CompTIA Security+ Exam Notes

CompTIA Security+ Exam Notes
Let Us Help You Pass

Friday, September 2, 2022

USB Data Blocker

 USB Data Blocker / Prevent Juice Jacking




This is the easiest and one of the least expensive ways of preventing juice jacking.

Sometimes the only way of charging is using a USB port on a charging station as no electrical outlet is available.

You just attach this to the end of your USB cable and then plug it into a charging station. This will prevent any data transfer (syncing). 

Protect your smartphone and/or tablet from malware being installed or data being stolen when plugging into a public charging station. 

PortaPow is one of the many USB data blockers available. They invented this back in 2013. Since then they are used by many corporations, individuals, and governments. The device also comes with a 2-year warranty.

Below is a link for this item:

Posted by at No comments:
Labels: ,

Juice Jacking

 Juice Jacking


There are security issues with using USB charging stations.

You see these at hotels, airports, restaurants, and other public areas.

This includes phones and tablets.

Here are some of the things attackers can use juice jacking to do:

  • Access the data on your device
  • Download malware/virus to your device
  • Take sensitive information
  • Some of the malware has the ability to clone your SIM card

There are ways to protect yourself:

  • Use a USB data blocker
  • Use the AC power connector (using the electrical outlet)
  • Carry a portable power bank
  • Carry a charge-only cable
Make sure the cable you are purchasing says that it is a charge only or that it blocks data.

Below is a video that I show all of my students during Security+ class. 


Posted by at No comments:
Labels:

Tuesday, March 15, 2022

Regulations and Standards

 

Regulations and Standards to know for the exam

     NIST RMF: Supply chain risks
ISO 27001: Organization meets the security standards
ISO 27002: Classifies security controls
ISO 27017 & 27018: Cloud security
ISO 27701: Personal data & privacy
ISO 31000 / 31K: Risk assessments
GDPR: European Union / International Standards
·         Data owners, data controllers, data processors, & data protection officer
·         Data owner: responsible for determining how the data may be used
·         Data controller: responsible for the protection of privacy & website user rights
·         Data Protection Officer: Independent advocate for care & use of customer information, & responsible for ensuring the organization is complying with relevant laws
PCI DSS:
·         Credit cards
·         Assign a unique ID to each person with computer access
·         Regularly test security systems and processes
SSAE SOC reports:
·         SOC 2 Type I: Assess system design on a specific date
·         SOC 2 Type 2: Identifies the effectiveness of security controls over a date range

Posted by at No comments:
Labels: , , , , ,

Thursday, January 13, 2022

2-Step verification

 2-Step Verification or Out-of-Band


This process is completed by generating a software token on a server and sending it to a user. The token can be sent via:

SMS (Short Message Service): The code is sent to a registered phone number

Email: The code is emailed to a registered email account

Push Notification: The code is sent to an authenticator app on a smartphone or PC. This is seamless. The user does not have to enter the code, just tap the notification. 

Phone call: The code is sent as an automated phone call (voice) to a registered phone number
Posted by at No comments:
Labels: , , , , , ,
Subscribe to: Posts (Atom)