--Originally published at Computer and Information Security

This class was different in every single way compared to every class I have taken since I started college, even fundaments of programming which also made use of the flipped learning methodology.

I believe flipped learning is a two edge sword. On one hand it allows students and teachers to use different learning methods that could help students that are not comfortable with the classic way of teaching with lectures and exams. I like this since I have never liked being lectured for hours.

On the other hand, flipped learning can diminish the knowledge a student acquires because:

• Not all students are proficient on self teaching.
• The amount of knowledge acquired is proportional to the interest of the student.
• Most of the time humans will try to do the least possible work.

In general I enjoyed the class, I just wished we would have made more practical things that did count instead of writing blog posts.

--Originally published at Computer and Information Security

Right now a trending topic in the technology world is IoT which stands for Internet of things. This trend basically consists of making “dumb”, everyday object smarter by allowing them to access to our information and connection to the internet.

This, however, is a huge security risk since we will be basically surveilled by all this object in our daily life. Security has been a concerning topic since most of this devices have little or no security which has allowed the creation of huge botnets using IoT devices capable of making massive DDoS attacks.

This week, the US Department of Homeland Security and National Institute of Standards and Technology has released guidelines in order to improve the security of this Iot devices, some of which are:

• Building security into products at the design phase
• Promoting transparency
• Building on recognized security practice
• Being mindful of whether continuous connectivity is needed or not.

Hopefully this guidelines will help avoid the use of IoT devices to create botnets capable of taking down sites as big as Twitter and Spotify.

Made in collaboration with Marysol.

Flickr photo by Marcus Brown https://www.flickr.com/photos/marcusjhbrown/14939374947/ under a Creative Commons (BY) license.

--Originally published at Computer and Information Security

An operating system is a program that manages the resources and other programs in the computer, it also allows the user to interact with the computer either through a command line or a graphical user interface.

One of the many responsibilities of the operating system is to protect the resources and the user from threats. To do this there are several methods that operating systems use:

Authentication

Operating systems authenticate using the following ways:

• Username & password.
• User card/key where the user must inter a key generated by a key generator or punch a card in a card slot.
• User fingerprint/eye retina/signature.

One time password

In this method a unique password is required every time a user tries to login, after the password has been used it is rendered useless and a new password is required. One time passwords can be implemented by:

• Random numbers.
• Key generators.
• Network password: where a one time password is sent to a mobile or email to registered users.

Made in collaboration with Marysol.

Flickr photo by quapan https://www.flickr.com/photos/hinkelstone/7050697671 shared under a Creative Commons (BY) license.

--Originally published at Computer and Information Security

Last year our campus acquired Mac pros. They put them together on a classroom (which most of the time is closed because of how expensive the computers are) with thunderbolt displays and with Apple mouses from around 2008.

The funny thing about this is that almost nobody uses them and, for some unknown reason they remain on for several days doing nothing and nobody cares.

Personally there are 3 reasons why I don’t use them:

1. 99.99% of the things I need to do don’t require insane amounts of power the mac pros have.
2. Some of the programs I use are not installed.
3. Until recently the mouses did not have a mousepad so it was very difficult to work on them.

--Originally published at Computer and Information Security

Network security is the process of using hardware and software in order to protect a network from unauthorized access, attacks and misuse. There isn’t a single solution to protect a network, therefore several technologies are used to increase the level of protection, some of this are:

• Restricting access to the hardware.
• Firewalls.
• Anti-viruses.
• VPNs.
• Network monitoring systems.

Flickr photo by Yuri Samoilov https://www.flickr.com/photos/yusamoilov/13334048894 shared under a Creative Commons (BY) license.

--Originally published at Computer and Information Security

The biggest number of risks regarding security on the web are mostly cause by the users, here are some tips to help you stay safe on the internet:

1. Stay away from free wifi: Any wireless network that can be accessed by anyone is a serious security threat.
2. Use strong passwords: Don’t use trivial passwords such as password or monkey.
3. You are probably not the visitor 999,999: Many websites have popups that tell the user that they just won X prize, clicking on them is not something you should do unless you want to lose your information.
4. E-mail: Avoid opening suspicious emails or clicking on links that you are not sure that they are safe.
5. Read terms & conditions: Facebook and Google are constantly changing their terms & conditions, they could say that you allow them to use your photos as they wish or that they can share your information with 3rd parties.
6. Erase cookies: Websites store information on your computer in order to speed up the loading of the web page or to customize it, however, they can also contain your information and it can be used by other websites.

Flickr photo by Andy Bright https://www.flickr.com/photos/flat61/3883611709 shared under a Creative Commons (BY) license.

--Originally published at Computer and Information Security

Access control is a security technic that regulates access to resources on a system. There are two types of access control:

• Physical that limit access to buildings, rooms, physical assets, etc.
• Logical that limit connection to networks, system files and data.

All access control systems perform authentication in order to verify that the identity of the user is correct and he/she has permission to access resources.

Flickr photo by Michael Coghlan https://www.flickr.com/photos/mikecogh/6525115985 shared under a Creative Commons (BY) license.

--Originally published at Computer and Information Security

Cryptography is the process of storing and transmitting data in a way that only those who should see the information can see it, it was originated in Egypt around 2000 BC. The first use of a modern cipher was by Julius Caesar from 100 BC to 44 BC since he didn’t trust the messengers that transported his messages.

Cryptography has 4 main objectives:

• Confidentiality: The information can only be accessed by who it was intended.
• Integrity: The information is not altered when it is sent or received.
• Non-repudiation: A sender can’t deny his intentions.
• Authentication: The sender and receiver must be able to identify themselves.

Cryptography gives us some protection from data theft because if the thief is not able to break the cipher the data he has acquired is useless.

Flickr photo by Adam Foster https://www.flickr.com/photos/twosevenoneonenineeightthreesevenatenzerosix/6655759625 shared under a Creative Commons (BY) license.

--Originally published at Computer and Information Security

In a denial of service (DoS) attack, an attacker tries to avoid true users from having access to websites or other online services. Unlike other cyberattacks that try to hijack information or make long term damage a DoS attack doesn’t breach security.

A DoS attack works by sending massive amounts of requests to a system in order to overload its capacity and stop it from answering legitimate users.

These types of attacks are usually carried out by hacktivists in order to express their inconformity with the government, politicians, corporations, events, etc.

There is also another type of denial of service attack called distributed denial-of-service (DDoS). In this type of attacks, instead of using a single connection to carry out the attack, the attacker uses multiple connections that are distributed over the internet. This type of attack is much harder to deflect since the volume of request is bigger and comes from many different points.

Flickr photo by Dennis van Zuijlekom https://www.flickr.com/photos/dvanzuijlekom/21470150949 shared under a Creative Commons (BY) license.

--Originally published at Computer and Information Security

A security countermeasure is an action, process, device or system that can prevent or reduce the effects of threats that attempt to compromise a system. Countermeasures can be software, hardware or through behavior.

Some examples of software countermeasures are:

• Firewalls.
• Anti-virus.
• Pop-up blockers

There are several implementations of hardware countermeasures:

• Alarms.
• Routers that can block IP addresses.
• Physical restrictions to systems.

Finally some behavior countermeasures are:

• Deletion of cookies.
• Backing up data.
• Installing security updates.

Photo by: © Crown Copyright 2013 Photographer: L(Phot) Dave Jenkins
Image 45156167.jpg from http://www.defenceimages.mod.uk