This pretty well emulated how my practice exam sessions were setup. <br />
<br />I felt sorry for the other testers that opted out of ear plugs. I always take them whether I need them or not. It is just far more comfortable that way for me while I test. I think the woman sitting next to me was a little frustrated even though she did opt in for the ear plug option. When I hit my 15 minute break and stepped outside to stretch my legs, the proctor informed me that the woman thought I was cheating when she noticed me flipping through my index several times. The proctor went on telling me that this woman got a bit upset, exclaiming “He gets to take what?!” With a little bit of distraction, I went back in and continued the exam.<br />
<br />This exam is all about mental endurance. Even that 15 minute break is not enough to help out with the “attention deficit ‘oh squirrel’” I started getting towards the end. I had to continue to mention to myself that it will be over soon and to keep alert and focused on the task at hand. I eventually came down to the last question and saw that I had passed my exam. I also had a little over an hour and a half left on the clock. <br /><br />
<h2>
Post-Exam Technicalities </h2>
After I got the joy of knowing I had passed the exam I had been dreading, something very different happened compared to all other certification exams I’ve taken. Where is my printed score report? I didn’t really notice this at first. I was just having a good time with the proctor and gathering up my things from the lockers. Turning on my phone, I saw I had an email from SANS informing me that my score report is online and I have the option to get my certification framed. I asked the proctor and she told me that GIAC exams don’t get a printed score report. I’m glad she knew that so I wouldn’t have to call and raise hell with the GIAC people. I found this very strange, but it makes sense in this day and age of “going paperless.” <br />
<br />
I fell short of the 90% needing to get on the GIAC advisory board. This was a goal that I kind of wanted to accomplish. Those that do get the 90% or better get invited to a board with other certified professionals to discuss issues related to GIAC and SANS. <br /><br />
<h2>
Walking into the Sunset…</h2>
And so ends my exam day. I didn’t ride off into the sunset on a horse (you need 90% or better for that), but I went home feeling good knowing that the next GIAC exam will be better. It gives me another goal to accomplish in the future. It was an amazing journey; one that will not be soon forgotten. <br />
<div>
<br /></div>
Joshhttp://www.blogger.com/profile/14801672997048126223noreply@blogger.com0tag:blogger.com,1999:blog-203148324615917481.post-25973165824080866452014-08-12T05:48:00.000-07:002014-08-12T05:48:21.727-07:00Biggest Collection of Stolen Login Credentials<div class="" style="background-color: white; border: 0px; color: #413f41; font-family: Helvetica, Arial, sans-serif; font-size: 1.08333em; line-height: 1.38462em; margin-bottom: 1em; padding: 0px;">
A Russian crime ring has amassed a <a href="http://www.holdsecurity.com/news/cybervor-breach/" style="color: #043464; margin: 0px; padding: 0px; text-decoration: none;" target="new">gargantuan database</a> of pilfered login credentials, including 1.2 billion unique username-password combinations and 542 million email addresses, Hold Security of Milwaukee said today. This makes it the largest known collection of stolen credentials to date.</div>
<div style="background-color: white; border: 0px; color: #413f41; font-family: Helvetica, Arial, sans-serif; font-size: 1.08333em; line-height: 1.38462em; margin-bottom: 1em; margin-top: 1em; padding: 0px;">
According to Hold Security, the attackers used a botnet to hunt for sites vulnerable to SQL injection hacks. They compromised roughly 420,000 websites and lifted 4.5 billion username-password combinations in all; after eliminating duplicates, the number drops down to a no-less-impressive 1.2 billion unique login combos. Hold Security has not released the names of the victim sites.</div>
<div style="background-color: white; border: 0px; color: #413f41; font-family: Helvetica, Arial, sans-serif; font-size: 1.08333em; line-height: 1.38462em; margin-bottom: 1em; margin-top: 1em; padding: 0px;">
What's puzzling is that the criminals have not put this goliath database to great use so far. They are not selling the records. They're merely using them to operate a spammer-for-hire service. Nevertheless, the incident underlines the persistent troubles of lax website security, inadequate monitoring, and single-factor authentication.</div>
<div style="background-color: white; border: 0px; color: #413f41; font-family: Helvetica, Arial, sans-serif; font-size: 1.08333em; line-height: 1.38462em; margin-bottom: 1em; margin-top: 1em; padding: 0px;">
"At this stage of the game, using passwords for security is simply table stakes," David Rockvam, vice president of product management and marketing communications for Entrust, told us. "In order to truly protect our personal and financial information, second-factor authentication is a necessity."</div>
<div style="background-color: white; border: 0px; color: #413f41; font-family: Helvetica, Arial, sans-serif; font-size: 1.08333em; line-height: 1.38462em; margin-bottom: 1em; margin-top: 1em; padding: 0px;">
Some companies "are not being proactive enough about security; therefore, they are ill equipped to detect these types of breaches," said Jay Kaplan, CEO of Synack. "In fact, it's likely that most of them do not even realize how many times they've been compromised, as it's very challenging to track compromises when you do not have a continuous security cycle to test against and prevent these types of attacks."</div>
<div style="background-color: white; border: 0px; color: #413f41; font-family: Helvetica, Arial, sans-serif; font-size: 1.08333em; line-height: 1.38462em; margin-bottom: 1em; margin-top: 1em; padding: 0px;">
"Today, we have learned of a huge issue where it seems like billion passwords were stolen overnight," said John Prisco, CEO of Triumfant, "but in reality... crime rings have been stealing information for years. They've just been doing it undetected, because there hasn't been a concerted effort on the part of companies entrusted with this information to protect it. Vendors haven't delivered a truly defensive product until recently. For so many years, we've relied on antivirus, which just doesn"t work. Vendors are in a transition period where the most effective products are not yet widely deployed."</div>
<div style="background-color: white; border: 0px; color: #413f41; font-family: Helvetica, Arial, sans-serif; font-size: 1.08333em; line-height: 1.38462em; margin-bottom: 1em; margin-top: 1em; padding: 0px;">
Hold Security's researchers do not believe the attackers are politically motivated or have any connection with the Russian government. Russian entities were among the websites compromised.</div>
<div style="background-color: white; border: 0px; color: #413f41; font-family: Helvetica, Arial, sans-serif; font-size: 1.08333em; line-height: 1.38462em; margin-bottom: 1em; margin-top: 1em; padding: 0px;">
(Source: <a href="http://www.darkreading.com/biggest-cache-of-stolen-creds-ever-includes-12-billion-unique-logins/d/d-id/1297811?" target="_blank">DarkReading</a>)</div>
Joshhttp://www.blogger.com/profile/14801672997048126223noreply@blogger.com0tag:blogger.com,1999:blog-203148324615917481.post-62091712042466499012014-08-08T05:20:00.000-07:002014-08-08T05:23:05.822-07:00My Experience with the GIAC GSEC Exam<div class="MsoNormal">
<span style="font-family: inherit; font-size: 10pt; line-height: 107%;">What do you do when you decide to take an IT certification exam? What
path are you going to head down first? How long should this endeavor take? What
books or video prep classes should you invest in? All these questions go
through our minds when we take that first step into the realm of certification.
