Is not my fault!

--Originally published at The shield of the world

So we all know that friend who have been so closed to kill his PC, without even knowing. And this is the topic for today, unintentional security issues. This is so common that you probably have already thought about some examples of yourself.

This is one of the most common causes of lost of information in enterprises so we are going to talk about how to prevent them.

  1. Control applications.- If we control the applications that the users can download and use in the working laptop, we are reducing the probability of an unintentional issue by a really big amount. But is not that easy, because the web browsers and email clients, are the most common points of entry for malware. A good solution for that software that is dangerous is to run it un isolated virtual machines. If the app is malicious, any infections would occur only in the VM and there is no harm to the host operative system.200w
  2. Filtering content.- Another solution and kinda related to what Adblock can offer, is filtering bad content. Strategically blocking only a small subset of harmful activity can have positive impact on minimizing the damage from an adversary.
  3. Limit executable content.- Blocking all files of a certain type, while effective, is not always feasible if the files are needed by the user. Effective technology exists that can take an attachment, perform analysis of the content, and even run it in a sandbox to examine the behavior; if it is malicious, it would be blocked, and if it is legitimate, it is allowed through. This gives a lot of flexibility, but limits the impact of stopping normal activities.giphy-1
  4. Control executable.- Compromising an accidental insider is usually done by tricking the user into running an executable that they believe
    giphy
    Continue reading "Is not my fault!"

User is no joke! User is important!

--Originally published at The shield of the world

So imagine your connection to your bank is not assured… I will be pretty mad and you? Hope you too, but there are some things web pages could do to help us trust in their web site. You may hear the phrase “Is like taking a candy from a baby” or something like that… I know the phrase in Spanish. But we are the baby in this big world called Internet. And we need some protection dude!

So, how is the Internet helping us to keep the candy and not help others to rob us? One of the measures that are being implemented are the HTTPS connections to the web pages. When you enter Facebook and your bank page, you will see a green lock aside from the address. This mean the page is secure and that your connection is private. You can even see the certificate that proves that the page is secure.

captura

And also, you can check the valid dates of the certificate and who emitted it.

Captura1.PNG

So, this is a good start for looking for our own security. Another good way to protect ourselves is with a publicity blocker. Like Adblock, some curious users may clic every link they see. This is one of the first reason why they are full of Malware and with a slow equipment.

When people think about web security, all of us think about how to protect a website. But is important to remember ourselves, how do we protect ourselves in this cold cold world. Using protected WiFi networks is another good example of how an User can improve his own security.

2001

Most of the advice we have already talked about them in another posts, you may be careful about the links you clic, about the emails you open, about where do

Continue reading "User is no joke! User is important!"

Let me in! I´m nice dressed

--Originally published at The shield of the world

So in one of the first post we talked about WiFi and the magic sensation when the WiFi is open! And I hope you remember we said that was one of the more easiest way to lose your information. Well, technically you exchange your data for free WiFi.

Here we are going to talk about the importance of the security in Wireless networks. Wireless security is about prevent unauthorized access to the computers using wireless networks. Let´s talk about WEP (Wired equivalent privacy) and WPA (WiFi protected access). WEP is a weak security standard and nobody should be using it in this moment. The password it uses can often be cracked in a few minutes with a basic laptop and available software tools. You probably have done this when you use the “WiFi Hacker” App from the Android store. Was outdated in 2003 by WPA, which was a quick alternative to improve security over WEP.

The current standard is WPA2; some hardware cannot support WPA2 without firmware upgrade or replacement. WPA2 uses an encryption device that encrypts the network with a 256-bit key; the longer key length improves security over WEP.

200

The hackers (black hat) have found the wireless networks relatively easy to break into, and even use wireless technology to hack into wired networks. As as result, it is very important that enterprises define effective wireless security policies that guard against unauthorized access to important resources. Wireless intrusion prevention systems and wireless intrusion detection systems are commonly used to enforce wireless security.

So a good way for enterprises to actually protect themselves even with WPA2 is to use the Enterprise version of WPA, which requires a RADIUS server, that can be a local server of can be on the internet, I used IronWifi for my final project of “Wireless

giphy-1
Continue reading "Let me in! I´m nice dressed"

¡Gracias por ser cómo eres!

--Originally published at The shield of the world

Este es el post acerca de mi opinión sobre la clase. La verdad, el buscar que los alumnos aprendan investigando es algo que aprecio mucho a causa de que en el ámbito laboral si no sabes algo, posiblemente acabes preguntando inicialmente al internet.

Ken, se define como un facilitador de conocimiento y si lo es, pero no se queda en temas de clase, aborda temas de la vida cotidiana y el ambiente de seguridad que hay en la clase dónde todos pueden opinar me ha parecido excelente. Más que nada porque en clases convencionales, todos tienen miedo de preguntar o participar, pero al volverlo un flip classroom, hay más libertad.

