Comptia Security+, Security, Technology

Security+ Course – 4.3 Authorisation

1. Understanding Authorisation Authorisation is the final step in the access control process. Once an individual successfully authenticates to a system, authorisation determines the privileges that individual has to access resources and information. 2 Principles of Authorisation Principal of Least Privilege: This principle states that an individual should have only the minimum set of permissions necessary to accomplish his or…

Continue Reading

Comptia Security+, Security, Technology, Uncategorized

Security+ Course – 4.2 Authentication

1. Authentication Factors Once you’ve identified yourself to a system, you must prove that claim of identity. That’s where authentication comes into play. 3 different authentication factors Something you know: this is the most common and is typically in the form of a password the user has to remember. Users should choose strong passwords consisting of as many characters as…

Continue Reading

Comptia Security+, Security, Technology

Security+ Course – 4.1 Identification

1. Identification, authentication, authorisation and accounting As security professionals, one of the most important things that we do is ensure that only authorised individuals gain access to the information, systems, and networks under our protection. The access control process consists of three steps: Identification: this is a claim of who the person is. In electronic system this when you enter…

Continue Reading

Comptia Security+, Security, Technology

Security+ Course – 3.9. Physical Security

1. Site and Facility Design Sites to be protected: – Data Centre – Server rooms – Media storage facilities (where you keep your offsite backup media) – Evidence storage locations – Wiring/Switch cabinets/closets (could be used for eavesdropping or getting access to the network) You should perform inventory of all sensitive sites and audit the security controls.     2.…

Continue Reading

Comptia Security+, Security, Technology

Security+ Course – 3.8 Cloud Computing and Virtualisation

1. Virtualisation There is lots information out there about virtualisation, this is just the cliffsnotes. For more: https://en.wikipedia.org/wiki/Virtualization Host machines run on physical hardware Host machines provide services to several virtualised guest machines They hypervisor tricks each guest into thinking it is running on dedicated hardware. The guest doesn’t know it’s a virtual machine.   Types of Hypervisor There are…

Continue Reading

Comptia Security+, Security, Technology

Security+ Course – 3.7 Software Development Security

1. Development Methodologies Waterfall Model https://www.tutorialspoint.com/sdlc/sdlc_waterfall_model.htm This is the first SDLC developed in the 1970’s by Winston Royce. The waterfall Model illustrates the software development process in a linear sequential flow. This means that any phase in the development process begins only if the previous phase is complete. In this waterfall model, the phases do not overlap This approach does allow…

Continue Reading

Comptia Security+, Security, Technology

Security+ Course – 3.6 Embedded System Security

1. Industrial Control Systems (ICS) ICS monitor and control industrial processes. Hackers love to target ICS for the following reasons: these attacks often have dramatic implications. EG: taking down a city electricity or water system these systems are often not well secured these systems are less likely to be patched and updated. In fact, some ICS system manufacturers advise their…

Continue Reading

Comptia Security+, Security, Technology

Security+ Course – 3.5. Secure Staging and Development

1. Software Staging and Release Deploying code without processes (the wrong way to do it) Surprises end users Introduces security flaws Causes operational disruptions Increases the difficulty of rolling back flawed code Stage 1 – Development Environment Allows developers to develop and modify code Stage 2 – Test Environment Facilitates human and automated testing Stage 3 – Staging Environment Prepares…

Continue Reading

Comptia Security+, Security, Technology

Security+ Course – 3.4 Secure Systems Design

1. Operating System Types Workstation OS Desktop and laptops Typically Windows or OSX, sometimes Linux Server OS Designed for special purpose computers that provide services to others Usually this is Windows Server or Linux Mobile OS This is designed for smartphones and tablets iOS, Android or Windows mobile Kiosk computers devices placed inside of specilaised furniture with limited functionality OS…

Continue Reading

Comptia Security+, Security, Technology

Security+ Course – 3.3 Security Network Design

1. Security Zones Standard Network Zones A network can be split up into different security zones. typically a boarder firewall will have 3 interfaces connecting to these different zones: Connection to the internet Connection to the internal network Connection to the DMZ (Demilitiarised Zone).  This contains the public facing services (email servers, web servers). IF these get compromised the firewall…

Continue Reading