Since everyone learns differently, there is no silver bullet when it comes to
taking exams. Anyone who has gone through any sort of exam experience, whether
it be a mid-term, SAT, or IT certifications, should by now really understand
how they learn the best. What I’m going to give you is my experience and what I
did to prepare for the GSEC exam.</span></div>
<table cellpadding="0" cellspacing="0" class="tr-caption-container" style="float: right; margin-left: 1em; text-align: right;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhNihGtHzgWSm0OOIVvwNaEYZ6oDAUU2wpuYGmfYI8ks1JRcF7699bB6u1N1H02wHp416qbr_2-LNCCEt31Ef6GCdrNznjlLD-WhiQgrS5eVV6ijRMj1a9GOR-jDFrqQRbvBxIEg_BmsBC2/s1600/Poke+Ball.png" imageanchor="1" style="clear: right; margin-bottom: 1em; margin-left: auto; margin-right: auto;"><span style="font-family: inherit;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhNihGtHzgWSm0OOIVvwNaEYZ6oDAUU2wpuYGmfYI8ks1JRcF7699bB6u1N1H02wHp416qbr_2-LNCCEt31Ef6GCdrNznjlLD-WhiQgrS5eVV6ijRMj1a9GOR-jDFrqQRbvBxIEg_BmsBC2/s1600/Poke+Ball.png" height="200" width="200" /></span></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;"><span style="font-family: inherit;">Collecting certs is to become</span><br />
<span style="font-family: inherit;">a Pokemon Master!</span></td></tr>
</tbody></table>
<h2>
<span style="font-size: 10pt; line-height: 107%;"><span style="color: #cc0000; font-family: inherit;">I am the Ultimate Pokemon Collector</span></span></h2>
<div class="MsoNormal">
<span style="font-family: inherit; font-size: 10.0pt; line-height: 107%; mso-bidi-font-family: Arial;">My first step was really to decide whether or not the GSEC exam would
benefit me in the long run. It may sound silly to even ask this question. But
in the world of IT certifications, you must really take into consideration the
return on investment. A friend of mine, <a href="http://www.ikethenetworkguy.com/">Ike</a>, and I joked around with the
notion of certifications becoming like the characters from Pokemon, “gotta
collect them all.” There are so many out there and trying to do this to become
the ultimate Pokemon collector is just not feasible, nor financially
responsible (even if someone else is paying). I decided that the GSEC exam
would be a good ROI for me as I am retooling my skillset from a help
desk/system admin role to a security centric role. I have always been
interested in aspects of security, but it never really fit into my job
description. I figured I should change the job description and this would be a
great place to start.<o:p></o:p></span></div>
<h2>
<span style="font-size: 10pt; line-height: 107%;"><span style="color: #cc0000; font-family: inherit;">The Doctor Will See You Now</span></span></h2>
<div class="MsoNormal">
<span style="font-family: inherit; font-size: 10.0pt; line-height: 107%; mso-bidi-font-family: Arial;">After deciding I’d like to attempt the exam, I researched what the exam
is all about. People said it was a good supplement to the CompTIA Security+
exam, which I got when going through Western Governors University. If you are
reading this, you may have also read that attending the SANS Security
Essentials 401 class is a must. While this is not technically true, you can do
a challenge attempt, it is highly recommended. I attended a SANS event in
Austin, TX. I chose this one specifically for the fact that the man, myth, and
legend, <a href="http://www.sans.org/instructors/dr-eric-cole" target="_blank">Dr. Eric Cole</a> would be teaching the SEC401 class. Dr. Cole is the
creator of the course and definitely knows his stuff. Unfortunately Dr. Cole
would not be joining us the length of the class as he was inducted into the
<a href="http://www.infosec.co.uk/education/fame/" target="_blank">Infosecurity Europe Hall of Fame</a>. He did, however, make the flight back from
Europe to finish out the class. This dude is dedicated to everything he does.
While he was away fighting fatigue by drinking frightening amounts of RedBull,
<a href="http://www.sans.org/instructors/keith-palmgren" target="_blank">Keith Palmgren</a> took the reins and guided the class through the SIX BOOKS we received
on the first day. <o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: inherit;"><span style="font-size: 10.0pt; line-height: 107%; mso-bidi-font-family: Arial;"></span><br /></span>
<span style="font-family: inherit;"><span style="font-size: 10.0pt; line-height: 107%; mso-bidi-font-family: Arial;"></span>
</span>
<br />
<div style="text-align: left;">
</div>
<table cellpadding="0" cellspacing="0" class="tr-caption-container" style="float: left; margin-right: 1em; text-align: left;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjAZc37SP8ghf2O_JkAEEW_asCrx4GD3s0BcjzhHTLjQZRuR8vyrqMyjK6ydY9qzM5pKinC1cAs2lxiwQQnxok_qA27CGdSz6LPt7Vi3pycwxIE9GuIqXG1BgeVQSbecYPP_5oRqbCrFn-D/s1600/coffee-is-for-closers.jpg" imageanchor="1" style="clear: left; margin-bottom: 1em; margin-left: auto; margin-right: auto;"><span style="font-family: inherit;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjAZc37SP8ghf2O_JkAEEW_asCrx4GD3s0BcjzhHTLjQZRuR8vyrqMyjK6ydY9qzM5pKinC1cAs2lxiwQQnxok_qA27CGdSz6LPt7Vi3pycwxIE9GuIqXG1BgeVQSbecYPP_5oRqbCrFn-D/s1600/coffee-is-for-closers.jpg" height="186" width="200" /></span></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;"><span style="font-family: inherit;">A gallon a day, keeps fatigue at bay.</span></td></tr>
</tbody></table>
<span style="font-family: inherit; font-size: 10.0pt; line-height: 107%; mso-bidi-font-family: Arial;">Yes, for one week, we went through a book a day. I was mentally exhausted
by day four. This is where I have to thank my personal sponsors, caffeine and
sugar. Those two guys got me through the last couple days. But I digress. You
need mental stamina to continue to write down notes and glean gems of
information the instructor gives you. The books are excellent material, but the
real world stories you are told not only reinforce the book material, but gives
ideas on what could be implemented at your current job. This is where the SANS
events shine. I was able to bundle the <a href="http://www.sans.org/ondemand/" target="_blank">OnDemand</a> and get the <a href="http://www.sans.org/selfstudy/" target="_blank">self-study MP3s</a>.
The advice here is the same: Take as many notes as you can. The OnDemand option
has a nice feature of small quizzes at the end of each section to reinforce
what you learned. If you are doing purely OnDemand, do NOT skip out on lecture
and go straight to the quizzes. You WILL miss material and won’t get all the
information you need.<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: inherit;"><span style="font-size: 10.0pt; line-height: 107%; mso-bidi-font-family: Arial;"><br /></span>
<span style="font-size: 10.0pt; line-height: 107%; mso-bidi-font-family: Arial;">So you have gone through a SANS event in person or via vLive, did
OnDemand training, or did the self-study option. What now? Read the books. You
might not think you’d need to read every word after listening to or watching
lectures, but this would really put a hurt on your final outcome. You will find
details you missed, but that’s ok you’re going to find those details. You are now
in the midst of the longest part of the process. Making the Index.<o:p></o:p></span></span></div>
<h2>
<span style="font-size: 10pt; line-height: 107%;"><span style="color: #cc0000; font-family: inherit;">On Indexing and Losing Your Social Life</span></span></h2>
<div class="MsoNormal">
<span style="font-family: inherit; font-size: 10.0pt; line-height: 107%; mso-bidi-font-family: Arial;">You may ask, why in the world do I need an index? Well, the GIAC GSEC
exam is open book. Remember back to the first day you took your SANS course?
