-
Metaverse security is a thing because security is still a thing…
With all this talk about the metaverse and Web3.0, it’s easy (always too easy it seems) for security to become an afterthought, instead of a before-thought, or even a during-thought. So, please. Let’s discuss METAVERSE SECURITY. Even if you still have no idea what the metaverse is or what the “Web 3.0/Web3” is, you must understand that being online on the Internet exposes you much like you are exposed the very moment you leave your house. Once you leave the domain and sanctuary of one’s home, we are exposed and take measures to mitigate risks and privacy. We wear clothing to protect us, yes, and also to shield our most…
You May Also Like
Physical Networking—NETWORKING ESSENTIALS—CompTIA A+ (220-1001) A-PLUS Certification Prep Course Notes
Blockchain & Money: Session 24: Conclusion, by M.I.T. Sloan School of Management with Professor Gary Gensler
Mobile Networking–Advanced IP Networking–NETWORKING, SECURITY, & MORE ESSENTIALS—CompTIA Network+ (N10-007) NETWORK-PLUS Certification Prep Course Notes
-
What is a password manager and why do you need one…
I was speaking to a contact who is studying the cybersecurity industry and does not use a password manager. Interestingly enough, it’s actually a debate I’ve seen crop up a few times in cybersecurity circles. A password manager is an application to help your store and manage all the various usernames, passwords, URLs, what have you…that all come as a byproduct of the digital terrain that we are increasing surround by. I used to think “But MY password is unique! It’s not “password” or any of the typically mocked but often used, much maligned, stereotypical passwords. Oh, no. Mine was different and unique. And there are people who do this…
-
What Is a CSIRT vs. CERT vs. CIRT???
CSIRT—Computer Security Incident Response Team is a concrete organizational entity (i.e., one or more staff) that is assigned the responsibility for coordinating and supporting the response to a computer security event or incident. CERT—Computer Emergency Response (Readiness) Team CERT should not be generically used as an acronym because it’s a registered trademark in the United States Patent and Trademark Office, as well as other jurisdictions around the world. Alternative names fur such groups include computer emergency readiness team and computer security incident response team (CSIRT). The name “Computer Emergency Response Team” was fist used in 1988 at Carnegie Mellon University (CMU). CERT is registered as a trademark by Carnegie Mellon…
-
How Was Colonial Pipeline Hacked/Breached? Because of One Single Employee’s Compromised Password
That’s all it takes, and usually what it comes down to. Passwords. As the founding contemporary lyrical wordsmith members of Wu-Tang would say, “Protect ya neck!“. Because without it, you’ll lose your head. Same with passwords! Protect ya passwords!!! All a malicious actor would need is a password to an account, and just like that (*finger snap!*), you’ve invited them in, like welcoming Count Dracula through your front door for Sunday dinner. So, Colonial, right…here’s the latest. After an analysis of the cyberattack on Colonial Pipeline, investigators suspect that hackers obtained the password from the dark web (think a marketplace for illicit activity) where such info is available for the…
-
What is a ‘NOC’? What is a ‘SOC’? The Battle of ‘NOCs’ vs. ‘SOCs’…
Noc’ing the Soc’s Off You!! First of all, I want to preface this by stating and asking, “Why aren’t NOCs and SOCs the same thing???” Just initially hearing what the acronyms stand for alone, and going based off of that, I would think we would want “Network” and “Security” intertwined and treated with a holistic approach. Similar to how security should be “baked in” to software. NOC–Network Operations Center A NOC is a Network Operations Center (NOC, pronounced like the work ‘knock’), which can also be referred to as a “network management center”. It can be one or more locations from which network monitoring and control (i.e. network management) is…
-
What is Attack Surface?
