This is post 10 of 10 in the series “[ Security+ Certification ]” [System Access] MinimumPasswordAge = 2 MaximumPasswordAge = 42 MinimumPasswordLength = 10 PasswordComplexity = 1 PasswordHistorySize = 6 LockoutBadCount = 5 ResetLockoutCount = 720 LockoutDuration = -1 RequireLogonToChangePassword = 1 ForceLogoffWhenHourExpire = 1 NewAdministratorName = “root” [System Log] MaximumLogSize = 100032 AuditLogRetentionPeriod = …
Security+ : Sample Questions
This is post 9 of 10 in the series “[ Security+ Certification ]” Sample Questions Q: What exactly is a PKI certificate? A) PKI has nothing to do with certificates B) Certificates provide identifying credentials only C) Certificates identify a certificate authority D) Certificates provide a copy of a remote system’s private key E) Certificates …
Security+: Domain 6.0: Cryptography and PKI
This is post 8 of 10 in the series “[ Security+ Certification ]” Domain 6.0 Cryptography Symmetric Cyphers Type Block or Stream Key Rounds Details DES 64 bit block 56 bit 16 Used in the electronic payment industry. 3DES/TDES/3TDES 64 bit block 56 bit 16 x 3 different keys TDES is used in commercial data …
Continue reading “Security+: Domain 6.0: Cryptography and PKI”
Security+ Domain 5.0 Risk Management
This is post 7 of 10 in the series “[ Security+ Certification ]” zzz
Security+ Domain 4.0: Identity and Access Management
This is post 6 of 10 in the series “[ Security+ Certification ]” Domain 4.0 Identity and Access Management Authentication, Access Control & Auditing Know For The Security+ Test: The three “pillars” or “foundations” of information security are Authentication, Access Control and Auditing. (The mnemonic “AAA” may help you remember.) Authentication: By What You Know …
Continue reading “Security+ Domain 4.0: Identity and Access Management”
Security+ Domain 3.0: Architecture and Design
This is post 5 of 10 in the series “[ Security+ Certification ]” Chapter 11: Architecture Frameworks and Secure Network Architectures Chapter 12: Chapter 13: Chapter 14: Chapter 15: Chapter 16: Chapter 17: Hardening networks: Firmware upgrades Computers, routers and other network equipment store fixed firmware in ROM modules, including: Erasable Programmable Read-Only Memory …
Continue reading “Security+ Domain 3.0: Architecture and Design”
Security+ Domain 2.0: Technologies and Tools
This is post 4 of 10 in the series “[ Security+ Certification ]” Chapter 4: Vulnerability Scanning and Penetration Testing Pen Test Concepts Active vs Passive reconnaissance Exploitation Pivoting Escalation Types of Pen Testing Black Box White Box Gray Box Vulnerability Scanning MBSA Nessus / OpenVAS Retina Chapter 5: Vulnerabilities and Impacts System vulns Improper …
Continue reading “Security+ Domain 2.0: Technologies and Tools”
Security+ Domain 1.0: Threats, Attacks and Vulnerabilities
This is post 3 of 10 in the series “[ Security+ Certification ]” Chapter 1: Malware and Indicators of Compromise Malware Polymorphic malware Viruses Armored virus (encryption) Crypto-Malware Ransomware Worms Trojans Rootkit Keylogger Adware Spyware Bots RATs Logic Bombs Backdoors Indicators of Compromise IOC Tools from FireEye (Mandiant) OpenIOC from MITRE STIX TAXII CybOx Chapter …
Continue reading “Security+ Domain 1.0: Threats, Attacks and Vulnerabilities”
Security+: Definitions and Catchwords
This is post 2 of 10 in the series “[ Security+ Certification ]” The Ever-Present OSI/DoD Models Ports, well-known and otherwise NAT and Private Address Ranges (thanks JP) Basic Terminology Asset – anything valuable, such as information, software or a car stereo Threat – any event or object that might result in a loss, like …
Network+: Routing Protocols
This is post 11 of 11 in the series “[ Network+ ]” Routing Protocols Internal Protocols RIP (v1) Max hop count of 15 Routing table updates every 30 seconds, and the WHOLE TABLE No VLSM (CIDR) No authenticiation RIP v2 Yes VLSM Authentication added IGRP (Cisco proprietary) OSPF Noisy boot HELO packets then LSAs to …