You received a big heavy bag of books that gives a wide range of information ranging
from physical security to annual loss expectancy. Each of those books are heavy
in information, but unfortunately light on either a table of contents or an
index. If you are like the 99% of us who can’t recall what is on page 132 of
book 3 in seconds, take a deep breath and realize your social life is on hold
until you fix that void in your study plans by making The Index. Just like me,
you will find any and every excuse to want to stop making the index. Persevere
and you will be rewarded. I promise.<o:p></o:p></span><br />
<span style="font-family: inherit; font-size: 10.0pt; line-height: 107%; mso-bidi-font-family: Arial;"><br /></span></div>
<div class="MsoNormal">
<span style="font-family: inherit; font-size: 10.0pt; line-height: 107%; mso-bidi-font-family: Arial;">People on forums will tell you that an index that is greater than 50
pages is too much and you learned too little. Others, like me, will tell you
that <i>your</i> index needs to be as long
as <i>your</i> index needs to be. My initial
index is 74 pages long. After taking a practice test, I know I need to add more
details (more on this later). Basically what I did was go page by page creating
an index of term, book, page number, and detail using an Excel spreadsheet. The
following is a rough sample of what I created:<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: inherit; font-size: 10.0pt; line-height: 107%; mso-bidi-font-family: Arial;"><br /></span></div>
<table border="1" cellpadding="0" cellspacing="0" class="MsoTableGrid" style="border-collapse: collapse; border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 0in 5.4pt 0in 5.4pt; mso-yfti-tbllook: 1184;">
<tbody>
<tr>
<td style="border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 116.85pt;" valign="top" width="156"><div align="center" class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: center;">
<span style="font-family: inherit; font-size: 10.0pt; mso-bidi-font-family: Arial;">Term<o:p></o:p></span></div>
</td>
<td style="border-left: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 116.85pt;" valign="top" width="156"><div align="center" class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: center;">
<span style="font-family: inherit; font-size: 10.0pt; mso-bidi-font-family: Arial;">BK<o:p></o:p></span></div>
</td>
<td style="border-left: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 116.9pt;" valign="top" width="156"><div align="center" class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: center;">
<span style="font-family: inherit; font-size: 10.0pt; mso-bidi-font-family: Arial;">Page #<o:p></o:p></span></div>
</td>
<td style="border-left: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 116.9pt;" valign="top" width="156"><div align="center" class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: center;">
<span style="font-family: inherit; font-size: 10.0pt; mso-bidi-font-family: Arial;">Info<o:p></o:p></span></div>
</td>
</tr>
<tr>
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 116.85pt;" valign="bottom" width="156"><div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="font-family: inherit; font-size: 10.0pt; mso-bidi-font-family: Arial;">%systemroot%\system32\drivers\etc\hosts<o:p></o:p></span></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 116.85pt;" valign="bottom" width="156"><div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="font-family: inherit; font-size: 10.0pt; mso-bidi-font-family: Arial;">1<o:p></o:p></span></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 116.9pt;" valign="bottom" width="156"><div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="font-family: inherit; font-size: 10.0pt; mso-bidi-font-family: Arial;">67<o:p></o:p></span></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 116.9pt;" valign="bottom" width="156"><div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="font-family: inherit; font-size: 10.0pt; mso-bidi-font-family: Arial;">Location of
Hosts file in Windows<o:p></o:p></span></div>
</td>
</tr>
<tr>
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 116.85pt;" valign="bottom" width="156"><div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="font-family: inherit; font-size: 10.0pt; mso-bidi-font-family: Arial;">/etc/hosts<o:p></o:p></span></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 116.85pt;" valign="bottom" width="156"><div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="font-family: inherit; font-size: 10.0pt; mso-bidi-font-family: Arial;">1<o:p></o:p></span></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 116.9pt;" valign="bottom" width="156"><div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="font-family: inherit; font-size: 10.0pt; mso-bidi-font-family: Arial;">57<o:p></o:p></span></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 116.9pt;" valign="bottom" width="156"><div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="font-family: inherit; font-size: 10.0pt; mso-bidi-font-family: Arial;">Location of
hosts file in Linux<o:p></o:p></span></div>
</td>
</tr>
<tr>
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 116.85pt;" valign="bottom" width="156"><div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="font-family: inherit; font-size: 10.0pt; mso-bidi-font-family: Arial;">ACEs<o:p></o:p></span></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 116.85pt;" valign="bottom" width="156"><div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="font-family: inherit; font-size: 10.0pt; mso-bidi-font-family: Arial;">5<o:p></o:p></span></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 116.9pt;" valign="bottom" width="156"><div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="font-family: inherit; font-size: 10.0pt; mso-bidi-font-family: Arial;">91<o:p></o:p></span></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 116.9pt;" valign="bottom" width="156"><div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="font-family: inherit; font-size: 10.0pt; mso-bidi-font-family: Arial;">Individual
permissions in the DACL.<o:p></o:p></span></div>
</td>
</tr>
</tbody></table>
<div class="MsoNormal">
<br />
<table cellpadding="0" cellspacing="0" class="tr-caption-container" style="float: left; margin-right: 1em; text-align: left;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjcko5kZZ6AfxY06msgl3WpvwiAB3UXgfROXnepzj1Rc6xgmXdAvRG4r8YM2d3Vh80tQ6ulsNNAHuLn4yOS_3UqAQNwIAZIQXBLcV84snL7mofNCat2Rw0wKJ6Hr2gOK-QMCTDOTPJaPI61/s1600/IMG_0883.JPG" imageanchor="1" style="clear: left; margin-bottom: 1em; margin-left: auto; margin-right: auto;"><span style="font-family: inherit;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjcko5kZZ6AfxY06msgl3WpvwiAB3UXgfROXnepzj1Rc6xgmXdAvRG4r8YM2d3Vh80tQ6ulsNNAHuLn4yOS_3UqAQNwIAZIQXBLcV84snL7mofNCat2Rw0wKJ6Hr2gOK-QMCTDOTPJaPI61/s1600/IMG_0883.JPG" height="240" width="320" /></span></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;"><span style="font-family: inherit;">I had my index spiral bound for added geek cred.</span></td></tr>
</tbody></table>
<span style="font-family: inherit; font-size: 10.0pt; line-height: 107%; mso-bidi-font-family: Arial;"><br />
The index needs to be detailed. The information cells I’ve included here do not
match exactly what I have in my index since I don’t want to deal with copyright
issues with SANS. But the more information you put here is less time you’ll
flip through your book, skim the paragraph, and find your answer if you’ve
forgotten some fact or just want to double check your answer. List a term, put
in the book number, page number, and the definition word for word in the
detail/info section. This is time consuming but will pay off come test time.
