Posted on by Glenn

Security+: Definitions and Catchwords

  1. Security+ Certification
  2. Security+: Definitions and Catchwords
  3. Security+ Domain 1.0: Threats, Attacks and Vulnerabilities
  4. Security+ Domain 2.0: Technologies and Tools, Chapter 6
  5. Security+ Domain 2.0: Technologies and Tools, Chapter 7
  6. Security+ Domain 2.0: Technologies and Tools, Chapter 8
  7. Security+ Domain 2.0: Technologies and Tools, Chapter 9
  8. Security+ Domain 2.0: Technologies and Tools, Chapter 10
  9. Security+ Domain 3.0: Architecture and Design: Chapter 11
  10. Security+ Domain 3.0: Secure Systems Design and Deployment: Chapter 12
  11. Security+ Domain 3.0: Secure Systems Design and Deployment: Chapter 12 cont’d
  12. Security+ Domain 3.0: Architecture and Design: Chapter 13: Embedded Systems
  13. Security+ Domain 3.0: Architecture and Design: Chapter 14: Application Development
  14. Security+ Domain 3.0: Architecture and Design: Chapter 15: Cloud and Virtualization
  15. Security+ Domain 3.0: Architecture and Design: Chapter 16: Resiliency and Automation
  16. Security+ Domain 3.0: Architecture and Design: Chapter 17: Physical Security
  17. Security+ Domain 4.0: Identity and Access Management: Chapter 18
  18. Security+ Domain 4.0: Identity and Access Management: Chapter 19
  19. Security+ Domain 4.0: Identity and Access Management: Chapter 20
  20. Security+ Domain 5.0: Risk Management: Chapter 21
  21. Security+ Domain 5.0: Risk Management: Chapter 22
  22. Security+ : Sample Questions
  23. Security+ Domain 5.0: Risk Management: Chapter 23
  24. bastion.inf
  25. Security+ Domain 5.0: Risk Management: Chapter 24
  26. Security+ Domain 5.0: Risk Management: Chapter 25
  27. Security+ Domain 5.0: Risk Management: Chapter 26
  28. Security+ Domain 5.0: Risk Management: Chapter 27
  29. Security+ Domain 5.0: Risk Management: Chapter 28
  30. Security+ Domain 5.0: Risk Management: Chapter 29
  31. Security+: My Favorite Free Tools

The Ever-Present OSI/DoD Models

OSI and DoD Models
OSI and DoD Models

Ports, well-known and otherwise

NAT and Private Address Ranges (thanks JP)

Basic Terminology

Asset – anything valuable, such as information, software or a car stereo

Threat – any event or object that might result in a loss, like theft or fire damage

Threat Agent – any person or thing that can carry out a threat, like a thief or a flood

Vulnerability – a weakness in security, like an unprotected server or a hole in a fence

Exploit – actually taking advantage of a weakness, for instance by attacking an unprotected server or going through that hole in the fence

Risk – the likelihood that that an exploit will actually be performed

Risk management is what it’s all about: how much risk can you tolerate, and how much will you spend to avoid it?

Information Security Provides

    1. Integrity – Insurance that a message, software or other item hasn’t been changed in any way.
    2. Confidentiality – Only authorized persons have access to the information.
    3. Availability – Information is available to properly authorized users.

Basic Security Concepts

Layering -Providing multiple layers of protection: physical access control, a firewall, antivirus software, etc. The key concept is preventing one layer’s configuration from compromising other layers. If you leave workstations logged in overnight to distribute antivirus updates, you’ve weakened security with that compromise.

Limiting – Basically, limiting access, whether physical or logical.

Diversity – Using more than one type of a given security method; for instance, both a physical and a software firewall.

Obscurity – Limiting the information available to attackers. For example, your web server should not reveal that it’s Apache 1.2.

Simplicity – Put simply, don’t make your security layers hard to understand or configure.