#TC2027 #TBT

--Originally published at Don't Trust Humans, Trust Computers

The semester has come to an end, and with it, it comes to answer the ecoas and make public reviews about your classes during the semester…ok, I am just making a review about one class: “Seguridad Informática” aka #TC2027. This class was imparted by Ken Bauer and this is class is the reason way I made this blog. For me this class had its pros and cons, like many other classes (but most of my cons I think it was me instead of the class, but I am going to talk about that in a little bit).

giphy-9

So this class was a little different from other classes, because it involved a flipped learning methodology (which flipped many of my classmates and I include myself in this one) and an abolish grading policy kind of situation. So the good thing about this class was that Ken tried to take us out of our comfort zone of learning, which is both, good and bad depending of how you see it. At first, I was very disconcerted about this situation, because I am not very into writing blogs (or any kind of writing), so this was kind of a challenge for me. Then the abolish grading policy, I saw it as a good thing, because it either proves own well you know yourself or how well you trick yourself; and besides it was a new policy we never had before so there’s that.

For me the hardest part of this course was writing the blog post, because as I mentioned I am not use to write this type of things. So I was stress, because I didn’t wanted to make a blog that was very “school alike” and I wanted a blog that was more “”me””. At the end, the process of making

giphy (10).gif
Continue reading "#TC2027 #TBT"

Excuse me, who are you?

--Originally published at Don't Trust Humans, Trust Computers

Each person in this planet has something that identifies him/her. It could be a physical characteristic, like nose shape, eye color, hair, a scar, etc., or it could be a non-physical thing like voice tone, name, the way you speak, and so on. We even have legal documents that verify who we are in a society. No matter in what part of the world we are, we are someone and we can probe that we are the person we say we are. But if the pass from the physical world into the digital one. In the digital world, we can be any one and there’s no one that is checking if we are really who we say we are, or maybe there is? The truth is it depends on how you see it. Because there are websites, like Tumblr that ask you for a user and a password, so there is really someone checking that the user and password match, but once inside Tumblr is another story. If you came to realize, there are many places in the digital environment that ask for a user and password, and that is important matter in the security aspect.

giphy-8

Authentication and access control are two complementary topics that go on hand in hand. Most of the time you want this type of security in any system you are in to protect the information that is inside a system. And of course, it affects which user access the system. Authentication is the process of verifying if you are really the user you say you are. This process there are two key elements: the identifier and the authenticator. By identifier we mean the user, that tells who you are and the identifier is commonly known as the password that verifies that is truly you who is

screen-shot-2016-11-23-at-9-58-57-pm
Continue reading "Excuse me, who are you?"

The network is down

--Originally published at Don't Trust Humans, Trust Computers

Do you remember you life before the internet? where you had to go outside to socialize with people, and laugh to your uncle’s bad jokes instead of memes. Yeah a pretty scary scenario that is in the past. Luckily we live in an era where the internet has become a major part of our lives, but how does the internet can reach SO many people? Well, that’s because the internet is just a HUGE network, where everybody is connected to. That network is a network that is formed out of other networks, and those other networks are formed out of OTHER networks and so on and so on. This networks are made of various components, like: computers, servers, routers, hubs, switches, cables, and other items. All this components are key elements so a network can function properly, along with the right configuration in each item that need it. So this are VERY important and need to be secure from any type of attack or incident that might happen, or else the network can have some problems. That why network security is essential.

Network-security-trends.png

As cisco states “Network security refers to any activity designed to protect the usability and integrity of your network and data. It includes both hardware and software technologies”.  Network security include many types like:

  • Access control.
  • Antivirus and antimalware software.
  • Application security.
  • Behavioral analytics.
  • Data loss prevention.
  • Firewalls.
  • Mobile device security
  • Wireless security and many more.

Networks are in constant a threat some of the most notorious threats they have are DoS. DoS stand for Denial of Service, and what it does is basically send more request than a machine can handle. The purpose of this attacks is to take down a service a server is giving. This are a very common attack a network can receive and there

Continue reading "The network is down"

Please, not Windows again!

--Originally published at Don't Trust Humans, Trust Computers

#CParravirgen

As part of the collective knowledge, I parter up with my friend Alex Carrillo, please give it a check at his blog too!

This time, we decided to work together on a blog about OS security. Here is what we came up with:

An OS can face many types of threats, and it needs to be able to protect itself. Here we will list some features or actions, that an OS needs to have or be done.