Another bit of advice here is to not make your entries too long. Break up your
entries into smaller portions. For example, I have three rows for HIDS alone,
then one row each for HIDS – Advantages, HIDS – Challenges, and HIDS –
Developments.<o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: inherit; font-size: 10.0pt; line-height: 107%; mso-bidi-font-family: Arial;"><br /></span></div>
<div class="MsoNormal">
<table cellpadding="0" cellspacing="0" class="tr-caption-container" style="float: right; margin-left: 1em; text-align: right;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjm3RuC5m7Cguqrbc0a0XUf9UlektKxpfNQt_9VH7tUiWxPMwoas6AsRmwb0D0lwfQC6uqudYfsRwkaTSKjcynbKcvqJ_ixNTevc_CXkt2V1Tp8y-grNUSsUZPioY9nuY6HAAhleVHIDEut/s1600/IMG_0885.JPG" imageanchor="1" style="clear: right; margin-bottom: 1em; margin-left: auto; margin-right: auto;"><span style="font-family: inherit;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjm3RuC5m7Cguqrbc0a0XUf9UlektKxpfNQt_9VH7tUiWxPMwoas6AsRmwb0D0lwfQC6uqudYfsRwkaTSKjcynbKcvqJ_ixNTevc_CXkt2V1Tp8y-grNUSsUZPioY9nuY6HAAhleVHIDEut/s1600/IMG_0885.JPG" height="150" width="200" /></span></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;"><span style="font-family: inherit;">Commands were color coded<br />depending on OS.</span></td></tr>
</tbody></table>
<span style="font-family: inherit; font-size: 10.0pt; line-height: 107%; mso-bidi-font-family: Arial;">Another tip you may want to incorporate is to have a separate section in
your index for just commands, tools, and misc/bonus material. My index includes
five sections: The SANS SEC401 Books 1-6, Commands Index, Tools Index, Bonus
Material, and <strike>Glossary of Terms/Acronyms</strike>. <strike>I chose to include the glossary even
though it is in the back of book six for the fact that I do not want to be
flipping books too much during the test</strike>. Each of these sections are divided off
with labeled tabs for easy acquisition. The commands and tools are in the same
format as the book index; four columns, term, book, page, and info. The bonus
materials include the SANS TCP/IP and tcpdump reference guide, two styles of
subnetting charts, and an IPv6 reference guide. Update: The price for having this index spiral bound at a professional store made me rethink the glossary. That section has been replaced with the Bonus Material section being broken down into subnetting reference and the tcpdump guide.<o:p></o:p></span></div>
<h2>
<span style="font-size: 10pt; line-height: 107%;"><span style="color: #cc0000; font-family: inherit;">Indexed and Ready… Right?</span></span></h2>
<div class="MsoNormal">
<span style="font-family: inherit; font-size: 10.0pt; line-height: 107%; mso-bidi-font-family: Arial;">Hold on there cowboy (or girl). The index is finally complete. Take a
day or two to recompose yourself. In other words, bathe. Before you
go off to your testing facility, remember that SANS gives you two practice
exams to try out before you attempt the actual exam. Some of the SANS
instructors tell you to take one of those practice exams soon after the class
or self-study is finished. I knew before attending the SANS event in Austin, I
wanted to use my first practice exam to refine my index, so I did not take this
advice. I don’t really think this would hurt me in any way. But I don’t have
any numbers of my own to back up this claim. I took the first practice exam to
see how my rough draft version of my index would help me out. I got my results
back and at 80% I got my answer as to how to proceed with the index. Two things
were clear from this result: 1) Read the question and understand what it is
asking. I had multiple questions where it asked for the <i>false </i>statement where I picked the <i>true </i>statement instead (I probably missed 6-8% because of this). 2) There were a few tools and commands out
of place in the index and some terms I need to keep my eye out for during my
second read through the books.</span><br />
<span style="line-height: 14.266666412353516px;"><span style="font-family: inherit;"><br /></span></span>
<span style="line-height: 14.266666412353516px;"><span style="font-family: inherit;">I will be taking my exam in a few weeks and will let you know how everything goes. Until then, it will be many sleepless nights. Updates will follow once this journey is complete.</span></span><span style="line-height: 107%;"></span><br />
<br />
<span style="line-height: 107%;"><span style="font-size: x-small;"><o:p></o:p></span></span></div>
Joshhttp://www.blogger.com/profile/14801672997048126223noreply@blogger.com0tag:blogger.com,1999:blog-203148324615917481.post-36740050356486695072014-08-07T10:49:00.001-07:002014-08-07T18:58:56.694-07:00Raspberry Pi Powered by the Sun!<h2>
<span style="color: #cc0000;">
In The Beginning…</span><o:p></o:p></h2>
<div class="MsoNormal">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiGNh6QsSUjZuc1s8fR3J3xwSulXzjaDs3JAla5nsYyebkCgjM-uVrDMyKTs8ouEVhJx3sR5ziLapEtuJ5Addr0tpMWoYrINqVOUIDMb8hGDiNzjAYOfR4G2tFkN7mb1KNvwfSl_iuB82Sj/s1600/Raspberry-Pi-logo.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiGNh6QsSUjZuc1s8fR3J3xwSulXzjaDs3JAla5nsYyebkCgjM-uVrDMyKTs8ouEVhJx3sR5ziLapEtuJ5Addr0tpMWoYrINqVOUIDMb8hGDiNzjAYOfR4G2tFkN7mb1KNvwfSl_iuB82Sj/s1600/Raspberry-Pi-logo.jpg" height="178" width="200" /></a>Ever since the Raspberry Pi came out, I was entranced by the
coolness factor of having a small pocket sized computer that cost just north of
thirty bucks. Hats off to those devoted for making this project a reality and
launching it to the world. The only problem for me at the time of Pi launch, was
the fact that I lived in a Windows world, and to an extent, still am. I had no
rad Linux skills. No formal or informal training. I got my hands on an
installation disc of Mandrake way back in the day when I did call center tech
support. The only way to get that geek cred in that place was to show you knew
your stuff. I took that disc, spun it up in my 32x CD-ROM drive, wiped my
Windows partition (you know, cause this open source stuff comes at a college
student budget), and stepped through the install. After it was all said and
done, Windows was back as soon as it had gone. FAIL. I had similar experiences
with Red Hat and Ubuntu, but I did manage to get wireless working on the former,
but it was too much of a pain to deal with when it was so easy to make it all
work in Windows.<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Flash forward to today. I’m still in my Windows world due to
the place I work, but much more comfortable with Linux and even got my LPIC-1
certification. I’ve had my Raspberry Pi which was used to study for the
aforementioned cert and has since been sitting in a lonely dark drawer next to
a twice used wicked looking webcam I got from WGU. This dark and dreary future
was not what I had envisioned for the poor Pi. There are so many cool projects
out there and one that caught my eye was from a guy who had a web server
running off a Raspberry Pi that was powered by the sun and 4AA rechargeable
batteries. How cool does that sound?! I put this on my list of things I must
do. After about a year or so I finally decided to shed some light on this
project (did you see what did there?).<o:p></o:p><br />
<br /></div>
<h2>
<span style="color: #cc0000;">
Let’s Get To Work</span><o:p></o:p></h2>
<div class="MsoNormal">
To kick this thing off, I went back to that old project page
and got some information on power consumption of the Pi. Knowing I’m going to
run this headless, that would save on the load drawing from the battery if I
had attached some sort of touch screen. I tried to figure out the math behind
how long it would run on a full charge before shutting down and going to bed
which lead me to ask, what battery pack should I use? The original idea had AA
batteries which fit the project scope, but I wandered over to my favorite
maker’s page, adafruit.com. Searching the shop, I was happily greeted with my
power answer and a plethora of parts and/or kits for everything Raspberry Pi.