Otra de las cosas que me parecen excelente, es el visitar a Ken, parte de la calificación era hacer visitas al profesor para compartir temas asociados a la clase, pero la verdad es que puedes ir a platicar sobre cualquier cosa. Parte importante de la educación y del ambiente de confianza es que el alumno tenga la seguridad de que puede acercarse a su profesor a preguntar sobre la clase, un tema que no entendió, a sugerir actividades, pero también a platicar sobre consejos en la vida profesional o personal, en caso de que llegue a existir tal confianza. Y esa parte de relacionarse con los alumnos y aprender es algo que pocos profesores se atreven a hacer, pero es parte de mis mejores experiencias durante mi carrera. Genera esa confianza de poder preguntar y pedir consejos, pero logra mantener un respeto hacia aquellos profesores que lo merecen por su esfuerzo.

Muchas gracias, Ken.

Dejo un audio, porque no me gustan los videos, ni me siento cómodo haciendo uno.

https://www.dropbox.com/s/cxyc4o5yhifou50/TC2027_Feedback_Review.m4a?dl=0


Papelito habla!

--Originally published at The shield of the world

So there are a lot of options to actually certificate yourself as an computer security. Why is important to have a certificate? To actually prove that you have a good amount of knowledge and that you are worth to be hired. Is like the certificates in the web pages. A prove that you can actually trust in something.

200w

So there are a lot of certificates some of the most popular are:

  1. Comp TIA Security +
  2. CEH: Certified Ethical Hacker
  3. G SEC: SANS GIAC Security Essentials
  4. CISSP: Certified Information Systems Security Professional
  5. CISM: Certified Information Security Manager

In this list provided by InfoSec, there are entry-level credentials, like Security+ and GIAC Security Essentials, as well as more advanced certs, such as the CEH, CISSP and CISM.

So as an advice from there guys getting a certification is a good bet if you actually want to advance your career in the IT field and if you are interested in specializing in security.

2004

Is important to know that there are a number of tracks a professional can take to demonstrate qualifications. Four sources categorizing these, and many other credentials, licenses and certifications, are:

  1. Schools and universities;
  2. “Vendor” sponsored credentials (Microsoft, Cisco)
  3. Association and organization sponsored credentials
  4. Governmental body sponsored licenses, certifications and credentials

Is important to know that the quality and acceptance of the IT credentials vary worldwide as you may imagine. Like passing from a Master degree, to Microsoft certification, to a list of lesser known credentials.

So, getting a certificate is a good option and probably the best is to go for a entry level known course or certification to have the quality and acceptance in every country. Probably some of them are really useful in your country because they are known, but this may not happen in other countries.

2005

Go
Continue reading "Papelito habla!"

Is not about you…is about me

--Originally published at The shield of the world

So when we talk about Computer Security there is a topic that some of us really think about. How to ensure the ethical and legal responsibilities, why this? Because when someone has the knowledge about this topic is easy to go from white to black hat in a matter of seconds.

2001

There are some other professionals whose jobs duties affect others’ lives and they receive a formal training, to address ethical issues and how to deal with them. In the case of the IT security personnel they have access to confidential data and knowledge about individuals’ and companies’ networks and systems that give them a great deal of power. That power can be abused, either deliberately or inadvertently. But there are no standardized training requirements for hanging out your shingle as an IT pros are beginning to address the ethical side of the job, but again, there is no requirement for IT security personnel to belong to those organizations.

200

This is something related to what happened to Tec de Monterrey, when the institution was growing and becoming important in the country as a quality education institution, their mission was to deliver a god tier prepared technicians to the professional world. And they did, but they all lack of ethical values and were some of the critics that the institution received as feedback from the enterprises that hire the graduates from Tec.

Nowadays the institution has more courses related to ethical challenges and how to deal with them, debating about the best solution with a global perspective of the affected ones. As a technical related career we, with the help of the professors are developing an ethical guidelines. Is something when everybody should be related to.

So the main responsibility is to respect the privacy of the information an IT or

2002
Continue reading "Is not about you…is about me"

C C C Combo breaker!

--Originally published at The shield of the world

As you can imagine we are talking something related to computer security. This time is countermeasures, which is an action, device, procedure, technique or anything that can reduce a thread, a vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by discovering and reporting so a corrective action can be taken.

So a threat is a possible violation of security, which exist when there is a circumstance, capability, action or event that could breach security and causa harm. A threat is a possible danger that might exploit a vulnerability. A threat can be either intentional or accidental, so you have to be prepared for both of them.

200w2

So if we know the anatomy of an attack is easier for us to defend ourselves from an attack. So let’s see the anatomy:

  • Survey and assess
  • Exploit and penetrate
  • Escalate privileges
  • Maintain access
  • Deny service

ic871

We were talking with our professor and then he says something special for this topic “In the moment you tell me which OS and version are you using, you are really exposed” or something like that, the main point is that when someone knows which software are you using, is way easier for them to attack you. So, explicit countermeasure number 1…don’t share your software information.

Survey and assess

But, why is so important for the attackers to know which software are we using? Because, they can know the supported services, protocols, ports, vulnerabilities and entry points…a whole bunch of information.

Exploit and penetrate

And just to share something with you, if you actually have a good protection in the network and host, the next gate is your application. For an attacker, the easiest way into application is though the same entrance that legitimate users use.