Attack surface. First thing I start thinking is the surface area, or the exposed area that is susceptible to a cyber onslaught by threat actors, or bad people with malicious intent. According to Wikipedia: “The attack surface of a software environment is the sum of the different points (for “attack vectors”) where an unauthorized user (the “attacker”) can try to enter data to or extract data from an environment. Keeping the attack surface as small as possible is a basic security measure.” via Wikipedia “KEEPING THE ATTACK SURFACE AS SMALL AS POSSIBLE IS A BASIC SECURITY MEASURE.” **clap, clap** Does that last line stick out to anyone else?? It should.…
You May Also Like
Post-Quantum Cryptography: The Race Is On
Routing–The World of TCP/IP–NETWORKING, SECURITY, & MORE ESSENTIALS—CompTIA Network+ (N10-007) NETWORK-PLUS Certification Prep Course Notes
Blockchain & Money: Session 10: Financial System Challenges & Opportunities by M.I.T. Sloan School of Management with Professor Gary Gensler
-
What is Remote Code Execution?
What is Remote code execution (RCE)? A simple web search brings up a Wikipedia page on Arbitrary code execution (ACE). According to Wikipedia: In computer security, arbitrary code execution (ACE) is an attacker’s ability to execute arbitrary commands or code on a target machine or in a target process. An arbitrary code execution vulnerability is a security flaw in software or hardware allowing arbitrary code execution. A program that is designed to exploit such a vulnerability is called an arbitrary code execution exploit. The ability to trigger arbitrary code execution over a network (especially via a wide-area network such as the Internet) is often referred to as remote code execution…
You May Also Like
Wireless Networking—NETWORKING ESSENTIALS—CompTIA A+ (220-1001) A-PLUS Certification Prep Course Notes
Security & Organization–NETWORKING, SECURITY, & MORE ESSENTIALS—CompTIA A+ (220-1001) A-PLUS Certification Prep Course Notes
Function Overloading–Functions–STRUCTURED PROGRAMMING Course Notes
-
Security Engineering Analysis Framework Notes…
Good security engineering requires 4 things: Policy: what you’re supposed to achieve Mechanism–the ciphers, access controls, hardware tamper-resistance, and other machinery that you assemble in order to implement the policy. Assurance–the amount of reliance you can place on each particular mechanism. Incentive–the motive that the people guarding & maintaining the system have to do their job properly.
-
Security + Course Notes
Threats, Attacks & Vulnerabilities Malware Malicious software; Broad term; there are many kinds of malware. Viruses Cyrpto-malware Ransomware Worms Trojan Horse Rootkits Keyloggers Adware/Spyware Botnets How do you get malware? These all work together. A worm takes advantage of a vulnerability. Or, installs malware that includes a remote-access backdoor. Bot may be installed later. Your computer must run a program. Email link–Don’t Click Links! Web page pop-ups Drive-by download Worm Your computer is vulnerable Operating System–keep updated! OS & applications. Viruses & Worms Viruses–malware that can reproduce itself; it doesn’t need you to click anything; it needs you to execute a program; Just simply running a program can spread a…
-
Virtualization & Cloud Computing–Advanced IP Networking–NETWORKING, SECURITY, & MORE ESSENTIALS—CompTIA Network+ (N10-007) NETWORK-PLUS Certification Prep Course Notes
Virtualization & Cloud Computing Virtualization Basics Don’t confuse virtualization with emulation! Emulation uses software to imitate hardware. Virtualization uses a system’s actual hardware! Recognize the benefits of virtualization. There are two types of hypervisors: Type 1 (bare metal) Type 2 (hosted) Virtualization doesn’t pretend to be anything that it’s not! (Remember, virtualization uses a system’s actual hardware!) Virtualization saves power; & it consolidates hardware; & it makes system recovery easy, & it’s handy for IT research! Hypervisor–V.M.M. (Virtual Machine Monitory) the thing that manages & runs the Virtual Machine for us! Type 2 Hypervisor–runs on top of the host OS. Type 1 Hypervisor–runs directly on top of hardware, independent of…
