I am working my way through the online course “Cert Prep: CompTIA Security+” by Michael Chapple. This is available on Lynda and LinkedIn Learning. These are my study notes- Section 1 – Threats, Attacks and Vulnerabilities 1.1 Malware 1.2 Understanding Attackers 1.3 Understanding Attack Types 1.4 Application Attacks 1.5 Vulnerability Scanning and Penetration Testing 1.6 Impact of Vulnerabilities Section…
Category: Comptia Security+
Security+ Course – 6.7 Cryptographic Applications
1. Digital Rights Management Digital Rights Management, or DRM software mechanisms, provide content owners with the technical ability to prevent the unauthorised use of their content. DRM uses encryption technology to render content inaccessible to those who do not possess the necessary license to view the information. Apple and many other subscription-based music services do use DRM technology to encrypt…
Security+ Course – 6.6 Cryptanalytic attacks
1. Brute Force Attacks Brute-force attacks are the simplest form of attack against a cryptographic system. In a brute-force attack, the attacker simply guesses repeatedly at the encryption key until he or she stumbles upon the correct value for the key and gains access to the encrypted information. Brute-force attacks can take a very long time to complete successfully, if…
Security+ Course – 6.5 Public Key Infrastructure (PKI)
1. Trust Models Requirements for Symmetric Key Exchange: The 2 parties must be confident that they are really communicating with each other and not an imposter The 2 parties must be confident that nobody is eavesdropping on the key exchange Asymmetric Cryptography Users don’t need to share their private keys Users can share their public keys freely Eavesdropping protection isn’t…
Security+ Course – 6.4 Key Management
1. Key Exchange In symmetric encryption, the sender and receiver share a single secret key that nobody else should know. Before the sender and receiver can begin to communicate using a symmetric algorithm, they must somehow agree upon and exchange the shared secret key that they will use for that communication session. Problems with Key exchange EG: Alice and Bob…
Security+ Course – 6.3 Asymmetric Cryptography
1. Rivest-Shamir-Adleman (RSA) Asymmetric cryptography solves issues of scalability by giving each user a pair of keys for use in encryption and decryption operations. The RSA algorithm was one of the earliest asymmetric cryptographic algorithms and it is still used today. It was published in 1977. There’s a lot of complex maths involved in creating that key pair, but the…
Security+ Course – 6.2 Symmetric Cryptography
1. Data Encryption Standard (DES) DES was designed by IBM in the 1970’s Intended to serve as a federal encryption standard. Up until that point different agencies used different encryption algorithms. This caused issues with security because all of those algorithms weren’t thoroughly tested, and interoperability because different agencies couldn’t easily communicate with each other How DES Works DES uses…
Security+ Course – 6.1 Encryption
1. Understanding Encryption Cryptography is the use of mathematical algorithms to transform information into a form that is not readable by unauthorised individuals. Cryptography does, however, provide authorised individuals with the ability to transform that encrypted information back into readable form. Encryption: converts information from its plaintext form into an encrypted version that is unreadable. This is known as ciphertext…
Security+ Course – 5.6 Data Security and Privacy
1. Understanding Data Security Data States 1. Data at rest: is data stored somewhere for later use. This might be on a hard drive or USB stick, in a cloud service, or on a magnetic tape as part of a backup or archival solution. Data at rest is vulnerable to theft if an attacker gains either physical or logical access…
Security+ Course – 5.5 Forensics
1. Conducting Investigations There are four main types of investigations that often involve cybersecurity professionals. These are: 1. Operational investigations: Seek to resolve technology issues (EG: service might be returning errors, a server might be responding too slowly, or a network might be congested) Restore normal operations as quickly as possible low standards of evidence as no legal action involved…