  • User Authentication
    • User authentication is a very important aspect to have, because with this, the OS can give access only to does people that have a user and a password. if an external person tries to access the computer by trying an invalid user and password, this will immediately reject them. Also by creating users, the OS can gave special privileges to some users. Of course, to be able to do that…

Ver la entrada original 734 palabras más


Security Countermeasures

--Originally published at Don't Trust Humans, Trust Computers

We live in an era, where everybody has some kind of digital device. Most of us have at least 2 of this devices, if not more. We interact with them in a daily basis; in our work, in our home, at the school, at entertainment centers, etc. This gadgets are taking over the world, but most importantly our lives. And if this devices are being an essential part of our lives, well… we are very likely to have some security threats on our way. In our lives, we are always expose to some kind of threat, even if we like it or not, and if we have a digital device, we are expose to a different new kind of threat, that it didn’t exist before.

Security concept: Closed Padlock on computer keyboard background

There exist so many cyber security threats out in the world, and we need to be prepared if we encounter one. So here I am going to list you some of the most common threats and some countermeasures to those problems.

  1. Spoofing user identity.- using a fake authentication to gain access to a system.
    • Countermeasures:
      • Do not store passwords in files.
      • Use a strong authentication.
      • Do not send passwords over the internet.
  2. Tampering with Data.- unauthorized modification of data.
    • Countermeasures:
      • Use digital signatures.
      • Use data hashing and signing.
      • Use strong authentication.
  3. Information Disclosure.- unwanted exposure of data.
    • Countermeasures:
      • Use strong encryption.
      • Use strong authentication.
  4. Phishing.- making use of a fake email or webpage so user can put personal information
    • Countermeasures:
      • Delete suspicious email.
      • Enter to verify websites.
      • Look for digital signatures.
  5. Malicious Code.- software that cause malfunctions inside a system.
    • Countermeasures:
      • Turn off automatic downloading.
      • Block malicious websites.
      • Stay current with OS updates.
  6. Weak and Default Passwords

Security on the web

--Originally published at Don't Trust Humans, Trust Computers

giphy-5

OOOH the internet such a beautiful and harmonic place yet so full of stranger dangers and mischievous things. People must of the time are very naive when they are on the internet. They are not well aware of the dangers that the internet has. Even though this seems like I am giving a bad reputation to the Internet, I am only saying the truth. Yes, the internet is one of the most amazing inventions there is. It has help people from all over the world communicate in a way it seems impossible before and has brought us many other wonderful things. But sometimes there are people that take advantage of this great invention and try to use it for malicious purposes. Every time we navigate in the internet we are expose to some kind of danger, but if we are smart enough we will be able to not fall into the tramps.

giphy-7

Here are some advices to take in consideration when we are in the internet.

  • Passwords
    • How many of us know a person that has a very awful password, if we he/she share his/her password so freely, well… there’s a problem. When we are creating accounts to some websites and they ask us for a password, we need to create strong password. Try combining letters (both capital and lowercase), numbers and special characters. DON’T share your passwords with any one, unless you truly trust the person you are sharing it with. Don’t use the same password for different websites, try using a different one in every website.
  • Internet Browsers
    • To be able to navigate in the internet we need a browser to do that. There are plenty of browser out there for you to choose from. When you have selected your browser, you have to make sure is up-to-date.
      giphy-6
      Continue reading "Security on the web"

The Law and Values: CyberSecurity

--Originally published at Don't Trust Humans, Trust Computers

In our daily, we face a lot of decision we need to make. Some of them are very simple and do not need much thinking; and in the other hand, sometimes we need to make very hard decision that not only may affect us, but also it might affect others. I am sure that in more than one time we have face a situation where ethics are involve. There are going to be moments in our life where ethics and even legal matters are going to be involve and we need to be prepare to be able of making the “right” choice. The information security area is fill with ethical and legal situations that we need to be aware of.

