Here is a list of the US DoD’s major defense acquisition programs (MDAP) and major automated information systems (MAIS) acquisitions that are currently in progress:
PNO = Program Number
NONAP – Nonlinear Adaptive Processor
NONAP stands for Nonlinear Adaptive Processor.
NONAP suppresses interference in direct-sequence spread-spectrum communications receive systems. It accomplishes this by optimizing the detection process dynamically against the current received interference.
The characteristics of interference are estimated statistically and then, using this information, are used to derive a nonlinear transform
to apply to the combination of signal and noise. As the statistical characteristics of the interference change, the resulting transformations change to match. Large improvements (tens of dB) can be achieved for a wide range of interference modulations.
For more information see J. H. Higbie’s paper, ADAPTIVE NONLINEAR SUPPRESSION OF INTERFERENCE, presented at MILCOM 88.
Network Protocols Port Numbers for Security+
Here are some of the common network protocols covered by the Security+ exam, along with their port numbers:
File Transfer Protocols
| Name | Definition | TCP | UDP | Port Number |
|---|---|---|---|---|
| FTP | File Transport Protocol | X | 20, 21 | |
| SSH | Secure Shell | X | 22 | |
| SFTP | Secure File Transport Protocol (uses SSH) | X | 22 | |
| SCP | Secure Copy (uses SSH) | X | 22 | |
| TFTP | Trivial File Transport Protocol | X | 69 | |
| FTPS | File Transport Protocol Secure (uses SSL) | X | 443 |
Email Protocols
| Name | Definition | TCP | UDP | Port Number |
|---|---|---|---|---|
| SMTP | File Transport Protocol | X | 20, 21 | |
| POP3 | Secure Shell | X | 22 | |
| IMAP4 | Secure File Transport Protocol (uses SSH) | X | 22 |
Remote Access
| Name | Definition | TCP | UDP | Port Number |
|---|---|---|---|---|
| Telnet | Telnet | X | 23 | |
| TACACS | Terminal Access Controller Access-Control System | X | 49 | |
| TACACS+ | Terminal Access Controller Access-Control System+ | X | 49 | |
| SSL VPN | SSL VPN – Secure Sockets Layer virtual private network | X | 443 | |
| ISAKMP (VPN) | Internet Security Association and Key Management Protocol (virtual private network) | X | 500 | |
| L2TP | Layer 2 Tunneling Protocol | X | 1701 | |
| PPTP | Point-to-Point Tunneling Protocol | X | X | 1723 |
| RDP | Remote Desktop Protocol | X | X | 3389 |
Other Protocols
| Name | Definition | TCP | UDP | Port Number |
|---|---|---|---|---|
| DNS | Domain Name System | X | X | 53 |
| DHCP | Dynamic Host Configuration Protocol | X | 67, 68 | |
| HTTP | Hypertext Transfer Protocol | X | 80 | |
| HTTPS | Hypertext Transfer Protocol Secure | X | 443 | |
| Kerberos | Kerberos | X | X | 88 |
| NNTP | Network News Transfer Protocol | X | 119 | |
| SNMP | Simple Network Management Protocol | X | 161 | |
| SNMP Trap | Simple Network Management Protocol Trap | X | X | 162 |
| LDAP | Lightweight Directory Access Protocol | X | X | 389 |
| Syslog | Syslog | X | 514 |
Discount Coupons for IT Certifications
If you are studying for IT certification exams, this is website offers a myriad of discount coupons:
http://www.itexamvouchers.com/
ITExamVouchers offers discount certification exam test vouchers for CompTIA (A+, Network+, Security+), Microsoft (MCSE), Cisco (CCNA), and Microsoft Office Specialist certification tests.
These coupons can help with the cost of the exams in case you cannot get reimbursement from your employer.
Security Certification Paths
Simply put, corporations exist for the sole purpose of making money. The employees are there to serve that goal. Beyond screening employees for needed skills, degrees and certifications do little, if anything. This is why we often find people working in fields that they have obtained proficiency in, but lack a matching degree.
With this in mind, IT security certifications show potential employers, or customers, that you are qualified to perform the functions of a security professional. There are dozens of IT certifications, so which ones are best?
Everyone has different answers. But, many organizations consider the Certified Information Systems Security Professional (CISSP) certification to be an excellent indication that an individual has the knowledge to perform effectively in an IT security role.
