About this page.

This blog was originally just going to be my Security assignment for electronic logs, but it has now evolved just a bit. In this blog will will find my notes and anything else we do in these classes.

Tuesday, February 28, 2012

Chapter 4 review

It's up.  Next week is Spring Break and I'll try to get caught back up on publishing notes.

Chapter 4 Review
Posted by at No comments:
Labels:

Tuesday, February 21, 2012

Even more Chapter 4 notes


Vulnerability Assessment cont.

  • Vulnerability appraisal
    • Determine current weakness
      • Snapshot of current organization security
    • Every asset should be viewed in light of each threat
    • Catalog each vulnerability
  • Risk assessment
    • Determine damage resulting from attack
    • Assess likelihood that vulnerability is a risk to organization

More after the Jump
Read more »
Posted by at No comments:

Thursday, February 16, 2012

Chapter 4

Chapter 3 review


Vulnerability Assessment

  • Systematic evaluation of asset exposure
    • Attackers
    • Forces of nature
    • Any potentially harmful entity
  • Aspects of vulnerability assessment
    • Asset identification
    • Threat evaluation
    • Vulnerability appraisal
    • Risk assessment
    • Risk mitigation

More after the break!

Read more »
Posted by at No comments:

Security News!

CompTIA pushing Certification to Manage Security Risks

41% of US organizations are reporting deficiencies in security levels due to lack of training in their techs.

More and more companies are turning to certifications to validate expertise in their candidates.  Make sure that you review your options between formal training, OJT and certs- or a combination of the three.  
Posted by at No comments:

Thursday, February 9, 2012

More Chapter 3

Sorry about the order!  I had an appt in Johnson City on the second and had to get the notes.  Here they are, in all the out-of-order glory!


Test Today on Chapter 2

Client-Side Attacks cont'd

  • Session hijacking
    • Attacker attempts to impersonate user by stealing or guessing session token
  • Malicious addons
    • Browser extensions provide multimedia or interactive Web content
    • Active X addons have several security concerns

More after the Break!

Read more »
Posted by at No comments:

News for Feb 9

Small DDoS attacks can (and will) do just as much damage as a large scale attack will.

DDoS Attacks: Size doesn't matter

According to Radware, size doesn't matter when it comes to DDoS attacks.

Radware's ERT found that the majority of successful attacks were made with less that 1 Gigabit per second.  Others work by devouring server resources.  They also found that firewalls and IPS alone cannot stop DDoS attacks, and in some cases, the firewall is the weakest link.

What can you do?  Collect information about all attacks, not just the big ones.  Do your risk analysis.  Be ready and willing to work with your ISP.

Don't assume that you are not at risk for a DDoS attack just because you are small.  Plan for the worst.
Posted by at No comments:

Chapter 3 Cont

Money potential:  Setting up own questions to learn and pass the Security + exam.



Network Attacks
  • Denial of service (DoS)
    • Attempts to prevent system from performing normal functions
    • Ping flood attack
      • Ping utility used to send large number of echo request messages
      • Overwhelms Web server
    • Smurf attack
      • Ping request with originating address changed
      • Appears as if target computer is asking for response from all computers on the network
    • SYN flood attack
      • Takes advantage of procedures for establishing a connection
  • Distributed denial of service (DDoS)
    • Attacker uses many zombie computers in a botnet to flood a device with requests
    • Virtually impossible to identify and block source of attack
More  after the break

Read more »
Posted by at No comments:
Subscribe to: Posts (Atom)