The parts I finally opted for are as follows:<o:p></o:p></div>
<div class="MsoNormal">
<span style="font-family: Symbol; text-indent: -0.25in;"><br /></span>
<span style="font-family: Symbol; text-indent: -0.25in;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">
</span></span><span style="text-indent: -0.25in;">Medium Solar Panel (6V, 2W) </span><a href="https://www.adafruit.com/products/200" style="text-indent: -0.25in;">https://www.adafruit.com/products/200</a><br />
<span style="font-family: Symbol; text-indent: -0.25in;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">
</span></span><span style="text-indent: -0.25in;">USB / DC / Solar Lithium Ion/Polymer charger </span><a href="https://www.adafruit.com/products/390" style="text-indent: -0.25in;">https://www.adafruit.com/products/390</a><br />
<span style="font-family: Symbol; text-indent: -0.25in;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">
</span></span><span style="text-indent: -0.25in;">Lithium Ion Battery Pack - 3.7V 4400mAh </span><a href="https://www.adafruit.com/products/354" style="text-indent: -0.25in;">https://www.adafruit.com/products/354</a><br />
<span style="font-family: Symbol; text-indent: -0.25in;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">
</span></span><span style="text-indent: -0.25in;">Male DC Power adapter - 2.1mm plug to screw
terminal block </span><a href="https://www.adafruit.com/products/369" style="text-indent: -0.25in;">https://www.adafruit.com/products/369</a><br />
<span style="font-family: Symbol; text-indent: -0.25in;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">
</span></span><span style="text-indent: -0.25in;">PowerBoost 500 Basic - 5V USB Boost @ 500mA from
1.8V+ </span><a href="https://www.adafruit.com/products/1903" style="text-indent: -0.25in;">https://www.adafruit.com/products/1903</a><br />
<span style="font-family: Symbol; text-indent: -0.25in;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">
</span></span><span style="text-indent: -0.25in;">2 x JST 2-pin cable </span><a href="http://www.adafruit.com/products/261" style="text-indent: -0.25in;">http://www.adafruit.com/products/261</a><br />
<span class="MsoHyperlink" style="text-indent: -0.25in;"><span style="color: windowtext; font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">
</span></span></span><span style="text-indent: -0.25in;">Large Plastic Project Enclosure -
Weatherproof with Clear Top </span><a href="http://www.adafruit.com/products/905" style="text-indent: -0.25in;">http://www.adafruit.com/products/905</a><br />
<span style="font-family: Symbol; text-indent: -0.25in;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">
</span></span><span style="text-indent: -0.25in;">Waterproof Metal On/Off Switch with Red LED Ring
</span><a href="http://www.adafruit.com/products/916" style="text-indent: -0.25in;">http://www.adafruit.com/products/916</a></div>
<div class="MsoListParagraphCxSpLast" style="mso-list: l5 level1 lfo1; text-indent: -.25in;">
<o:p></o:p></div>
<div class="MsoListParagraphCxSpLast" style="mso-list: l5 level1 lfo1; text-indent: -.25in;">
<br /></div>
<div class="MsoNormal">
<div class="separator" style="clear: both; text-align: center;">
</div>
<table cellpadding="0" cellspacing="0" class="tr-caption-container" style="float: left; margin-right: 1em; text-align: left;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiXff314Y0vpgnmnRJsiZ_wnAvkb73duo3GdXcF63pr_LebG9QmoopNUOddXvj_PvD68xTidcG7xeZ9flK570hgcbbSv72fV77Hht2Xwr5rOmK2xVakxtLD8ZUDNy9hdwosDhaJgSfyIk22/s1600/IMG_0804.JPG" imageanchor="1" style="clear: left; margin-bottom: 1em; margin-left: auto; margin-right: auto;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiXff314Y0vpgnmnRJsiZ_wnAvkb73duo3GdXcF63pr_LebG9QmoopNUOddXvj_PvD68xTidcG7xeZ9flK570hgcbbSv72fV77Hht2Xwr5rOmK2xVakxtLD8ZUDNy9hdwosDhaJgSfyIk22/s1600/IMG_0804.JPG" height="150" width="200" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">PowerBoost 500 Basic with USB<br />connector soldered on.</td></tr>
</tbody></table>
When the box showed up safe and sound, I was set. The USB
Solar charger had to have the included capacitor soldered on to the PCB, the
PowerBoost also needed the USB A jack to be soldered on. This was pretty easy
and really one of my first soldering attempts at putting components onto a PCB
(The only other things I’ve soldered were Deans connectors onto batteries). <br />
<table cellpadding="0" cellspacing="0" class="tr-caption-container" style="float: right; margin-left: 1em; text-align: right;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjdR1EzdB-AGpeiRj18FX4zjb3ftsM-6Lh-IgZCfq4wBXs4YfURjY-ooa6yj3nBtMW5BrprP8l9d1uwoSGIpNmUtUA3o6EqN_ierBDctXe_m1lIEfJOH2gtPNJg9ZQywL0Uzeo_8xUHFEJZ/s1600/IMG_0803.JPG" imageanchor="1" style="clear: right; margin-bottom: 1em; margin-left: auto; margin-right: auto;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjdR1EzdB-AGpeiRj18FX4zjb3ftsM-6Lh-IgZCfq4wBXs4YfURjY-ooa6yj3nBtMW5BrprP8l9d1uwoSGIpNmUtUA3o6EqN_ierBDctXe_m1lIEfJOH2gtPNJg9ZQywL0Uzeo_8xUHFEJZ/s1600/IMG_0803.JPG" height="150" width="200" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">USB/DC/Solar LiIon/LiPo charger<br />with capacitor soldered on.</td></tr>
</tbody></table>
<br />
Next,
the battery had to have the JST cable soldered on. I left them long just in
case I needed the extra length when fitting this all inside the enclosure. The
last soldering to be done was to solder the two remaining JST cables together
for the link between the charger and the PowerBoost. I did not show the
soldering steps because if I can do it, you can too. Believe me. Finally the
solar panel came with a plug that would not fit the USB charger. Easy fix was
to nip the tip and add the 2.1mm plug.<br />
<br /></div>
<h2>
<span style="color: #cc0000;">
That’s Great, But Does It Work?</span><o:p></o:p></h2>
<div class="MsoNormal">
<div class="separator" style="clear: both; text-align: center;">
</div>
<table cellpadding="0" cellspacing="0" class="tr-caption-container" style="float: left; margin-right: 1em; text-align: left;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiYvA_gFGVwyMKMQ8rTw14Hk8LpWdzejYSd1bx_jHM7X3K-Knhz2Yr0uxC_LXHwoaWh5UJL43rb8n_KUYXsDwRIRJt0uzA-nfti9CdW6VREjsF4z1aw8Xq3VinFPcV7lPxq_AKSdGZMimO_/s1600/IMG_0809.JPG" imageanchor="1" style="clear: left; margin-bottom: 1em; margin-left: auto; margin-right: auto;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiYvA_gFGVwyMKMQ8rTw14Hk8LpWdzejYSd1bx_jHM7X3K-Knhz2Yr0uxC_LXHwoaWh5UJL43rb8n_KUYXsDwRIRJt0uzA-nfti9CdW6VREjsF4z1aw8Xq3VinFPcV7lPxq_AKSdGZMimO_/s1600/IMG_0809.JPG" height="240" width="320" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Testing the PowerBoost 500 with the battery.</td></tr>
</tbody></table>
When a coding project gets near completion, I start looking
at the components and wondering “how did I break this part?” The same holds
true for this one. The PowerBoost and the charger, where I had to actually
solder components to the PCB, were my biggest concern. Batteries I’ve done, but
this seemed to be a more delicate operation. This is the point where I start
testing the theoretically completed parts. So I plugged the battery into the
PowerBoost and was delighted to see the green power LED light up. Does it power
on the Pi? After plugging in the USB cable to both the PowerBoost and the Pi,
the little pocket computer powered on. Success!</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Ok, so that’s one part down. What about the solar panel and
charger? Taking the solar panel, battery, and charger outside, I connected it
all together. Again the LEDs that indicate charging came to life! Success x 2!
It may seem pretty basic to a lot of you out there, but it’s small things like
this that amaze me. Also, keep in mind I am the son of someone who has taken
electrical engineering classes, yet still stuck his finger in a light socket to
see if the power was still on.<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Putting it all together with all components working should
yield a working solar powered Raspberry Pi, right? I’m usually cynical when it
comes to situations like these and usually expect the worst, so I won’t be
disappointed when that outcomes happens. But today, things just clicked.
