Home / IT Security / Security+ (page 5)

Security+

Penetration Testing

Penetration Testing

Penetration Testing: It is becoming more common for companies to hire penetration testers to test their system’s defense. Essentially, a penetration tester will use the same techniques a hacker would use to find any flaws in your system’s security.   NOTE: Hacking and penetration testing are areas that seem quite …

Read More »

Security and the Cloud

Security and the Cloud

Security and the cloud: Since this is a certification exam on security and not just on memorization of cloud-based terminology, it is important to recognize the security issues associated with cloud computing. Two you should know for the exam are multitenancy and laws and regulations:   Multitenancy: One of the …

Read More »

Databases and Technology

Databases and Technology

Databases & Technology: One key reason why computers are installed is for their ability to store, access, and modify data. The primary tool for data management is the database. Databases have become increasingly sophisticated, and their capabilities have grown dramatically over the last 10 years. This growth has created opportunities …

Read More »

Identifying Critical Systems and Components

Identifying Critical Systems and Components

Identifying Critical Systems & Components:  Sometimes your systems are dependent on things that you would not normally consider, basic utilities such as electricity, water, and natural gas are key aspects of business continuity. In the vast majority of cases, electricity and water are restored—at least on an emergency basis—fairly rapidly. …

Read More »

Risks Associated with Cloud Computing

Risks Associated with Cloud Computing

Risks with Cloud Computing: The Term cloud computing has grown in popularity recently, but few agree on what it truly means. For the purpose of the Security+ Exam, cloud computing means hosting services and data on the Internet instead of hosting it locally. Some examples of this include running office …

Read More »

Risks Associated with Virtualization

Risks Associated with Virtualization

Risks Associated with Virtualization: If cloud computing has grown in popularity, virtualization has become the technology du jour. Virtualization consists of allowing one set of hardware to host multiple virtual machines. It is in use at most large corporations, and it is also becoming more common at smaller businesses. Some …

Read More »

Burp Suite

Burp Suite

Burp Suite: For our purposes, we will use Burp Suite Intercept (or just Burp for short) as our proxy as it is widely viewed as one of the most feature-rich web hacking platform available.   We will be using many tools in Burp Suite throughout the duration of our hacking …

Read More »

BRUTE FORCE AUTHENTICATION ATTACKS

BRUTE FORCE AUTHENTICATION ATTACKS

Brute Force Attacks: Authentication actually takes place in many other parts of the web application other then the main login page. It is also present when you change your password, update your account information, use the password recovery functionality, answering secret questions, and when you use the remember me option. …

Read More »

Countermeasures of Social Networking

Countermeasures of Social Networking

Countermeasures for Social Networking: Because social networking exploded in popularity so quickly, companies and individuals had little time to deal with the problems the technology brought to bear. Surveys taken a few years ago found that many companies either did not have policy in place regarding social networking or were …

Read More »

SSL and TLS

SSL and TLS

SSL and TLS: Secure Sockets Layer (SSL) is used to establish a secure communication connection between two TCP-based machines. This protocol uses the handshake method of establishing a session. The number of steps in the handshake depends on whether steps are combined and/or mutual authentication is included. The number of …

Read More »