Why Password Salting is Essential for Protecting Against Cyberattacks

 Salting Passwords

Password salting is a security measure that enhances the protection of stored passwords by adding random data, known as a "salt," before the password is hashed. This process generates unique hashes for even identical passwords, making it significantly more difficult for attackers to crack them using techniques such as rainbow tables or brute-force attacks. 

What are Salted Passwords and Password Hashing? 

Here's a detailed explanation:

1. What is a salt?

A salt is a random string of characters generated for each password. It's unique to each password instance and is used to enhance the security of the hashing process. 

2. How does it work?

Salt Generation: When a user creates or updates a password, the system generates a random salt. 

Salt Combination: The salt is combined with the user's password before it is hashed. This can be done by prepending or appending the salt to the password, or even by using a more complex method. 

Hashing: The combined string (salt + password) is then processed using a cryptographic hash function (like SHA-256 or bcrypt). 

Storage: The salt and the resulting hash are stored separately in the database. 

3. Why is it important?

Preventing Rainbow Table Attacks: Rainbow tables are precomputed tables of hash values for common passwords. By salting passwords, each password has a unique hash, even if multiple users have the same password, rendering rainbow tables ineffective. 

Defending Against Brute-Force Attacks: Salting makes brute-force attacks significantly more difficult and time-consuming because attackers would need to try every possible salt-password combination. 

Protecting Against Dictionary Attacks: Salting also helps prevent dictionary attacks, where attackers try common words and phrases as passwords, by making each password's hash unique. 

4. Example: 

Let's say two users have the same password, "password". Without salting, they would have the same hash. However, with salting, each user would have a unique salt (e.g., user1: "salt123", user2: "salt456"). The system would then hash "salt123password" and "salt456password" separately, resulting in different hashes, even though the original password was the same. 

5. Best Practices: 

• Random and Unique Salts: Salts should be generated randomly and be unique for each password. 
• Salts are not secrets: While the salt is not a secret, it's essential to store it securely alongside the hash. 
• Re-salting on Password Change: its good practice to generate a new salt each time a user changes their password.

Key Stretching - Protecting Passwords

 Key Stretching

Key stretching is a way of slowing the attacker down from discovering a password in a hashed format. This method uses thousands of rounds of hashing. It first hashes the password, then hashes the hash, and continues this process.

The attacker would have to guess the password and start the hashing process by testing each hash until they find a match.

There are two main methods of key stretching: bcrypt & PBKDF2 (Password-Based Key Derivation 2)

 Bollards

Bollards are used as a barricade to prevent a vehicle from approaching the building at a high rate of speed. This stops an intruder from being able to crash through an entrance and then being able to steal equipment. 

They are also used as a safety control.

Air Gapped Network

 Air-Gapped Network Example

The network on the left is the main network for the organization and is connected to the Internet. 

The network on the right is not connected to the main network or the Internet. 

An air-gapped network is physically isolated from the main network and the Internet. It is used in government offices, research and development, and any other network that needs to be completely isolated. 

NIC (Network Interface Card) Teaming

 NIC Teaming - Fault Tolerance

For the CompTIA Security+ Exam

NIC teaming uses multiple network connections from a single server. Instead of 1 Gbps, you now have 4 Gbps. This provides redundancy and fault tolerance, giving you uptime.

You must use LACP (Link Aggregation Control Protocol) on the switch to prevent a switching loop. Even if a port fails, you still have 3 Gbps. 

Learn Programming Languages, Linux Commands, Keyboard Shortcuts

Cheat Sheets - Programming Languages & More

This site is more than learning programming languages, references, and cheat sheets. It also covers many Linux commands, Databases, and keyboard shortcuts for several applications. 

This site can actually help those studying for many CompTIA exams. You can learn how the output for different languages can better help you understand ITF+ questions. 

The Linux commands will also help those taking the CompTIA Security+ exam understand what the commands do and be able to look at log outputs to decipher what has happened.

CompTIA Security+ (SY0-701) Exam Preparation

 SY0-701 Site for Better Understanding

This site will help students better prepare for the CompTIA Security+ (SY0-701) exam. It covers many objectives, such as Cryptography, Access Control Methods, Incident Response, Vulnerability Management, SIEM (Security Information and Event Management), SOAR (Security Orchestration and Automated Response), Social Engineering, Malware, Penetration Testing, Cloud Security, Secure Coding Practices, and Risk Management.