Moments like this put a big smile on my face. The Cynicism Demon was slayed.
Now to the next part of this project. Getting the Pi to run headless.<o:p></o:p><br />
<br /></div>
<h2>
<span style="color: #cc0000;">
Prep the Pi</span><o:p></o:p></h2>
<div class="MsoNormal">
Since I used this Raspberry Pi to use as study for the
LPIC-1 exam, a lot of the work was already done. But that was so long ago and
it needed an update. More requirements popped up such as static IP address on
the wlan0 interface and remote desktop. I also ran into the problem of having
forgotten my user pi password since it was setup so long ago and so quickly
neglected, thrown into a locked drawer, and forgotten about. But times change, things
are brought out back into the light. Used for new purposes. First thing’s
first, get wireless working.<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
For the wifi adapter, I had a very tiny Wi-Fi USB adapter
from Edimax (EW-7811Un) being used in a security lab I setup earlier this year.
When I got this adapter, I envisioned using it for the Pi, so the lab will
suffer a little bit but these are so cheap on Amazon, I’ll be grabbing another
soon. Setting up Wi-Fi was a little more difficult since I didn’t have a mouse
to click on things (one USB for the Edimax and the other for a keyboard). <o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
These are the steps I took to get Wi-Fi working on my
network:<o:p></o:p></div>
<div class="MsoNormal">
<span style="text-indent: -0.25in;">1)</span><span style="font-size: 7pt; text-indent: -0.25in;">
</span><span style="text-indent: -0.25in;">Plug in the Edimax</span></div>
<div class="MsoNormal">
<span style="text-indent: -0.25in;">2)</span><span style="font-size: 7pt; text-indent: -0.25in;">
</span><span style="text-indent: -0.25in;">Power on the Raspberry Pi</span></div>
<div class="MsoNormal">
<span style="text-indent: -0.25in;">3)</span><span style="font-size: 7pt; text-indent: -0.25in;">
</span><span style="text-indent: -0.25in;">Ctrl+Esc and run wpa-gui.</span></div>
<div class="MsoNormal">
<span style="text-indent: -0.25in;">4)</span><span style="font-size: 7pt; text-indent: -0.25in;">
</span><span style="text-indent: -0.25in;">Tab through to the Manage Networks tab and fill
in the blanks for SSID, Authentication, Encryption, and PSK.</span></div>
<div class="MsoNormal">
<span style="text-indent: -0.25in;">5)</span><span style="font-size: 7pt; text-indent: -0.25in;">
</span><span style="text-indent: -0.25in;">Tab to the Current Status tab and try to
Connect. I had to reboot my Pi before it would connect to my access point.</span></div>
<div class="MsoNormal">
<span style="text-indent: -0.25in;">6)</span><span style="font-size: 7pt; text-indent: -0.25in;">
</span><span style="text-indent: -0.25in;">Upon connection, you’ll see the IP address
populate on the Current Status tab.</span></div>
<div class="MsoNormal">
<span style="text-indent: -0.25in;"><br /></span></div>
<div class="MsoListParagraphCxSpLast" style="mso-list: l0 level1 lfo2; text-indent: -.25in;">
<o:p></o:p></div>
<div class="MsoNormal">
Once I got connected to the access point and was able to
successfully ping outside of the network it was time for updates. A quick
apt-get command and everything was all set. So static IP shouldn’t be too hard,
right? I spent about thirty minutes to an hour fighting with having the wlan0
interface retaining a static IP. Here are the steps I took to resolve this:<o:p></o:p></div>
<div class="MsoNormal">
<span style="text-indent: -0.25in;"><br /></span></div>
<div class="MsoNormal">
<span style="text-indent: -0.25in;">1)</span><span style="font-size: 7pt; text-indent: -0.25in;">
</span><span style="text-indent: -0.25in;">Bring up LXTerminal</span></div>
<div class="MsoNormal">
<span style="text-indent: -0.25in;">2)</span><span style="font-size: 7pt; text-indent: -0.25in;">
</span><span style="text-indent: -0.25in;">Type: sudo nano /etc/network/interfaces</span></div>
<div class="MsoNormal">
<span style="text-indent: -0.25in;">3)</span><span style="font-size: 7pt; text-indent: -0.25in;">
</span><span style="text-indent: -0.25in;">Change the line “iface wlan0 inet dhcp” to read
“iface wlan0 inet manual”</span></div>
<div class="MsoNormal">
<span style="text-indent: -0.25in;">4)</span><span style="font-size: 7pt; text-indent: -0.25in;">
</span><span style="text-indent: -0.25in;">Change the line “iface default inet dhcp” to
read “iface default inet static”</span></div>
<div class="MsoNormal">
<span style="text-indent: -0.25in;">5)</span><span style="font-size: 7pt; text-indent: -0.25in;">
</span><span style="text-indent: -0.25in;">Add these lines after the above line: “address
192.168.xxx.xxx” “netmask 255.255.255.0” and “gateway 192.168.xxx.xxx” where
xxx is your subnet and host octets.</span></div>
<div class="MsoListParagraphCxSpLast" style="mso-list: l6 level1 lfo3; text-indent: -.25in;">
<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
I also checked wpa_supplicant.conf to make sure it all
looked fine (and it did) by using the following command:<o:p></o:p><br />
<br /></div>
<div class="MsoNormal">
Sudo
nano /etc/wpa_supplicant/wpa_supplicant.conf<o:p></o:p><br />
<br /></div>
<div class="MsoNormal">
This shows SSID, PSK, encryption type, etc. Basically
everything you see in wpa_gui. I changed nothing in here. Now, the above
solution is a little weird. Why not just set wlan0 to static? At first I did
and got nowhere fast. The only thing I could ping was the loopback interface
and my static IP address. Couldn’t ping the gateway IP although I did specify
it. The above solution was the only thing I could come up with and make work
after rebooting a few times to make sure it auto connects.<o:p></o:p></div>
<div class="MsoNormal">
At this point, static IP and wireless are working. Just need
to make remote desktop work. For this project, I do not need to access the
Raspberry Pi desktop from outside of my network. For this feature you may press
your luck with Google. Also, this is for connecting <i>from</i> a Windows based laptop <i>to</i>
the Pi. I’m using xrdp for my remote desktop solution. I had already installed
this feature when studying for the LPIC-1 exam, but here are the steps to
install it:<o:p></o:p><br />
<span style="text-indent: -0.25in;"><br /></span>
<span style="text-indent: -0.25in;">1)</span><span style="font-size: 7pt; text-indent: -0.25in;">
</span><span style="text-indent: -0.25in;">Bring up LXTerminal.</span><br />
<span style="text-indent: -0.25in;">2)</span><span style="font-size: 7pt; text-indent: -0.25in;">
</span><span style="text-indent: -0.25in;">Type: “sudo apt-get install xrdp”</span><br />
<span style="text-indent: -0.25in;">3)</span><span style="font-size: 7pt; text-indent: -0.25in;">
</span><span style="text-indent: -0.25in;">If it asks for your password, please feed the pi
the password.</span><br />
<span style="text-indent: -0.25in;">4)</span><span style="font-size: 7pt; text-indent: -0.25in;">
</span><span style="text-indent: -0.25in;">This should begin installing your software for
remote deskop, xrdp.</span><br />
<span style="text-indent: -0.25in;">5)</span><span style="font-size: 7pt; text-indent: -0.25in;">
</span><span style="text-indent: -0.25in;">Restart the Pi. This should get the Remote
Desktop Protocol server running.</span><br />
<span style="text-indent: -0.25in;">6)</span><span style="font-size: 7pt; text-indent: -0.25in;">
</span><span style="text-indent: -0.25in;">You can verify this when the Pi boots up by
finding the line: [OK] Starting Remote Desktop Protocol server : xrdp sesman.
