Protecting Data - SY0-601 CompTIA Security+ : 2.1
Vložit
- čas přidán 31. 05. 2024
- Security+ Training Course Index: professormesser.link/sy0601
Professor Messer’s Course Notes: professormesser.link/601cn
Professor Messer's Practice Exams: professormesser.link/601ytpe
Discount Exam Vouchers: professormesser.com/vouchers/
Professor Messer Recommended Study Materials: professormesser.link/601rs
- - - - -
There are many different ways to protect our application data. In this video, you’ll learn about data sovereignty, data masking, encryption, tokenization, and more.
- - - - -
Subscribe to get the latest videos: professormesser.link/yt
Calendar of live events: professormesser.com/calendar/
Frequently Asked Questions: professormesser.link/faq
FOLLOW PROFESSOR MESSER:
Professor Messer website: professormesser.com/
Discord chat: professormesser.com/discord
Twitter: professormesser.com/twitter
Facebook: professormesser.com/facebook
Instagram: professormesser.com/instagram
LinkedIn: professormesser.com/linkedin - Věda a technologie
![[柴犬ASMR]曼玉Manyu&小白Bai 毛发护理Spa asmr](http://i.ytimg.com/vi/0TsXQ7z2Dh4/mqdefault.jpg)
when it comes to IRM, deos this relate to the Zero-trust, RBAC and other similar access control concepts ?
what if the attacker knows about the token (in the video it's 4545 ...) and then just sends that to the merchant payment server so then it goes step 6 and 7 to gain approval, wouldn't that allow the attacker to use the person's credit card by knowing his/her token is?
The tokens are only good for one use, so any transactions using a previous token would be rejected.
After learning about these attacks from your videos, it seems like Target is quite the target!
We love to hate Target
@@reversed5552 FR FR
ROFLMAO!!🤣
so is tokenization, spoofing the plain text basically ?, because its still plain text and its not encrypted but it is just something else
so tokenization can only be used with a phone or similar device to interact with the token service server? It won't work when using the chip or slide on a plastic card itself, for example?
That's correct, the card is going to use the actual card numbers for the transaction instead of a token.
With tokenization, does the token server give a new token once it is used, or does it wait for you to attempt a purchase?
I’m pretty sure it works the same as a DUO token.
Tokens are one time use
Is the process of tokenization the same if we used the credit card directly to pay instead of our phones?
Nope. If you use your credit card, then you're sending your actual credit card information through the system.
@@professormesser Thank you Professor!
Thanks
@ 9:14, couldn't you just capture the token and replay it? What prevents that from being successful? Or is it a new token every time?
A token can't be reused, so even if it was somehow captured it would be worthless.
Thanks for vid!
Professor Messer... you gotta do cissp one day
So with tokenization, does that mean it is safer to pay with a phone than with an actual credit card?
In many ways, using a mobile payment service is often more secure than using a physical credit card.