1. Development Methodologies Waterfall Model https://www.tutorialspoint.com/sdlc/sdlc_waterfall_model.htm This is the first SDLC developed in the 1970’s by Winston Royce. The waterfall Model illustrates the software development process in a linear sequential flow. This means that any phase in the development process begins only if the previous phase is complete. In this waterfall model, the phases do not overlap This approach does allow…
Category: Comptia Security+
Security+ Course – 3.6 Embedded System Security
1. Industrial Control Systems (ICS) ICS monitor and control industrial processes. Hackers love to target ICS for the following reasons: these attacks often have dramatic implications. EG: taking down a city electricity or water system these systems are often not well secured these systems are less likely to be patched and updated. In fact, some ICS system manufacturers advise their…
Security+ Course – 3.5. Secure Staging and Development
1. Software Staging and Release Deploying code without processes (the wrong way to do it) Surprises end users Introduces security flaws Causes operational disruptions Increases the difficulty of rolling back flawed code Stage 1 – Development Environment Allows developers to develop and modify code Stage 2 – Test Environment Facilitates human and automated testing Stage 3 – Staging Environment Prepares…
Security+ Course – 3.4 Secure Systems Design
1. Operating System Types Workstation OS Desktop and laptops Typically Windows or OSX, sometimes Linux Server OS Designed for special purpose computers that provide services to others Usually this is Windows Server or Linux Mobile OS This is designed for smartphones and tablets iOS, Android or Windows mobile Kiosk computers devices placed inside of specilaised furniture with limited functionality OS…
Security+ Course – 3.3 Security Network Design
1. Security Zones Standard Network Zones A network can be split up into different security zones. typically a boarder firewall will have 3 interfaces connecting to these different zones: Connection to the internet Connection to the internal network Connection to the DMZ (Demilitiarised Zone). This contains the public facing services (email servers, web servers). IF these get compromised the firewall…
Security+ Course – 3.2 User Training
1. Security Education There are 2 important components of security training programs. Security training: this provides users with the knowledge they need to protect the organisations security Security Awareness: Keeps the lessons learned at the front of the users mind. EG: posters, email reminders etc… Security Training Methods instruction in onsite classes as part of new staff induction or orientation…
Security+ Course – 3.1 Security Design
1. Legislative and Regulatory Compliance Compliance Obligations There are 4 main types: Criminal law: deter and punish acts detrimental to society (murder, theft, hacking etc…). This can result in jail time Civil law: designed to resolve disputes between civilians, organisations etc… This cannot result in jail time Administrative law: Facilitate effective government by allowing agencies to carry out their duties.…
Security+ Course – 2.11 Securing Protocols
2.11.1 TLS & SSL Digital certificates allow for the secure exchange of public keys over otherwise untrusted networks. Types of encryption Symmetric Encryption: The same key is used for encryption and decryption. The issue with this method is that the key must shared to with the sender and receiver. Asymmetric Encryption (Public key): The recipient generates two keys. The public…
Security+ Course – 2.10 Mobile Device Security
2.10.1 Mobile Connection Methods Cellular Networks Available in most urban and suburban areas 1 single tower can cover distances of up to 20 miles Rated according to the generation of services WIFI Networks These cover shorter distances with greater bandwidth. Satellite Communications This works almost anywhere but is expensive and slow. Near File Communications (NFC) This covers distances measures in…
Security+ Course – 2.9 Host Security
2.9.1 – Operating System Security Security Settings There are many OS security settings. You should establish a baseline for OS security settings that are used in your environment. One of these might be removing users from the local administrators group. This can be done using Group Policy. Patch Management Applying patches is critical to avoid known vulnerabilities being exploited. You can…