My Pi boots directly to the desktop so I have to be quick to find this line
when it boots. If yours boots to command line, you’ll be able to easily find
this line.</span></div>
<div class="MsoListParagraphCxSpLast" style="mso-list: l1 level1 lfo4; text-indent: -.25in;">
<o:p></o:p></div>
<div class="MsoNormal">
<br />
Great! RDP is up and running on the Raspberry Pi! Let’s jump
back to the Windows world for a second.<br />
<span style="text-indent: -0.25in;">1)</span><span style="font-size: 7pt; text-indent: -0.25in;">
</span><span style="text-indent: -0.25in;">On the Windows laptop, bring up Remote Desktop
Connection and enter in the static IP address we gave the Pi and hit Connect.
You may get a security warning, hit OK since we know you got a nice safe Pi.</span><br />
<span style="text-indent: -0.25in;">2)</span><span style="font-size: 7pt; text-indent: -0.25in;">
</span><span style="text-indent: -0.25in;">You’ll be presented an XRDP login prompt showing
Module, Username, and Password. Leave the module defaulted to sesman-Xvnc and
type in your username and password (the default username is “pi” and the
default password is “raspberry”).</span><br />
<span style="text-indent: -0.25in;">3)</span><span style="font-size: 7pt; text-indent: -0.25in;">
</span><span style="text-indent: -0.25in;">Click OK and peer through the Windows to the
world of Pi.</span></div>
<div class="MsoListParagraphCxSpLast" style="mso-list: l2 level1 lfo5; text-indent: -.25in;">
<o:p></o:p></div>
<div class="MsoNormal">
<br />
Now, I had trouble on this part of the process because I
didn’t remember the password I set for the user “pi” so long ago. There are a
couple options to fix this:<br />
<br />
<span style="text-indent: -0.25in;">1)</span><span style="font-size: 7pt; text-indent: -0.25in;">
</span><span style="text-indent: -0.25in;">From an LXTerminal window, use the “sudo
raspi-config” command to run the starting config and change the password that
way.</span><br />
<span style="text-indent: -0.25in;">2)</span><span style="font-size: 7pt; text-indent: -0.25in;">
</span><span style="text-indent: -0.25in;">From an LXTerminal window, use the “sudo passwd”
command.</span></div>
<div class="MsoListParagraphCxSpLast" style="mso-list: l4 level1 lfo6; text-indent: -.25in;">
<o:p></o:p></div>
<div class="MsoNormal">
<br />
I used option 1 which was quick and simple.<o:p></o:p></div>
<div class="MsoNormal">
<br />
That’s about it for prepping the Pi. I haven’t really come
up with what I want to do with the Pi. Should it be a web server, ftp server,
etc.? or should it be used for a surveillance machine, like Ike created. Or
should it be used for weather reports? Time will answer that question. But to
finish out the build, we need to look at fitting all this stuff in a box.<o:p></o:p><br />
<br /></div>
<h2>
<span style="color: #cc0000;">
What’s In the Box?!</span><o:p></o:p></h2>
<div class="MsoNormal">
<table cellpadding="0" cellspacing="0" class="tr-caption-container" style="float: left; margin-right: 1em; text-align: left;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgePmrst8FL0uzh04Wxwd5IRf8hruEA-yJqF_zfh0_zLPSce4gaqXj3PsWvKtMa1mue0SiEvgpzxDhyLQHLgmV_oArN-qZAA9kRQrtzCA3K8RTM4bHUfpNYoAzo-bWWFdiqvyhXwhOdsE7N/s1600/IMG_0874.JPG" imageanchor="1" style="clear: left; margin-bottom: 1em; margin-left: auto; margin-right: auto;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgePmrst8FL0uzh04Wxwd5IRf8hruEA-yJqF_zfh0_zLPSce4gaqXj3PsWvKtMa1mue0SiEvgpzxDhyLQHLgmV_oArN-qZAA9kRQrtzCA3K8RTM4bHUfpNYoAzo-bWWFdiqvyhXwhOdsE7N/s1600/IMG_0874.JPG" height="320" width="240" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">So many drawn diagrams.<br />So much planning.</td></tr>
</tbody></table>
I’ve spent a few days looking at how to put all these parts
in the box. I took measurements of the components with calipers. First
observation was pretty obvious: All components including the Pi cannot remain
on the same plane. That means shelves. The box has two M4 bosses that will work
as a starting point for creating two shelves within the box. Bottom shelf will
house the battery, charger, and PowerBoost. Top shelf will house the Pi.
According to the tech specs on adafruit.com, this box has an internal height of
70mm. So there is the first constraint I had to deal with. How should I lay the
planes in the box? I went with a 3.5”x6.5” plane for both top and bottom. These
measurements gave me just enough room to fit the middle 90mm x 167mm space in
the box. I drew out a few diagrams, namely, top down view of the inside of the
box, a side view with components for vertical spacing, and one top down view of
the shelves for placement of the components. Laying out the components was not
too difficult when drawn out on paper (yeah, I guess I’m old school. No CAD
here). Getting stand offs for this project proved a bit of a challenge. I had
some of those jack screws you’d find on the back of a pc or laptop on either
side of the video connection to support the video cable and some screws from
the inside of a laptop. These screws seemed to fit but wouldn’t go all the way
into the jack screw. I threw that idea away and found some nylon stand offs but
would take about twenty days to get to my door step. In the end I used 2-56x3/4
nylon screws, #2 .032”thick washers, 2-56 nylon lock nuts and ¼” #4 nylon
spacers to act as a makeshift standoff. Putting all these together, they fit
well and snug on the small circuit boards.<br />
<br /></div>
<div class="MsoNormal">
Next order of business was obtaining the material for the
shelves. I went to the local hardware store and got a sheet of Lexan cut to the
above dimensions. Fit perfectly in the box. Next was to place the PowerBoost
and the LiPo charger to know where to drill holes. All the places were marked
on the Lexan and the drilling began. This was my first time drilling into
polycarbonate. I read a lot on how to drill this stuff so it would not crack.