Escalate privileges

In

2007
2008
200w
Continue reading "C C C Combo breaker!"

Working after dark!

--Originally published at The shield of the world

So…I have a business but, how do I protect it? This is where the Security policy play his game. A security policy is a document that states in writing how a company plans to protect the company’s physical and information technology assets. It defines the goals and elements of an organization’s computer systems. The definition can be highly formal or informal. Security policies are enforced by organizational policies or security mechanisms. A technical implementation defines whether a computer system is secure or insecure. The policies can be categorized into the 3 security principles.

Internet security

A security policy is often considered a “living document”, meaning that the document is never finishes, but is continuously  updated as technology and employee requirements change. A company security policy may include a description of how the company plans to educate its employees about protecting the company’s assets, an explanation of how security measurements will be carried out and enforced, and a procedure for evaluating the effectiveness of the policy to ensure the necessary corrections will be made.

The National Research Council has specifications that every company policy should address:

  • Objectives
  • Scope
  • Specific goals
  • Responsibilities for compliance and actions to be taken in the event of noncompliance.

giphy (2)

For every IT security policy are sections dedicated to the adherence to regulations that govern the organization’s industry. An organization’s security policy will play a large role in its decisions and direction, but it should not alter its strategy or mission. Therefore, it is important to write a policy that is drawn from the organization’s existing cultural and structural framework. The policy should not be generic should be personalized to let the company achieve its mission and goals.

The policies may include:

We don’t need no network control!

--Originally published at The shield of the world

So, today we are going to talk about Network Security. Network security is the process of taking the physical and software preventive measures to protect the networking infrastructure from unauthorized access, malfunction, modification, destruction or improper disclosure, thereby creating a secure platform for computers, users and programs to perform their permitted critical functions in a safe environment.

Which involves the authorization of access to data in a network, which is controlled by the network administrator. Here is were the users choose or are assigned an ID and password or other authentication information that allows them to access to information and program within their authority. Like the accounts in school or work. Here is were you pray for the network admin to be a master in passwords creation, to help you and the network not get unauthorized access. You can see You shall not pass! to know more about.

2004

So why is important to have a secure network? Well that’s quite easy, because you want to avoid:

  • Viruses, worms, Trojan horses… MALWARE (we already talked about that ¡Un pejelagarto se metió a la cocina!)
  • Spyware and adware…which we can considere that Malware too
  • Zero-day attacks, also called zero-hour attacks
  • Hacker attacks (vulnerabilities)
  • Denial of service, YOU ARE THE 1 MILLION VISITOR!
  • Data interception and theft
  • Identity theft

2005

And how do the network admin protector of the planet will fight against that? Easy question too, with some of this tools:

  • Anti-virus and anti-spyware
  • Firewall, to block unauthorized access to your network
  • Intrusion prevention systems (IPS), to identify fast-spreading threats
  • Virtual Private Networks (VPN), to improve secure remote access

200w1

But this are not all the tools used to maintain and protect the data and information of a company. A security policy is something really useful for a company and we will talk

Continue reading "We don’t need no network control!"

Born to be bad!

--Originally published at The shield of the world

Policía bueno o policía malo? Hemos escuchado mucho esta frase gracias a Hollywood y a las series televisivas. Pero toma un significado especial en el área de la Seguridad Informática.

200_s

Un Hackeo ético o Hacker ético, son los términos utilizados para referirse a un ataque de seguridad realizado por una compañía o persona. Este ataque tiene como fin intentar sobrepasar el sistema de seguridad y buscar por accesos no protegidos que podrían ser utilizados para robar información por hacker no éticos.

Ahora, antes de continuar, ¿por qué mencioné un policía bueno y uno malo? Básicamente, el hacker ético es el policía bueno y el hacker no ético o malicioso es el policía malo. Al final ambos hackers buscan lo mismo, dar a conocer los puntos débiles en seguridad de una empresa. Uno los encuentra, cierra todo a su paso e informa a la compañía y el otro llega a hacer negocios con la información que ha conseguido, hacer daño.

2002

Hay ciertos puntos para considerar cómo ético un atentado a la seguridad de una compañía, por eso quien realiza el “hacking” debe obedecer una serie de reglas…

  1. Permiso explicito para realizar pruebas de red y atentados de romper la seguridad para detectar fallas de seguridad.
  2. Respectar la privacidad de la compañía.
  3. Cierras el camino por dónde entraste, para evitar que alguien más lo pueda utilizar después.
    1. Se podrían definir los pasos de un ejercicio de “ethical hacking” de la siguiente manera.
      1. Reconocimiento
      2. Escaneo
      3. Obtener acceso
      4. Mantener el acceso para obtener información
      5. Cubrir el rastro
  4. Obviamente, hacer el aviso correspondiente a los desarrolladores  o manufactureros acerca de las vulnerabilidades de seguridad.

giphy3

Es un tema bastante delicado, pues hay quienes aseguran que hackear es  hackear y que darle el término ético es cinismo pues continúan siendo criminales. Sin embargo, el trabajo realizado por

2003
Continue reading "Born to be bad!"