--Originally published at TC2027 – Will It Blog?

I think the method intended to use in the course was good but it has also room for improvement. Through the semester, I did the effort to keep it up with it and learned stuff but I’m not quite convinced yet if it was the best choice to learn this kind of subject.

Here are the things that I perceived from this class that could help improve it.

• Discussions on class: I think they fell short because there was a lack of organization, we can have discussions where everyone could participate if we first preestablish the topics to be discussed on class and ask for a blog post related to certain topic before, having everyone write from different sources but also coming to the class to centralize the knowledge, learn what others wrote about and from that coming to a conclusion would have been more effective to me.

• Writing blog posts: It was ok to me, but I have to admit that after writing that many (20 in total throughout the course) it becomes a bit monotonous, similar to writing an essay.

• Lab practices: I think some of them were not that well landed in accordance with the course topics. Also I would have appreciated a bit more problem-solving-challenging style kind of practices, because I think some of them just limited to just install things but not see their actual application on real scenarios. Preparing some dynamic activity/lab practice that required us to use those tools would have been a much better approach.

Leaving aside my personal opinions from this method and class I have to admit that great blog posts (related and unrelated to the course) from great classmates came out as a result from it. The thinks I liked where: using twitter and the freedom in general to

--Originally published at TC2027 – Will It Blog?

Directly from googles search “security policies”. I came first to the definition of security policy just like that. Security Policy is a document with a protection plan on physical and information technology assets. Then I came to the definition of “network security policy” and that is a generic document that specifies or outlines rules for computer network access.

So I guess the second one was the one oriented for this course. With this sort of document organizations can greatly improve the security of their Information and Communications Technologies systems and keep the patched against known vulnerabilities.

Security policies must be subject to the  following risks:

-Unauthorized changes to systems (remember.. THE CIA TRIAD OMG)
-Exploitation of unpatched vulnerabilities (Keep those databases updated)
-Exploitation of insecure system configurations (do not draw on intentional vulnerabilities they might cause backdoors).

So to get this sort of risks to be managed, security policies have to:

• Ensure that updates and system patchs are applied in a timeframe.
• Maintain hardware and software orientates
• Conduct regular vulnerability scans
• Disable unnecessary I/O devices and removable media access
• Maintain a whitelist and execution control.
• Limit user ability to change core configurations.

Whitelist: List with authorized applications and software that has permissions to execute.

https://en.wikipedia.org/wiki/Network_security_policy

--Originally published at TC2027 – Will It Blog?

A network is done when two or more machines are connected together and sharing resources. The internet is not more than a network of networks. Right now I’m going to focus in wired networks security. The wire used to connect two computers using the Ethernet protocol is called UTP (Unshielded Twisted Pair). This commonly are connected to switches which are connected to Routers, this is the basic scheme of a network.

Also neat network wiring looks really awesome, just like the armor of an Eva Unit.

Back to the topic, common vulnerability is  unauthorized access, which well the term explain itself. If the attacker gains access it can exploits several vulnerabilities. Tthe following are a list of vulnerabilities found in several of the parts that conform a network. I will require that you already know what the Layers of the OSI Model are and what sort of protocols are used at each level (I will leave a diagram just in case).

Vulnerabilities inside TCP/IP Protocol

This is the protocol suite (group of protocols) in which the internet is builded on. One of the protocols that runs in this model is the TCP protocol which has a vulnerability in the three way handshake done when establishing a new connection, an attacker can open a half open session through tons of SYN messages, this would eventually flood the server and make it crash, also IP spoofing attacks can be done through the network (like the ping of death) used in DoS attacks.

Vulnerabilities in the DNS

The Domain Name Server the one in charge of resolving host names into ip addresses also has vulnerabilities that could be exploited. This program can be attacked to modify its records and redirect traffic to an incorrect or malicious IP address, this goes by the name

--Originally published at TC2027 – Will It Blog?

Through this semester one of my goals was to learn php and hopefully understand how the backed of an application worked, it also resulted convenient because I had a course on Web development and I though I would be using it on my project for that class.

But at the end I heard from colleagues and forums how it was a pretty unruly/insecure language and through the course we once used this framework called CakePHP. That was my first approach ever to MVC arquitechture. I didn’t like it, it was confusing and it was after watching 2 tutorials that I started understanding what was going on. There are also other php frameworks like lavarel that offer a more elegant way of writing code but I think the thing is that one must understand or have an idea of the language the framework is using.

So I started reading this guide of crude php and what surprised me the most was this part mentioned when covering the part of sessions inside php.

Session fixation describes an attack vector in which a malicious third-party sets (i.e. fixes) the session identifier (SID) of a user, and is thus able to access that user’s session.

And they proceed to mention other things like not to store sensitive information on a cookie, md5 hashing (to “increase” security on data exchange) and other stuff, but I was still worried about the security involved when using this language. What I want to cover is the vulnerabilities that the language has and what I think is the reason that it is so rejected by many developers.

First of all php comes as a language of back end (server side oriented), created back in 1994 and its meaning was PERLsonal home page as I will call it

--Originally published at TC2027 – Will It Blog?

It is a fact that system administrators may found themselves also doing some security tasks within their organizations or projects, having to carry  on the security of both users (technical aspects) and upper management (explain costs).

What is risk analysis?

This is procedure is used to estimate potential losses that may result from system vulnerabilities and to quantify the damage of those. So as a  primary goal of risk analysis we have the selection of cost-effective safeguards to reduce risk to an acceptable level.

In more simple words,  is a way to figure out how important is your system and how far you are willing to go to protect it.

First we want to detect the most valuable asset (information and puppies) aside from the tangible assets (equipment). Also consider the importance and vulnerability of that information.Costs. The cost of losing or compromising the information and the cost of protecting the information (maintenance)

Contingency plan

Plan for disaster, it may spell the difference between a problem and a catastrophe.Backups are the key to disaster planning. As simple as invoking activities as backing up data for storage at remote secure facilities and arranging other equipment facilities.

Thread Modeling

Getting into more technical stuff one of the first steps into any kind of security developing life cycle model is threat modeling therefore is a procedure that optimizes any kind of app or network instance by identifying objectives and vulnerabilities, and then countermeasures to prevent or mitigate its effect.

The image below (courtesy of Microsoft) are the steps of a generic threat modeling process

Once done, the next thing you want to do is to find security issues by performing several code reviews or penetration tests, otherwise the problems will not be discovered until production time and that just compromises the

--Originally published at TC2027 – Will It Blog?

Everyone has heard of this term at some point. Whenever a program installed in your computer doesn’t work, one of the first “recommendation” or quick solution is to turn off the firewall. This is super risky because the firewall is the first line of defense an OS has.

Firewalls stands between the computer or networks in which the machine resides, and shields it from the dangers on the internet. Sometimes it is also referred as a Containment device.There are two kinds of firewall: it can either be a software program running on a computer or it can be build into a hardware device such as a wireless base station or a router hub (like the one below).

The way  a firewall works is by dividing the network in various zones and regulating the activity inside it. This is basically just avoiding the issue with non-authorized traffic so it can not enter or leave a certain zone. Even more concise a firewall lets you take control of the flow of data.

But a firewalls functionality doesn’t just limits itself to block access to non-authorized packets. It has two mayor roles: prevent and detect.

Prevents in the way that it filters the traffic in accordance to a security directive. Common filtering criteria comes from the following:

• IP address
• Type of service
• Port number
• Header Data

Firewall also detects attacks. It registers the accessing hosts or network attempts and it alerts administrators when the attempts look suspicious of being an attack.

How is it done?

Discarding Pings

This uses one of the most basic network tools used in order to see if a certain host is up and running, the PING !

Ping Utility: sends data packets to the remote system represented by its ip address and waits for a reply

There is

--Originally published at TC2027 – Will It Blog?

We have all have had that one friend who’s computer got infected by a virus so badly that had to wipe off his or her entire computer or  maybe you have received a suspicious  email from someone you don’t have on your contact list, that is malware on the move, so if you are skeptic enough you’ll trash immediately that email.

Most malicious software today don’t resign to just infect machines and consume its resources, they also require machines in order to keep propagating and infect other machines.Malware can make use of several attack tools that we can label them based on their function, the most common ones are Denial of Service Attack (Dos),  Distributed Dos Attack (DDoS), Sniffer and others. The following  are a list of known malware and their :

Exploits: They capitalize on known or undiscovered vulnerabilities (bugs, system weaknesses) in order to carry onto the system other forms of malicious intent.

Rootkit: Installs a new account or steals an existing one, to elevate the security level of that account to the highest degree (can be root on Unix or administrator on Windows) so that the attacker can take full control of the machine.

Trojan Horse: Is a malware that passes through computer defenses by pretending to be useful software.

Bots: Although most of the known bots are harmless (like Cortana, Siri, Q/A bots), bots essentially are programs created to automatically perform and respond with pre-made operations. So they are also capable of sending spam and obtaining personal information from users via “chatbots”.

Randsomeware: Holds a computer captive until some ransom or demand is fulfilled. The machine is literally kidnapped, because the malware restricts its access to the point where it can encrypt files. Ransoms usually demand for money.

A real example of this is the malware