Home / IT Security / Security+ (page 2)

Security+

Understanding Hashing

Understanding Hashing

Understanding Hashing: Simply yet, hashing can be considered a type of one-way encryption. More accurately, it is a process that creates a scrambled output that can’t be reversed—or at least can’t be revered easily. The process of hashing takes plain text and transform it into cipher text but does so …

Read More »

Cross Site Scripting

Cross Site Scripting

Cross-Site Scripting (XSS) is a type of attack that can occur in many forms, but in general they occur when data of some type enters a web application through an untrusted source (in the major of cases, a web request). Typically, this data is included as part of dynamic content …

Read More »

File Systems

File Systems

File Systems: Several filesystems are involved in the operating systems, and from a network perspective, they have a high level of interoperability among them. Throughout the years, different vendors have implemented their own sets of file standards. Some of the more common filesystems in Windows are listed here: Microsoft FAT: …

Read More »

Monitoring System Logs

Monitoring System Logs

Monitoring System Logs: In addition to network monitoring, you must monitor the event logs. Event Logs are system logs that record various events that occur. Event logs comprise a broad category that includes some logs that are not relevant to security issue. But within that broad category are security and …

Read More »

Application Security

Application Security

The Application Security: There are a number of issues to be cognizant of when it comes to application security.  Many of these have been addressed—or will be addressed—in other posts where discussion is more relevant, but the following is a list of those issues that CompTIA wants you to be …

Read More »

Intelligence Gathering – PTES

Intelligence Gathering – Penetration Testing Execution Standard

Intelligence Gathering – Penetration Testing Execution Standard: Once a plan is in place and proper preparation has been successfully completed, now you can begin the information-gathering process. This phase basically represents the start of the actual test, even though you will not yet be engaging your target directly. However, at …

Read More »

Secure Router Configuration

Secure Router Configuration

Secure Router Configuration: One of the most important things you can do to secure your network is to secure the router. Though this is basic common sense, it is too often overlooked in the rush to finish the router configuration and move on the next job. To configure the router …

Read More »

Creating a Test Setup Lab

Creating a Test Setup Lab

What You Will Need: In order to build a proper lab you will need to do several things first, some optional and other not. I recommend putting down some important foundations first. Make sure you have a good understanding of what you are trying to accomplish, and don’t just start …

Read More »

Why Build a Lab? The Build Process

Why Build a Lab? The Build Process

Why Build a Lab: So which should you become fluent with or concentrate on when testing or training? I have included a list of tools later in this post, where you should consider getting familiar with in order to prepare properly for the test. NOTE: The list is s short …

Read More »

Penetration Testing Frameworks & Alternative Methods

Penetration Testing Frameworks & Alternative Methods

Overview of Alternative Methods: Now that you have an idea of what penetration testing is, we need to take a close look at the process that a penetration tester follows outside of what EC-Council offers. When you are considering a methodology to follow, you must remember some points and ideas …

Read More »