Since the CISSP credential requires five years of cumulative paid work experience in at least two of the domains of the CISSP Common Body of Knowledge (CISSP CBK), a common career progression involves getting other certifications first:
- CompTIA Network+
- CompTIA Security+
- (ISC)² SSCP
- … and then the (ISC)² CISSP
Here is an overview of each of these certifications:
Network+
The Network+ certification indicates that you do not have any gaps in your knowledge of system administration. It is designed to test the ability of a network technician to configure and support TCP/IP clients. It covers network design, cabling, hardware setup, configuration, installation, support, and troubleshooting.
The Network+ exam can be taken by anyone. However, it is aimed at people who have a year or two of on-the-job experience and A+ certification – or equivalent knowledge. So, if starting from scratch, the A+ certification might be a better starting place.
With the correct examination materials, many people can pass the Network+ confirmation with one or two months of study.
Security+
Security+ expands on the knowledge required for Network+ certification. As the name implies, it concentrates on security aspects of information systems. The time required to prepare for it is generally about half of the time required to prepare for Network+.
The Security+ certification is required for many (or maybe most) IT positions with the US Depart of Defense (DoD) or military contractors. So, this certification is critical for those who touch IT in the defense industry. My favorite book for Security+ is Mike Meyers’ CompTIA Security+ Certification Guide.
A good companion to Mike’s book is his video series on Udemy.
Be sure to look for the Udemy sales, which happen on a regular basis. If you pay more than $10 or $15 for a course on Udemy, you are paying too much. Just be patient and wait for a sale.
SSCP
The (ISC)² Systems Security Certified Practitioner (SSCP) certification can be thought of as a final stepping stone toward a CISSP. The SSCP has a lot in common with the Security+. So, it is the next logical step after obtaining a Security+. Obtaining the SSCP may take a bit more time than Security+. But, it should be easily achievable within a couple of months.
Unlike Security+, the SSCP requires one year of experience in at least one of the following domains:
- Access Controls
- Security Operations and Administration
- Risk identification, Monitoring, and Analysis
- Incident Response and Recovery
- Cryptography
- Network and Communications Security
- Systems and Application Security
The one year experience requirement can be waived if you have a degree in a cybersecurity related field. The following degree titles are approved by (ISC)²:
- Computer Science
- Computer Engineering
- Computer Systems Engineering
- Management Information Systems (MIS)
- Information Technology [IT]
In line with the work experience requirement, the SSCP exam itself focuses more on knowledge application and critical thinking, while the Security+ exam focuses on less ambiguous scenarios.
I like to think of the SSCP as personal validation that your knowledge base is progressing toward what is needed for the CISSP. But, you can avoid the SSCP and go straight for the CISSP certification. Perhaps a compromise between these two extremes is to go through a SSCP study guide, but skip the exam.
CISSP
The CISSP exam is considerably more difficult than basic and intermediate certifications described above. But, by passing it, you demonstrate the breadth of your IT security knowledge.
The CISSP encompasses eight domains of knowledge:
- Security and Risk Management
- Asset Security
- Security Architecture and Engineering
- Communication and Network Security
- Identity and Access Management (IAM)
- Security Assessment and Testing
- Security Operations
- Software Development Security
The CISSP exam is more general than the SSCP and requires more critical thinking skills that are acquired primarily by experience. Speaking of experience, CISSP requires 5 years of paid work experience.
The amount of time required to prepare for the CISSP exam is significantly more than the time required to prepare for the other exams. Many people take between 6 months and a year to prepare. However, the time spent is worthwhile because CISSP certification opens up many career possibilities. I am most familiar with US DoD requirements and CISSP is certainly a certification to shoot for if you are an IT professional in the defense industry. Here is a link to DoD approved certifications for various types of positions:
https://iase.disa.mil/iawip/pages/iabaseline.aspx
Solar Panel Performance
Here is a link to a website put together by the California Energy Commission to provide evaluations of solar panel performance:
http://www.gosolarcalifornia.ca.gov/equipment/pv_modules.php
I find it interesting that there does not seem to be much of a difference between monocrystalline and polycrystalline panels. Both seem to produce about 90% of their rate values under standard test conditions of:
- 20C air temperature
- 1 meter/sec wind speed (2.2mph)
- 10 meters (33 ft) above the ground
- Air mass of 1.5
- ASTM G173-03 standard spectrum
- 1000 watts/sq meter solar irradiance
Ok. So, how is that practical? Well, here is a calculator, based on historical data, of how much irradiance is expected in a given location.
http://solarelectricityhandbook.com/solar-irradiance.html
For Dallas in September, expected solar irradiance of a South facing panel is 4.96kWh/sq meter/day. So, it appears that a real world 100W panel should be expected to produce 9% of this amount – or 446Wh.