Ethical and Legal - businessman confused Standing at the crossro

When we talk about ethics in information security, is a vast topic with plenty of situations. In this kind of situations we need to take in account our own ethics and the ethics of our profession. The values and principles we have as a person are an important factor at the moment of making decisions. Our own ethic code depends on several factors, like: family values, the environment we live in, the culture we have, and many other factors. When we are we receive our bachelors degree, we instantly form part of another community and like many other communities, they have a code. In information security there are plenty of organization that have written how a computer scientist should behave. The Computer Ethics Institute have written 10 commandments of computer ethics, which are:

  1. Thou Shalt Not Use A Computer To Harm Other People.
  2. Thou Shalt Not Interfere With Other People’s Computer Work.
  3. Thou Shalt Not Snoop Around In Other People’s Computer Files.
  4. Thou Shalt Not Use A Computer To Steal.
  5. Thou Shalt Not Use A Computer To Bear False Witness.
  6. Continue reading "The Law and Values: CyberSecurity"

I can’t read you message

--Originally published at Don't Trust Humans, Trust Computers

In 2014, a movie called “The Imitation Game” was released. This movie is about Alan Turing, one of the fathers of computer science. He build a machine capable of figuring out the secret message the Germans where transmitting to each other, back in the WWII era. The messages the germans where sending and receiving, where encrypted messages that only they know how to decrypted them. Turing was clever enough to build a machine that could decrypt those message, and thanks to that the Allies gained a great advantage against the Axis. Of course, it took a lot of Turing’s patience and time, to be able to build this machine. I bring this movie, because in it is about cryptography.

imi

For those who doesn’t know what cryptography is, well, is the process of securing information from other people. In other words, is about making text unreadable to persons for who’s the message doesn’t concern at all. Like for example, let’s say you want to send a message in class to your friend, but you don’t want anybody but your friend to understand the message. So you and your friend plan to have a secret code so the text you and him write could only be decipher by you.

In cryptography, there are two main processes, the first one is encryption and the second one is decryption. Encryption is all about making a normal plain text into something unreadable, just converting a text into random letters. And decryption is the other way around, is the process of converting the unreadable text into an understandable text again.

giphy-3

There exists many algorithms that will do encryption and decryption, some of them are pretty simple, while other are more complex. To these algorithms we called them ciphers. Some of the most famous ciphers are:

Classic Security Architecture Models

--Originally published at Don't Trust Humans, Trust Computers

In a past post , I talked about security policies and how are they made; but I didn’t said how they are put in action. The policies only tells you how things need to be organize and how are they suppose to function. They are the sets of rules in the system. There are some security policies that are behaviors that people need to have inside a company, and there are other policies that specify the behavior of the system. If the security policies only say how things are suppose to be, then how can we make sure they are being follow correctly? For that reason there exist security models.

asd

A security model is the representation of the security policy. The security model abstracts the goals of the policy and makes them a reality in the system, by creating the necessary code inside the system. The security model is the concrete way of how the policies are going to be fulfill in the system. Lets see the policies as the goals or the end results and the models as the way of how we are going to achieve does goals. There some very well known models, that many people use. These models are:

  • State Machine Models
    • Bell-LaPadula Model
    • Biba Model
    • Clark-Wilson Model
  • Information Flow Model
  • Noninterference Model
  • Brewer and Nash Model

State Machine Model

This model focuses by using “states” that will say if the system is secure or not. In here we check the instance of subjects accessing objects and checking if the state is safe. When we use the word state, we address it as a moment in time in the system. When a system is moving form one state to another we call it state transition. The purpose of the state machine is to always stay in safe

Continue reading "Classic Security Architecture Models"

The Evil Within my Computer

--Originally published at Don't Trust Humans, Trust Computers

I remember when I was a kid entering to these websites were you can play free games. Sometimes I entered to webpages that were legit, but other times I didn’t. And I entered those unlegit websites because I didn’t knew of the harm that those websites could cause. So by now you probably figure out that my computer was FULL of malware, by that time. The concept of malware is not knew in the computer science community, but many people do not know what is malware and the various types of malware it exists in the world. In this post I will talk about some of the most common malware there are and how can we prevent them.

infracciones-hacienda

But before I tell you the types of malware, we need to come clean with the term “malware”. Malware is just the combination of the words malicious and software; and it is software made to cause malfunctions in any system, spy or even take data form the system without the owner knowing about it. There is a great range of malware out there, but here I am going to tell you the most common ones.

Adware

How many time have you enter a website and thousands of pop-ups appear in your monitor saying that you are the 1,000 visitor or that you have won a brand new iphone? Well, this pop-ups are known as adware and it is purpose is to show emerging publicity. Most of the time if you click in one of this pop-ups, it will install you automatically a tool bar so you can enter the websites where you will see this pop-ups. Also, sometimes these kind of malware come with somekind of spyware, which I will discuss later.

Virus

Just as you get sick because a virus or

Continue reading "The Evil Within my Computer"