1.0 Threats, Attacks and Vulnerabilities

This post is part of a larger series on Security+ 1.1 Given a scenario, analyze indicators of compromise and determine the type of malware Virus: an old-fashioned term going back to the mid-1980s. A piece of software that may intrude into your system, often by attaching to other existing files. Viruses will propagate or spread to other devices. They would also activate - or perform some function such as erasing the boot sector on your hard drive....

December 22, 2020 · Steven Polley

2.0 Technologies and Tools

This post is part of a larger series on Security+ Common userspace utilities ping: Sends ICMP echo request to the destination, expects an ICMP echo reply but if not received before the timeout, will display as such. If a response is received, the RTT will typically be displayed in the output for each response. Implementations differ between operating systems and userspace utilities. # Windows uses -t to get correct, sane behavior ping -t 8....

December 22, 2020 · Steven Polley

3.0 Architecture and Design

This post is part of a larger series on Security+ Using Guides for Risk Assessment Guides are not necessarily hard and fast rules. The idea of guides is to set bias. Yes, we as humans cannot get around biases, even when we are aware of them. Guides can help us set a baseline to help get a feel for where things should be. The idea is to use the incredibly fast, yet flawed built-in calculator we have evolved to optimize - intuition....

December 22, 2020 · Steven Polley

4.0 Identity and Access Management

This post is part of a larger series on Security+ Auditing & Accountability: who’s making changes, why are they making changes Non-Repudiation: non-repudiation is when a person cannot deny having done something. For instance, if are required to change someone’s password and have knowledge of its value, if that account then performed bad actions, you could be liable. To get non-repudiation, you must have confirmation the user has changed their password to something different....

December 22, 2020 · Steven Polley

5.0 Risk Management

This post is part of a larger series on Security+ Definitions Risk Management: The identification, and assessment of risk. Assets: Any part of our infrastructure that we are worried about getting harmed. Servers, network, services, applications, storage, people, intangible (such as reputation) Vulnerability: Weakness to an asset that leaves it open to bad things happening to it. eg) unlocked server room door, not changing default passwords Threats: The bad action or event, that could occur if a vulnerability were exploited....

December 22, 2020 · Steven Polley

6.0 Cryptography and PKI

This post is part of a larger series on Security+ Cryptography is the science and study of taking data and making it hidden so others cannot understand it. Cryptography provides confidentiality by using obfuscation. There are a lot of ways to use obfuscation to provide confidentiality. Diffusion Confusion Encryption: the process of obfuscating data Decryption: the process of unobfuscating data. Cipher: Caesar cipher: a common that shifts letters in the alphabet by some number....

December 22, 2020 · Steven Polley