To put this in perspective… 446Wh would allow a person to use 18.6 watts of electricity constantly over a 24 hour period, assuming that the system has a battery to store energy for use at night and cloudy days.
Note that solar irradiance is about half that amount in the winter.
Bottom line: An ideal 100 watt solar electric system in Dallas allows a person to constantly use about 18 watts of power during the month of September; about 9 watts in the winter. Real world results are almost certainly less.
Wireless Internet Access
High speed internet access is often available to rural users only through expensive satellite or microwave systems. However, many people (rural or not) may find a wireless solution using cell phone towers to be a great alternative way to access the internet.
I often travel. Having a wireless access point is something important to me. A few weeks ago, I purchased the Huawei B310-518 Wi-Fi router. This device works much like tethering with a cell phone, with similar speeds.
But, the Huawei B310-518 is also more powerful than a tethered cell phone:
It has an Ethernet cable for connecting to a computer – or even a large network.
The Wi-Fi capability has more range than a tethered cell phone.
There is a standard wired phone jack built into the B310-518. This allows a cell phone number to be used with a regular wired phone.
The B310-518 is an unlocked GSM device. So, that means that it works with most cell phone carriers except for Verizon and Sprint. AT&T works. T-Mobile works. And companies that resale these services also work. In Canada, it will work with Rogers and others. Simply use your cell phone’s SIM card in the Huawei router, or buy a special SIM card for the device. It even works internationally.
I ended up purchasing a SIM card and service from Mint Mobile:
Plans vary. Mint Mobile charges $15 per month for 2GB of high speed data. They charge $25 per month for 10GB of high speed data. After the high speed data allocation is used, unlimited low speed data is provided.
Of course, you can use AT&T, T-Mobile, or other carriers with the Huawei device.
The only thing that took me by surprise with this device was that the instruction manual was in Spanish and the default configuration webpage for the device was in Spanish. Switching to English was fairly easy. But, one would think the default for the US market would be English. Also, the router came with a European plug and a converter to a US style plug. That works. I wonder if the US market is an afterthought, though. Online research seems to indicate that the DC plug is the standard 2.1mm coaxial DC power plug.
How Did Stocks Really Do in 2015?
How did your investments do in 2015?
Any of you who know me know that I am a big fan of investing in stock market index fund. These funds mirror the performance of the stock market as a whole and do not seek to pick and choose winners. Historically, most people who invest in index funds make more money than the people who try to gamble on the performance of a specific company or industry.
One of my favorite index funds mirrors the performance of the S&P 500 Index. The S&P 500 Index measures the performance of the 500 largest companies in the United States. Let’s see how it did in 2015 by way of examples:
In 2015, if you invested $1000 at the end of each month, you would have $11933.78 at the end of the year. In other words, you would have lost $66.22 out of the $12000 you invested.
Or… If you had invested $12000 on the first business day of January 2015, you would have had $11907.37 at the end of the year. In other words, you would have lost $92.63 out of the $12000 you invested. That’s less than 1%.
To put that in perspective, it is interesting to note that if you had sold such a hypothetical investment just 2 days ago, you would have gained more than 1% for 2015.
Remember that stocks are long term investments. It is normal for them to change day by day and from month to month or year to year. Economists have studied stock fluctuations for many decades and have found that there is no real pattern to day to day movements in stocks. If stocks go up one day, that does not mean that the economy is getting better. And if they go down one day, that does not mean that the economy is doing worse.
But, one thing we can say is that, in general, stocks increase in value over 10 or more years.
It is also important to remember that 2015 was the first year in 7 years that stocks went down over the course of the year. (And that was just barely). Where were stocks 7 years ago?
Well… if you had invested $12000 seven years ago, then you would have almost $18000 today.
Things are not so bad after all. And today begins a new year. Good things are in store for those who invest regularly in a diverse portfolio of investments.
How do I know? It has always been that way and there is no reason to believe that things are different now. 🙂
Happy New Year!
Harmonic Output Filtering
Here are two articles that I have found especially useful for designing and building harmonic output filters for radio transmitters:
George Dobbs (G3RJV) Guide to Harmonic Filters
I have not built a CWAZ filter yet. But, I did build a 7 pole harmonic filter for 7 MHz using the G3RJV design.
Updating the Raspberry Pi
Updating the Raspberry Pi regularly helps it function efficiently and securely. Log into the Pi via SSH and then execute the following at the command line:
sudo apt-get update
sudo apt-get upgrade
This process can take some time, depending on the network connection speed and how long it has been since the previous update.