IT Security from TechBeacon: “Why we need more women in cybersecurity”

Why we need more women in cybersecurity

Why we need more women in cybersecurity

It has been estimated that more than 1 million security jobs worldwide are unfilled. Further, (ISC)2 reports that of the currently employed cybersecurity professionals, women represent only 11 percent of the workforce. The unfilled cybersecurity jobs aren’t just a staffing issue; they’re a matter of national security, and women can help us solve the problem quickly.

Source: techbeacon.com/why-we-need-more-women-cybersecurity

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Friday-Five Questions September 8th 2017.

What is WORM media?

WORM Media (Write Once Read Many): CD/DVDs can be WORM Media (R), if they are not R/W (Read/Write).

In IaaS who is responsible for the databases?

IaaS - (Infrastructure as a Service) The vendor provides infrastructure up to the OS, the customer adds the OS and up.

Logic bombs will go off when:

Logic Bombs - Malicious code that executes at a certain time or event - they are dormant until the event (IF/THEN). IF Bob is not getting an annual bonus over $10,000, THEN execute malicious code. IF date and time 5/15/18 00:02:12, THEN execute malicious code.

What is polyinstantiation?

Polyinstantiation  (Alternative Facts) – Two (or more) instances of the same file depending on who accesses it. The real information may be available to subjects with Top Secret clearance, but different information will be available to staff with Secret or lower clearance.

Cryptanalysis is where we:

Cryptanalysis is the science of breaking encrypted communication. Cryptanalysis is used to breach cryptographic security systems and gain access to the contents of encrypted messages, even if the cryptographic key is unknown. It uses mathematical analysis of the cryptographic algorithm, as well as side-channel attacks that do not target weaknesses in the cryptographic algorithms themselves, but instead exploit weaknesses in their implementation and the devices that run them.

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Friday-Five Questions September 1st 2017.

A DDOS attack is meant to disrupt which leg of the CIA Triad?

When we get his by a DDOS (Distributed Denial Of Service), is disrupts our availability, but not integrity or confidentiality.

In the US security breach notification laws are:

Security Breach Notification Laws. NOT Federal, 48 states have individual laws, know the one for your state (none in Alabama and South Dakota). They normally require organizations to inform anyone who had their PII compromised. Many states have an encryption clause where lost encrypted data may not require disclosure.

What is not an example of good multifactor authentication?

Multifactor authentication uses authentication from more than one factor (something you know, are or have). Passwords and usernames are not multifactor, they are both knowledge factors.

Which type of access control models are based on subjects clearance?

MAC - (Mandatory Access Control) is system-enforced access control based on a subject’s clearance and an object’s labels.

Which is an asymmetric form of encryption?

RSA is asymmetric. 3DES, RC6 and Twofish are all symmetric forms of encryption.

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Friday-Five Questions: Identity and access management.

In a good password policy, which should be allowed?

Passwords should never contain: The name of a pet, child, family member, significant other, anniversary dates, birthdays, birthplace, favorite holiday, something related to a favorite sports team, or the word "password". Winter2017 is not a good password, even if it does fulfil the password requirements. The official recommendations by the U.S. Department of Defense and Microsoft. Password history = set to remember 24 passwords. Maximum password age = 90 days. Minimum password age = 2 days (to prevent users from cycling through 24 passwords to return to their favorite password again). Minimum password length = 8 characters. Passwords must meet complexity requirements = true. Store password using reversible encryption = false.

Type 1 authentication is:

Something you know - Type 1 Authentication: Passwords, pass phrase, PIN etc., also called Knowledge factors. The subject uses these to authenticate their identity, if they know the secret, they must be who they say they are.

Which authentication form is the worst to have compromised, because it can't be changed?

Something you are - Type 3 Authentication (Biometrics): Lost passwords and ID cards can be replaced with new different ones, biometrics can’t. You can't change your fingerprints, once compromised they are always compromised.

PINs, passwords and passphrases are which type of authentication?

Something you know - Type 1 Authentication: Passwords, pass phrase, PIN etc., also called Knowledge factors. The subject uses these to authenticate their identity, if they know the secret, they must be who they say they are.

Which authentication protocol is no longer considered secure?

TACACS (The Terminal Access Controller Access Control System): Centralized access control system requiring users to send an ID and reusable (vulnerable) passwords for authentication, because of this it is no longer considered secure. Uses TCP/UDP port 49. TACACS has generally been replaced by TACACS+ and RADIUS.

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Friday-Five Questions: Well-known ports.

On which port does POP3 normally use?

A POP3 server listens on well-known port 110.

Your organization is using a secure website using https://, which port is used by default?

HTTPS URLs begin with "https://" and use port 443 by default, or alternatively 8443, whereas HTTP URLs begin with "http://" and use port 80 by default.

To upload files using FTP which ports would be the common ports?

FTP uses TCP port 20 for FTP data transfer and TCP port 21 for FTP control.

Which well-known ports does email programs use POP3, IMAP, and SMTP

SMTP (Simple Mail Transfer Protocol) uses TCP port 25 as default, but can also use port 2525. POP3 (Post Office Protocol, version 3) uses TCP port 110. IMAP (Internet Message Access Protocol) uses TCP port 143.

Using SSH we log into our cloud servers, which port is assigned to SSH?

The well-known TCP port 22 has been assigned for contacting SSH servers.

 

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading