TC2027 Class Review

--Originally published at TC2027 – Will It Blog?

I think the method intended to use in the course was good but it has also room for improvement. Through the semester, I did the effort to keep it up with it and learned stuff but I’m not quite convinced yet if it was the best choice to learn this kind of subject.

Here are the things that I perceived from this class that could help improve it.

  • Discussions on class: I think they fell short because there was a lack of organization, we can have discussions where everyone could participate if we first preestablish the topics to be discussed on class and ask for a blog post related to certain topic before, having everyone write from different sources but also coming to the class to centralize the knowledge, learn what others wrote about and from that coming to a conclusion would have been more effective to me.
  • Writing blog posts: It was ok to me, but I have to admit that after writing that many (20 in total throughout the course) it becomes a bit monotonous, similar to writing an essay.
  • Lab practices: I think some of them were not that well landed in accordance with the course topics. Also I would have appreciated a bit more problem-solving-challenging style kind of practices, because I think some of them just limited to just install things but not see their actual application on real scenarios. Preparing some dynamic activity/lab practice that required us to use those tools would have been a much better approach.

Leaving aside my personal opinions from this method and class I have to admit that great blog posts (related and unrelated to the course) from great classmates came out as a result from it. The thinks I liked where: using twitter and the freedom in general to

Continue reading "TC2027 Class Review"

Network Security Policies

--Originally published at TC2027 – Will It Blog?

Directly from googles search “security policies”. I came first to the definition of security policy just like that. Security Policy is a document with a protection plan on physical and information technology assets. Then I came to the definition of “network security policy” and that is a generic document that specifies or outlines rules for computer network access.

So I guess the second one was the one oriented for this course. With this sort of document organizations can greatly improve the security of their Information and Communications Technologies systems and keep the patched against known vulnerabilities.


Security policies must be subject to the  following risks:

-Unauthorized changes to systems (remember.. THE CIA TRIAD OMG)
-Exploitation of unpatched vulnerabilities (Keep those databases updated)
-Exploitation of insecure system configurations (do not draw on intentional vulnerabilities they might cause backdoors).

So to get this sort of risks to be managed, security policies have to:

  • Ensure that updates and system patchs are applied in a timeframe.
  • Maintain hardware and software orientates
  • Conduct regular vulnerability scans
  • Disable unnecessary I/O devices and removable media access
  • Maintain a whitelist and execution control.
  • Limit user ability to change core configurations.

Whitelist: List with authorized applications and software that has permissions to execute.

Network Security

--Originally published at TC2027 – Will It Blog?

A network is done when two or more machines are connected together and sharing resources. The internet is not more than a network of networks. Right now I’m going to focus in wired networks security. The wire used to connect two computers using the Ethernet protocol is called UTP (Unshielded Twisted Pair). This commonly are connected to switches which are connected to Routers, this is the basic scheme of a network.

Also neat network wiring looks really awesome, just like the armor of an Eva Unit.


Back to the topic, common vulnerability is  unauthorized access, which well the term explain itself. If the attacker gains access it can exploits several vulnerabilities. Tthe following are a list of vulnerabilities found in several of the parts that conform a network. I will require that you already know what the Layers of the OSI Model are and what sort of protocols are used at each level (I will leave a diagram just in case).

Image result for OSI Model and Protocols at each layer

Vulnerabilities inside TCP/IP Protocol

This is the protocol suite (group of protocols) in which the internet is builded on. One of the protocols that runs in this model is the TCP protocol which has a vulnerability in the three way handshake done when establishing a new connection, an attacker can open a half open session through tons of SYN messages, this would eventually flood the server and make it crash, also IP spoofing attacks can be done through the network (like the ping of death) used in DoS attacks.

Vulnerabilities in the DNS

The Domain Name Server the one in charge of resolving host names into ip addresses also has vulnerabilities that could be exploited. This program can be attacked to modify its records and redirect traffic to an incorrect or malicious IP address, this goes by the name

Continue reading "Network Security"

Total domination of the World! … Or at least of your OS?

--Originally published at TC2027 – Will It Blog?

First of all I would like to say this was a post in collaboration with two other people: Cesar Cornejo and Audray (Ariadna)

About everybody knows by now that systems need security in order to protect data from access of unauthorized users or malicious programs. Operating Systems are no exception to this rule.

Related image

Another characteristic of Operating Systems aside from performing hardware abstractions and sharing/coordinating data among processes, is that they also need to ensure security on each one of its resources such as CPU, disk memory, ram memory, programs and information or data that programs use.


How do they achieve this? For example In UNIX systems at the most low level inside we have three protection domains available: owner, group and global. For each domain three operations are allowed over a certain resource and those are either reading (r), writing(w) and executing (x). So only the superuser (or the sudo user) can change resource settings in order to manage the permissions over those resources, the type of session that is allowed to use them and what are they allowed to do with them.

Related image

Mac OS

On other hand, Apple’s Mac OS X implements extra layer security like:

  • Application Firewall which lets you control the connections made to your computer by others.
  • Gatekeeper which can block, in previous configuration, any install aside from the apps made by Apple.
  • XProtect which compares any downloaded file with a blacklist made by Apple of known malware.

This extra security measures can make a big difference to the average user of any computer and having them running by default is a big plus to not worry with technical issues.

Image result for simpsons lies

We can make an extra comment about an usual myth: Neither Mac’s nor Unix’s can’t get virus.It’s a lie, both of them can

Related image
Continue reading "Total domination of the World! … Or at least of your OS?"

PHP: Security Perspective

--Originally published at TC2027 – Will It Blog?

Through this semester one of my goals was to learn php and hopefully understand how the backed of an application worked, it also resulted convenient because I had a course on Web development and I though I would be using it on my project for that class.

But at the end I heard from colleagues and forums how it was a pretty unruly/insecure language and through the course we once used this framework called CakePHP. That was my first approach ever to MVC arquitechture. I didn’t like it, it was confusing and it was after watching 2 tutorials that I started understanding what was going on. There are also other php frameworks like lavarel that offer a more elegant way of writing code but I think the thing is that one must understand or have an idea of the language the framework is using.


So I started reading this guide of crude php and what surprised me the most was this part mentioned when covering the part of sessions inside php.

Session fixation describes an attack vector in which a malicious third-party sets (i.e. fixes) the session identifier (SID) of a user, and is thus able to access that user’s session.

And they proceed to mention other things like not to store sensitive information on a cookie, md5 hashing (to “increase” security on data exchange) and other stuff, but I was still worried about the security involved when using this language. What I want to cover is the vulnerabilities that the language has and what I think is the reason that it is so rejected by many developers.

First of all php comes as a language of back end (server side oriented), created back in 1994 and its meaning was PERLsonal home page as I will call it

Continue reading "PHP: Security Perspective"

Administrating Security (Risk Assessment Methodologies)

--Originally published at TC2027 – Will It Blog?

It is a fact that system administrators may found themselves also doing some security tasks within their organizations or projects, having to carry  on the security of both users (technical aspects) and upper management (explain costs).

What is risk analysis?

This is procedure is used to estimate potential losses that may result from system vulnerabilities and to quantify the damage of those. So as a  primary goal of risk analysis we have the selection of cost-effective safeguards to reduce risk to an acceptable level.

In more simple words,  is a way to figure out how important is your system and how far you are willing to go to protect it.

Yahoo Screen fire tim tebow on fire puppies

First we want to detect the most valuable asset (information and puppies) aside from the tangible assets (equipment). Also consider the importance and vulnerability of that information.Costs. The cost of losing or compromising the information and the cost of protecting the information (maintenance)

Contingency plan

Plan for disaster, it may spell the difference between a problem and a catastrophe.Backups are the key to disaster planning. As simple as invoking activities as backing up data for storage at remote secure facilities and arranging other equipment facilities.

Thread Modeling

Getting into more technical stuff one of the first steps into any kind of security developing life cycle model is threat modeling therefore is a procedure that optimizes any kind of app or network instance by identifying objectives and vulnerabilities, and then countermeasures to prevent or mitigate its effect.

The image below (courtesy of Microsoft) are the steps of a generic threat modeling process

Once done, the next thing you want to do is to find security issues by performing several code reviews or penetration tests, otherwise the problems will not be discovered until production time and that just compromises the

Continue reading "Administrating Security (Risk Assessment Methodologies)"

About Firewalls

--Originally published at TC2027 – Will It Blog?

Everyone has heard of this term at some point. Whenever a program installed in your computer doesn’t work, one of the first “recommendation” or quick solution is to turn off the firewall. This is super risky because the firewall is the first line of defense an OS has.

Firewalls stands between the computer or networks in which the machine resides, and shields it from the dangers on the internet. Sometimes it is also referred as a Containment device.There are two kinds of firewall: it can either be a software program running on a computer or it can be build into a hardware device such as a wireless base station or a router hub (like the one below).

The way  a firewall works is by dividing the network in various zones and regulating the activity inside it. This is basically just avoiding the issue with non-authorized traffic so it can not enter or leave a certain zone. Even more concise a firewall lets you take control of the flow of data.

But a firewalls functionality doesn’t just limits itself to block access to non-authorized packets. It has two mayor roles: prevent and detect.

Prevents in the way that it filters the traffic in accordance to a security directive. Common filtering criteria comes from the following:

  • IP address
  • Type of service
  • Port number
  • Header Data

Firewall also detects attacks. It registers the accessing hosts or network attempts and it alerts administrators when the attempts look suspicious of being an attack.

How is it done?

Discarding Pings

This uses one of the most basic network tools used in order to see if a certain host is up and running, the PING !

Ping Utility: sends data packets to the remote system represented by its ip address and waits for a reply

There is
Continue reading "About Firewalls"

Malicious + Software = Malware

--Originally published at TC2027 – Will It Blog?

We have all have had that one friend who’s computer got infected by a virus so badly that had to wipe off his or her entire computer or  maybe you have received a suspicious  email from someone you don’t have on your contact list, that is malware on the move, so if you are skeptic enough you’ll trash immediately that email.

Most malicious software today don’t resign to just infect machines and consume its resources, they also require machines in order to keep propagating and infect other machines.Malware can make use of several attack tools that we can label them based on their function, the most common ones are Denial of Service Attack (Dos),  Distributed Dos Attack (DDoS), Sniffer and others. The following  are a list of known malware and their :

Exploits: They capitalize on known or undiscovered vulnerabilities (bugs, system weaknesses) in order to carry onto the system other forms of malicious intent.

Rootkit: Installs a new account or steals an existing one, to elevate the security level of that account to the highest degree (can be root on Unix or administrator on Windows) so that the attacker can take full control of the machine.

Trojan Horse: Is a malware that passes through computer defenses by pretending to be useful software.

Bots: Although most of the known bots are harmless (like Cortana, Siri, Q/A bots), bots essentially are programs created to automatically perform and respond with pre-made operations. So they are also capable of sending spam and obtaining personal information from users via “chatbots”.

Randsomeware: Holds a computer captive until some ransom or demand is fulfilled. The machine is literally kidnapped, because the malware restricts its access to the point where it can encrypt files. Ransoms usually demand for money.

A real example of this is the malware

Continue reading "Malicious + Software = Malware"

Authentication and Access Control (Part I)

--Originally published at TC2027 – Will It Blog?

Yesterday on a workshop about a rapid prototyping tool for making web applications, a classmate asked about the options that the tool offered in order to authenticate users. For that the instructor went along to ask us if we knew the difference between authentication and authorization.

An easy way to differentiate both is to make two questions. Who’s allowed to log in? (authentication) and once the user is already logged into the system, what is he allowed to do? (authorization). That just comes as an introduction in order to talk about  the different types of authentication that exist out there, it is not important to remember all of them exactly but if you can read them once you will know what can be done in order to accomplish a reliable authentication method.

In most kind of systems you identify yourself with some kind of identifier (usernames, emails) followed by a password, that is the most common authentication method and it is called PAP (Pen Apple Pen, just kidding it stands for Password Authentication Protocol). At the most basic level you  will have the server looking for these values on the tables and if there exists a record then grant access.

Challenge Handshake Authentication Protocol (CHAP)

In this method the server in charge of the authentication process sends the user an ID and a random number, also the sender and receiving program share a predefined secret word.

So the client strings together ID + generated random + secret word, in order to make a key that can be hashed, this retrieves a new value. This new value is sent to the authenticator, which now has the job to compare it with a built string made by itself using the same hash.

Mutual Authentication

Also known as two way-authentication.
Continue reading "Authentication and Access Control (Part I)"

Caesar and Vigenere Ciphers

--Originally published at TC2027 – Will It Blog?

Image result for ciphers


This page was very useful and I found it very illustrative for both ciphers.

In class and because I was in a hurry I did a pretty bad Vigenere with matrices and confusing indexing. I had to exploit more the python language and use more of its features so I came up with the following functions for encrypting and encrypting. I also did an additional method called left shift in order to shift the alphabet array and continue with the indexing of each letter in reference to it.

This ended up being very handy for both ciphers. The function only does the splitting from shift point to the right and from shift point to the left, the concatenation of both lists into one list does the final encryption table reference.

Both ciphers can be encountered in this github repository