CompTIA Security+ Exam Notes

CompTIA Security+ Exam Notes
Let Us Help You Pass

Friday, September 2, 2022

USB Data Blocker

 USB Data Blocker / Prevent Juice Jacking

This is the easiest and least expensive way to prevent juice jacking.

Sometimes, the only way to charge is to use a USB port on a charging station, as no electrical outlet is available.

You just attach this to the end of your USB cable and then plug it into a charging station. This will prevent any data transfer (syncing). 

When plugging into a public charging station, protect your smartphone and/or tablet from malware installation or data theft. 

PortaPow is one of the many USB data blockers available. It was invented in 2013 and has been used by many corporations, individuals, and governments since then. The device also comes with a 2-year warranty.

Below is a link for this item:

Juice Jacking

 Juice Jacking

There are security issues with using USB charging stations.

You see these at hotels, airports, restaurants, and other public areas.

This includes phones and tablets.

Here are some of the things attackers can use juice jacking to do:

  • Access the data on your device
  • Download malware/virus to your device
  • Take sensitive information
  • Some of the malware can clone your SIM card

There are ways to protect yourself:

  • Use a USB data blocker
  • Use the AC power connector (using the electrical outlet)
  • Carry a portable power bank
  • Carry a charge-only cable
Make sure the cable you are purchasing says that it is charged only or that it blocks data.

Below is a video I show all my students during Security+ class. 


Tuesday, March 15, 2022

Regulations and Standards

 

Regulations and Standards to know for the exam

     NIST RMF: Supply chain risks
ISO 27001: Organization meets the security standards
ISO 27002: Classifies security controls
ISO 27017 & 27018: Cloud security
ISO 27701: Personal data & privacy
ISO 31000 / 31K: Risk assessments
GDPR: European Union / International Standards
·         Data owners, data controllers, data processors, & data protection officer
·         Data owner: responsible for determining how the data may be used
·         Data controller: responsible for the protection of privacy & website user rights
·         Data Protection Officer: Independent advocate for care & use of customer information, & responsible for ensuring the organization is complying with relevant laws
PCI DSS:
·         Credit cards
·         Assign a unique ID to each person with computer access
·         Regularly test security systems and processes
SSAE SOC reports:
·         SOC 2 Type I: Assess system design on a specific date
·         SOC 2 Type 2: Identifies the effectiveness of security controls over a date range

Thursday, January 13, 2022

2-Step verification

 2-Step Verification or Out-of-Band

This process is completed by generating a software token on a server and sending it to a user. The token can be sent via:

SMS (Short Message Service): The code is sent to a registered phone number

Email: The code is emailed to a registered email account

Push Notification: The code is sent to an authenticator app on a smartphone or PC. This is seamless. The user does not have to enter the code; just tap the notification. 

Phone call: The code is sent as an automated phone call (voice) to a registered phone number