Everyone agreed to clamp the Lexan to wood and drill with a drill press. I was
not able to get my hands on a drill press, so I was careful to be as vertical
as possible with my trusty drill. Lessons learned on the test pieces of Lexan
showed that slow and steady wins the race here. On to the actual pieces. They
turned out perfect. The circuit boards were screwed in place with the nylon
screws, spacers, and nuts. As they say, measure twice, cut once. This was very
true here. So the first shelf is done, on to the second shelf. Only three holes
needed to be cut for this one: two for the bolts to hold up the shelf and one for
the capacitor on the charger.<o:p></o:p><br />
<table cellpadding="0" cellspacing="0" class="tr-caption-container" style="float: left; margin-right: 1em; text-align: left;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjv95vDrYfMROpIU4YRB-sxVbE73EygqlkWb0oXhwGi_Lvl4x1mEKewZX_kDSFKnHniiWPCCaZc9RCqpD4PVH86dfSU1j3Ziv2lDTxwigSpqNQnacvdN7Ov_vJSidLPfqoyU0AeugjDnJdP/s1600/IMG_0856.JPG" imageanchor="1" style="clear: left; margin-bottom: 1em; margin-left: auto; margin-right: auto;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjv95vDrYfMROpIU4YRB-sxVbE73EygqlkWb0oXhwGi_Lvl4x1mEKewZX_kDSFKnHniiWPCCaZc9RCqpD4PVH86dfSU1j3Ziv2lDTxwigSpqNQnacvdN7Ov_vJSidLPfqoyU0AeugjDnJdP/s1600/IMG_0856.JPG" height="150" width="200" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">PowerBoost, Charger, and Battery<br />all layed out in the enclosure.</td></tr>
</tbody></table>
If that last hole was not made, the Pi would not
be able to fit inside the box. Taking measurements of the capacitor, I marked
the location where that hole would be drilled. However, something occurred to
me. The capacitor is not perfectly vertical. So I made the hole, but used a
dremel to widen the area where the Lexan and the capacitor kept touching. Easy
fix, but that made the top shelf look a little janky. No one will see it since
the piece will be covered anyway.<br />
<br /></div>
<div class="MsoNormal">
Another step that doesn’t really need to be documented but
you’ll notice in the photos, I used a dremel to cut off the top of the bolts
that are used for supporting the Lexan shelves. This was done so I could work
with the shelves a little easier and just set them into the box instead of
putting the shelves on the bolts and screwing everything into place. I’m going
to cap them with locking nuts to prevent any sharp edges and make it look a
little more finished. <o:p></o:p><br />
<br /></div>
<div class="MsoNormal">
Everything at this point was looking great, but another
thing popped into my head. If I continue on with the plan I had in mind, I
would have to take the box apart to turn off the Pi. I need a power switch I
can easily have access to. Back to my layout drawing. I saw the space I needed
for a switch. Again, Adafruit.com to the rescue. I ordered the on/off switch
listed above in the parts list. This switch did not come pre-wired. This was a
good thing for me. That means I get a bonus for learning how to wire up the
switch. Again, I took measurements to get the vertical and horizontal placement
correct on the side of the box. I required a 16mm hole drilled into the side of
this box, but living in an imperial world, I wasn’t able to source a 16mm drill
bit, so I went with a 5/8” bit and milled out the extra .1mm. No big deal, and
the hole looked pretty clean.<br />
<o:p></o:p></div>
<div class="MsoNormal">
<table cellpadding="0" cellspacing="0" class="tr-caption-container" style="float: right; margin-left: 1em; text-align: right;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhL2iZ4G9Fdlx5-ohAhkfqENt-AXOES9ycDy7ckmSBPg34P-HbuEVMtEnSvtpzW4XLBoc0qVUhwxUo_cAChPRmOnlN7rVWvfc2RRKoH5uvBz0F_EumeNCIKpzbhOCL8_sBQj61uoaX66BF7/s1600/IMG_0865.JPG" imageanchor="1" style="clear: right; margin-bottom: 1em; margin-left: auto; margin-right: auto;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhL2iZ4G9Fdlx5-ohAhkfqENt-AXOES9ycDy7ckmSBPg34P-HbuEVMtEnSvtpzW4XLBoc0qVUhwxUo_cAChPRmOnlN7rVWvfc2RRKoH5uvBz0F_EumeNCIKpzbhOCL8_sBQj61uoaX66BF7/s1600/IMG_0865.JPG" height="150" width="200" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Testing the external power button.<br />The LED makes it look good!</td></tr>
</tbody></table>
I quickly learned how to wire up the switch so the LED would
turn on when the button is depressed and off when not switched on. Back when I
was soldering all those wires together, I had enough length in the wires for
the job. Question now is, can I still use the same wires or do I need to get a
few more inches of wire. Lucky for me, there was just enough wire after cutting
the cable apart from the original plan. I decided to wire up the cable between
the charger and the PowerBoost instead of wiring up the battery directly. I
went this route in case I have to change out my battery in the future, this
could be done with little or no effort. The wiring for the switch goes as
follows: positive wire from the charger goes to the Common terminal, then a
small jumper wire goes from the Normally-Open terminal to the Positive
terminal, then from the Positive terminal, to the PowerBoost, then the negative
wire comes out of the PowerBoost to the Negative terminal on the switch, and
then from the Negative terminal to the charger. This wiring scheme allows the
LED to light up when the push button is in the on position and off while in the
off position. <o:p></o:p><br />
<br /></div>
<div class="MsoNormal">
Quickly, I hooked up all the cables to the appropriate
jacks, screwed the shelves in place, and used some double sided tape to keep
the battery in place and also to keep the Pi case from being knocked around on
the top shelf. Screwed the top cover in place and voila, a solar powered
Raspberry Pi computer!<o:p></o:p><br />
<br /></div>
<h2>
<span style="color: #cc0000;">
Praise the Sun!</span><o:p></o:p></h2>
<div class="MsoNormal">
<br />
<br />
At this point, I am feeling really good about this project.
How amazing is it when you learn new skills and overcome challenges. I learned
a lot in regards to planning for a project of this scale, making a soldering
job look nice, how a switch is wired up, and more. I haven’t done any long term
testing as to how long the Pi will run into the night when only running on
battery. However, I find it amazing that this pocket computer can inspire so
many people to come up with bright ideas and make them a tangible item. Some of
the notable pages that helped me complete this project are as follows:<o:p></o:p><br />
<span style="font-family: Symbol; text-indent: -0.25in;"><br /></span>
<span style="font-family: Symbol; text-indent: -0.25in;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">
</span></span><a href="http://www.cnet.com/news/how-to-make-a-raspberry-pi-solar-powered-ftp-server/" style="text-indent: -0.25in;">How
to make a Raspberry Pi solar-powered FTP server</a><br />
<span style="font-family: Symbol; text-indent: -0.25in;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">
</span></span><a href="https://www.adafruit.com/" style="text-indent: -0.25in;">Adafruit.com</a><br />
<span style="font-family: Symbol; text-indent: -0.25in;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">
</span></span><a href="http://www.ikethenetworkguy.com/" style="text-indent: -0.25in;">Ike
the Network Guy</a><br />
<span style="font-family: Symbol; text-indent: -0.25in;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">
</span></span><a href="http://www.raspberrypi.org/forums/" style="text-indent: -0.25in;">Raspberry Pi Forums</a></div>
<div class="MsoListParagraphCxSpLast" style="mso-list: l3 level1 lfo7; text-indent: -.25in;">
<o:p></o:p><br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgdB_NLmGTO_GGuGpxpNzLUN-enghvPVGsEIiqO4a7vuFCA97GBlwNaiKtu7Raq4lshwPzotrnQr7KOaCrNb_c6f1FscEhkQSj9V1b85SUgv0pPpgXYXXMa8QA7RJ8kBU3gKWv3YeL8ihow/s1600/IMG_0870.JPG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgdB_NLmGTO_GGuGpxpNzLUN-enghvPVGsEIiqO4a7vuFCA97GBlwNaiKtu7Raq4lshwPzotrnQr7KOaCrNb_c6f1FscEhkQSj9V1b85SUgv0pPpgXYXXMa8QA7RJ8kBU3gKWv3YeL8ihow/s1600/IMG_0870.JPG" height="240" width="320" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Final product. One solar powered Raspberry Pi!</td></tr>
</tbody></table>
<br /></div>
<div class="MsoNormal">
Finally, for all you Sun Bro’s out there, Praise the Sun!<o:p></o:p></div>
<br />
<div class="MsoNormal">
<br /></div>
Joshhttp://www.blogger.com/profile/14801672997048126223noreply@blogger.com0