Darril Gibson > Quotes

“Risk is the possibility or likelihood of a threat exploiting a vulnerability resulting in a loss. A threat is any circumstance or event that has the potential to compromise confidentiality, integrity, or availability. A vulnerability is a weakness.”
― Darril Gibson, CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide

“Key escrow is the process of placing a copy of a private key in a safe environment. This is useful for recovery.”
― Darril Gibson, CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide

“Risk is the likelihood that a threat will exploit a vulnerability. Risk mitigation reduces the chances that a threat will exploit a vulnerability, or reduces the impact of the risk, by implementing security controls.”
― Darril Gibson, CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide

“Remember this Preventative controls attempt to prevent security incidents. Hardening systems modifies the basic configuration to increase security. Security guards can prevent unauthorized personnel from entering a secure area. Change management processes help prevent outages from configuration changes. An account disablement policy ensures that accounts are disabled when a user leaves the organization.”
― Darril Gibson, CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide

“VM escape is an attack that allows an attacker to access the host system from within the virtual system.”
― Darril Gibson, CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide

“Hardening is the practice of making a system or application more secure than its default configuration.”
― Darril Gibson, CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide

“One Click Lets Them In It’s worth stressing that it only takes one click by an uneducated user to give an attacker almost unlimited access to an organization’s network.”
― Darril Gibson, CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide

“The card doesn’t require its own power source. Instead, the electronics in the card include a capacitor and a coil that can accept a charge from the proximity card reader. When you pass the card close to the reader, the reader excites the coil and stores a charge in the capacitor. Once charged, the card transmits the information to the reader using a radio frequency.”
― Darril Gibson, CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide

“A clean desk policy directs users to keep their areas organized and free of papers. The primary security goal is to reduce threats of security incidents by ensuring the protection of sensitive data.”
― Darril Gibson, CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide

“by adding redundancy into your systems and networks, you can increase the reliability of your systems even when they fail. By increasing reliability, you increase one of the core security goals: availability.”
― Darril Gibson, CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide

“Educating users about new viruses, phishing attacks, and zero-day exploits helps prevent incidents. Zero-day exploits take advantage of vulnerabilities that aren’t known by trusted sources, such as operating system vendors and antivirus vendors.”
― Darril Gibson, CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide

“When implementing password history, it’s best to include a minimum password age setting.”
― Darril Gibson, CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide

“The most effective protection against unwanted adware is the use of pop-up blockers in web browsers. Many pop-up blockers support lists of URLs that allow pop-ups.”
― Darril Gibson, CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide

“The Secretary of Defense directed members of different services to “secure that building.” Navy personnel turned off the lights and locked the doors. The Army occupied the building and ensured no one could enter. The Marines attacked it, captured it, and set up defenses to hold it. The Air Force secured a two-year lease with an option to buy.”
― Darril Gibson, CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide

“Creating Strong Passwords One method used to make passwords more secure is to require them to be strong. A strong password is at least eight characters in length, doesn’t include words found in a dictionary or any part of a user’s name, and combines three of the four following character types: Uppercase characters (26 letters A–Z) Lowercase characters (26 letters a–z) Numbers (10 numbers 0–9) Special characters (32 printable characters, such as !, $, and *) A complex password uses multiple character types, such as Ab0@. However, a complex password isn’t necessarily strong. It also needs to be sufficiently long. It’s worth noting that recommendations for the best length of a strong password vary depending on the type of account.”
― Darril Gibson, CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide

“Antivirus software detects and removes malware, such as viruses, Trojans, and worms. Signature-based antivirus software detects known malware based on signature definitions. Heuristic-based software detects previously unknown malware based on behavior.”
― Darril Gibson, CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide

“In an IV attack, the attacker uses packet injection, increasing the number of packets to analyze, and discovers the encryption key.”
― Darril Gibson, CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide

“like the old joke about the meaning of secure. The Secretary of Defense directed members of different services to “secure that building.” Navy personnel turned off the lights and locked the doors. The Army occupied the building and ensured no one could enter. The Marines attacked it, captured it, and set up defenses to hold it. The Air Force secured a two-year lease with an option to buy.”
― Darril Gibson, CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide

“Phishing to Get Money The classic Nigerian scam (also called a 419 scam) is alive and well. You receive an email from someone claiming a relative or someone else has millions of dollars. Unfortunately, the sender can’t get the money without your help. The email says that if you help retrieve the money, you’ll get a substantial portion of the money for your troubles. This scam often requires the victim to pay a small sum of money with the promise of a large sum of money. However, the large sum never appears. Instead, the attackers come up with reasons why they need just a little more money. In many cases, the scammers request access to your bank account to deposit your share, but instead they use it to empty your bank account.”
― Darril Gibson, CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide

“Wildcard certificates use a * for child domains to reduce the administrative burden of managing certificates.”
― Darril Gibson, CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide

“A digital signature is an encrypted hash of a message.”
― Darril Gibson, CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide

“security is never finished.”
― Darril Gibson, CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide

“This is like a friend extending his hand to shake hands with you, you extending your hand in response, and then, at the last instant, the friend pulls his hand away. Although you or I would probably stop extending our hand back to someone doing this, the server doesn’t know any better and keeps answering every SYN packet with a SYN/ACK packet.”
― Darril Gibson, CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide

“disabling the SSID makes it a little more difficult for attackers to find your network, but not much. It’s almost like locking the front door of your house, but leaving the key in the lock.”
― Darril Gibson, CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide

“Please Do Not Throw Sausage Pizza Away” (for Physical, Data Link, Network, Transport, Session, Presentation, and Application).”
― Darril Gibson, CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide

“HOTP and TOTP are both open source standards used to create one-time use passwords. HOTP creates a one-time use password that does not expire. TOTP creates a one-time password that expires after 30 seconds.”
― Darril Gibson, CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide

“The smurf attack spoofs the source IP. If the source IP address isn’t changed, the computer sending out the broadcast ping will get flooded with the ICMP replies. Instead, the smurf attack substitutes the source IP with the IP address of the victim, and the victim gets flooded with these ICMP replies.”
― Darril Gibson, CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide

“Some basic guidelines are: Don’t click on links within emails from unknown sources (no matter how curious you might be). Don’t open attachments from unknown sources (malware can be embedded into many different files, such as Portable Document Format (PDF) files, Word documents, Zip files, and more). Be wary of free downloads from the Internet (Trojans entice you with something free but include malware). Limit information you post on social media sites (criminals use this to answer password reset questions). Back up your data regularly (unless you’re willing to see it disappear forever). Keep your computer up to date with current patches (but beware of zero-day exploits). Keep antivirus software up to date (but don’t depend on it to catch everything).”
― Darril Gibson, CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide

“touch.”
― Darril Gibson, CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide

“Perfect forward secrecy is an important characteristic that ephemeral keys comply with in asymmetric encryption. Perfect forward secrecy indicates that a cryptographic system generates random public keys for each session and it doesn’t use a deterministic algorithm to do so. In other words, given the same input, the algorithm will create a different public key. This helps ensure that systems do not reuse keys.”
― Darril Gibson, CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide