#TC2027 #TBT

--Originally published at Don't Trust Humans, Trust Computers

The semester has come to an end, and with it, it comes to answer the ecoas and make public reviews about your classes during the semester…ok, I am just making a review about one class: “Seguridad Informática” aka #TC2027. This class was imparted by Ken Bauer and this is class is the reason way I made this blog. For me this class had its pros and cons, like many other classes (but most of my cons I think it was me instead of the class, but I am going to talk about that in a little bit).

giphy-9

So this class was a little different from other classes, because it involved a flipped learning methodology (which flipped many of my classmates and I include myself in this one) and an abolish grading policy kind of situation. So the good thing about this class was that Ken tried to take us out of our comfort zone of learning, which is both, good and bad depending of how you see it. At first, I was very disconcerted about this situation, because I am not very into writing blogs (or any kind of writing), so this was kind of a challenge for me. Then the abolish grading policy, I saw it as a good thing, because it either proves own well you know yourself or how well you trick yourself; and besides it was a new policy we never had before so there’s that.

For me the hardest part of this course was writing the blog post, because as I mentioned I am not use to write this type of things. So I was stress, because I didn’t wanted to make a blog that was very “school alike” and I wanted a blog that was more “”me””. At the end, the process of making

giphy (10).gif
Continue reading "#TC2027 #TBT"

Seguridad en routers y switches

--Originally published at Héctor H.F. Blog

Hola a todos, en esta ocasión les hablaré sobre la seguridad en la red. Muchos dirán “¿otra vez? van como tres publicaciones relacionado a eso”. Pero ahora no será a nivel computadora, sino a nivel de lo que hace funcionar la red: routers y switches Cisco.

Así como las computadoras, estos dispositivos que trabajan en capa 2 y 3 (enlace de datos y red) requieren seguridad para que intrusos no puedan acceder.

Resultado de imagen para router cisco

Para empezar, hay que colocarles una contraseña. Tanto a routers como switches se les puede poner el comando enable password o enable secret (secret es más seguro). Para encriptar la contraseña, ponemos service password-encryption. Ahora, esto solo permitiría tener a un usuario, y este usuario, contando con la contraseña, podría hacer lo que le plazca. Para tener varios usuarios y que estos tengan distintos privilegios, se puede colocar el comando username nombre privilege numPermiso secret contraseña. Los distintos niveles de privilegio van desde simplemente solo poder ver la configuración del router o switch hasta modificarlos. Es muy importante que personas no autorizadas no tengan acceso a estos dispositivos, ya que, al igual que las computadoras, pueden quedar inservibles dependiendo la configuración que se ponga.

Ahora, para la seguridad cuando computadoras y otros dispositivos intentan acceder a routers y switches se puede poner una cadena de llaves. Esta cadena se compone de llaves que permiten que los dispositivos conectados a cierta interfaz puedan o no hacer cierta acción. Para crear una cadena, basta con poner key chain nombre. Se crea la cadena, pero esta está vacía. Al poner key chain, se puede especificar el número que tendrá esa llave y el mensaje que contendrá, a través de los comandos key número y key-string mensaje, respectivamente. Ahora, se aplica esta llave a la interfaz deseada con ip authentication key-chain

Resultado de imagen para switch cisco
Continue reading "Seguridad en routers y switches"

Señor, si señor

--Originally published at El Machetero Blog´s

Como ya he mencionado anteriormente, trabajar con personas puede ser algo realmente complicado y aún más si no existen reglas, es por esto que las compañías crean sus propias reglas, específicamente para la parte de seguridad las nombran políticas de seguridad, que son documentos en los cuales se especifican los requerimientos que se deben de seguir con el fin de minimizar riesgos. Existen varias políticas de seguridad, dependiendo del área y la razón por la cual se creará.

rules.jpg

Las políticas de seguridad deben definir:

  1. A quien aplica
  2. Quien aplica las acciones definidas
  3. Cuando se deben de aplicar las acciones mencionadas
  4. Donde o en que equipos aplica
  5. A que parte de la organización aplica
  6. Quien hace que se cumpla
  7. Cuales son las consecuencias en caso de no cumplir con lo establecido

Uno de los objetivos que se buscan al hacer políticas de seguridad es preservar los principios del triangulo CIA. Así que hazle un favor a tu jefe y a ti mismo y sigue las reglas.


Operating System Security (Mastery 16)

--Originally published at Mental Droppings of a Tired Student

When you think about security in your operating system, the common notion is that windows is trash, Linux is extremely safe but very few users actually use Linux, and mac is quite safe but their price points aren’t always budget friendly.

But it was a cold day in hell when a huge vulnerability was discovered in an operating system that is pretty much one of the safest available.

Dubbed Dirty COW, the privilege-escalation vulnerability potentially allows any installed application, or malicious code smuggled onto a box, to gain root-level access and completely hijack the device.

The programming bug gets its name from the copy-on-write mechanism in the Linux kernel; the implementation is so broken, programs can set up a race condition to tamper with what should be a read-only root-owned executable mapped into memory. The changes are then committed to storage, allowing a non-privileged user to alter root-owned files and setuid executables – and at this point, it’s game over.

While the flaw is not by itself a gravely serious or uncommon condition – Microsoft fixes priv-esc bugs in Windows practically every month – this vulnerability could prove particularly troublesome: it has been present in the Linux kernel since version 2.6.22 in 2007, and it is very easy to reliably exploit. We’re told it is also present in Android, which is powered by the Linux kernel.

How did it all go wrong?

Copy-on-write is used to streamline the memory management in an operating system. Among other things, it allows running programs to share common data in memory until one of them wants to privately alter that data. At that point the kernel copies the data to another page in memory so just that one process can affect it – hence the name, copy-on-write (CoW).

The exploit works by

Continue reading "Operating System Security (Mastery 16)"

Making network security great again

--Originally published at Mr. Robot's Imaginary Friend

A network has been defined as any set of interlinks lines resembling a net, a network of roads an interconnected system, a network of alliances. A computer network is simply a system of interconnected computers.

Network Security is an organization’s strategy and provisions for ensuring the security of its assets and of all network traffic. Network security is manifested in an implementation of security hardware and software. There are three things that defines:

  • Policy
  • Enforcement
  • Auditing

The policy is the principal document for network security. Its goal is to outline the rules for ensuring the security of organizational assets. Employees today utilize tools and applications to routines and focuses on the safe enablement of those tools to its employees. The enforcement and auditing procedures for any regulatory compliance an organization is required to meet must be mapped out in the policy as well.

Most definitions of network security are narrowed to the enforcement mechanism. Enforcement concerns analyzing all the network traffic flows and should aim to preserve the confidentiality, integrity and availability of all systems and information on the network. These three principles compose the CIA triad that I talked about in previous post.

Strong enforcement strives to provide CIA to network traffic flows. This begins with a classification of traffic flows by application, user, content. All applications must be first identified by the firewall regardless of port, protocol, evasive tactic or SSL. Proper application identification allows for full visibility of the content it carries. Policy management can be simplified by identifying and mapping their use to a user identity while inspecting the content at all times.

The concept of defense in depth is observed as a best practice in network security, prescribing for the network to be secured in layers. These layers apply an assortment of security controls to

network-security_mcg
Continue reading "Making network security great again"

Conéctate a la red gratis

--Originally published at Fer secure

free-wifi(1).jpg

Alguna vez te has preguntado si cuando te conectas a la red wifi estás seguro? Pues el día de hoy te hablaremos de cómo saber si una red es segura o algunas recomendaciones la momento de conectarte.

Evita las “free – wifi”

Todas las personas sabemos que una red wifi libre es un sueño hecho realidad, esto porque en otros países usar los servicios de internet es muy caro, es por eso que muchos hackers o personas con malas intensiones se aprovechan de esta necesidad y ponen redes fantasmas en donde el usuario se conecta y realmente goza de los servicios pero al mismo tiempo está poniendo en peligro a su equipo al entrar a este tipo de conexiones.

No password

Así mismo hay redes de internet las cuales no tienen password pero tienen un tipo de autenticación que es en linea, esto quiere decir que al conectarte te pide un password y no te deja de mostrar el mensaje hasta que lo ingresas, de igual forma esta red está comprometida debido a que la conexión es libre quieras o no, solamente que al final de la meta te impide llegar porque te pide clave.

Usa VPN

Cuando estés conectada a una red que no conoces o no te encuentras seguro de que sea confiable usa una VPN o red virtual, esta misma te servirá de seguridad ya que encripta todo el tráfico que estás generando haciendo así más confiable todas las transacciones que haces vía internet.

Usar filtros MAC

Si tu eres el que se encuentra configurando la red y sabes que existen direcciones mac las cuales normalmente están haciendo acciones sospechosas, te recomendamos que generes una tabla para hacer un filtro de las direcciones MAC o físicas del dispositivo, esto con el fin de que cuando quieran conectarse

Continue reading "Conéctate a la red gratis"

Navegando en aguas misteriosas

--Originally published at Seguridad informática

shark1

El Internet se a vuelto una herramienta indispensable en nuestras vidas, lo utilizamos casi diario. Pero así como tiene su infinidad de ventajas, también tiene una parte oscura y riesgosa la cual puede reducirse en mucho si seguimos las recomendaciones:

  1. Evitar los enlaces sospechosos: uno de los medios más utilizados para direccionar a las víctimas a sitios maliciosos son los hipervínculos o enlaces. Evitar hacer clic en éstos previene el acceso a páginas web que posean amenazas capaces de infectar al usuario. Los enlaces pueden estar presentes en un correo electrónico, una ventana de chat o un mensaje en una red social.
  2. No acceder a sitios web de dudosa reputación: a través de técnicas de Ingeniería Social, muchos sitios web suelen promocionarse con datos que pueden llamar la atención del usuario. Es recomendable para una navegación segura que el usuario esté atento a estos mensajes y evite acceder a páginas web con estas características.
  3. Actualizar el sistema operativo y aplicaciones:  se debe mantener actualizados con los últimos parches de seguridad no sólo el sistema operativo, sino también el software instalado en el sistema a fin de evitar la propagación de amenazas a través de las vulnerabilidades que posea el sistema.
  4. Descargar aplicaciones desde sitios web oficiales: muchos sitios simulan ofrecer programas populares que son alterados, modificados o suplantados por versiones que contienen algún tipo de malware y descargan el código malicioso al momento que el usuario lo instala en el sistema.
  5. Utilizar tecnologías de seguridad: antivirus, firewall y antispam representan las aplicaciones más importantes para la protección del equipo ante la principales amenazas que se propagan por Internet. Utilizar estas tecnologías disminuye el riesgo y exposición ante amenazas.
  6. Evitar el ingreso de información personal en formularios dudosos: cuando se enfrente a un formulario web que contenga campos con información sensible
    Continue reading "Navegando en aguas misteriosas"

Let me in, I swear it’s me!

--Originally published at Mr. Robot's Imaginary Friend

I have talk a lot in previous post about the importance of the information that it’s on the internet and who have access to this information, this is why the authentication and access control is really important.

Modern computer systems provide services to multiple users and require the ability to accurately identify the user making the user making request. In traditional systems, the user’s identity is verified by checking a password typed during the login, the system record the identity and use it to determine what operations may be performed.

The process of verifying the user’s identity is called authentication. Password-based authentication is not suitable for use on computer networks. Passwords send across the networks can be intercepted and subsequently used by someone else to impersonate the user. In addition to the security concern, password based authentication is inconvenient, user doesn’t want to enter password each time they access the network service, this lead to use of even weaker authentication.

An authentication factor is a category of credential used for identity verficatiion. The three most common categories are often described as something you know, something you have and something you are.

  • Knowledge factors: Category of authentication credentials consisting of information that user possesses, such as personal identification number, a username, a password or the answer to a secret question
  • Possession factors: Category of credentials based on items that the user has with them, typically a hardware device such as a security token or a mobile phone used in conjunction with software token.
  • Inherence factors: Category of user authentication credentials consisting of elements that are integral to individuals in question, in the form of biometric data.

Strong authentication is a commonly used term that is largely without a standardized definition, for general purposes, any method of verifying the identity of a

a3f3730eb1e5f574ce3d11f459af6823
Continue reading "Let me in, I swear it’s me!"

Am I secure visiting a web site?

--Originally published at Tech and no-tech

It is normal, knowing the threats that exist in Computer systems and on the Internet, that we could be scared of surfing the web. It is valid to be scared of web sites and to doubt about their security and their countermeasures. Any web site or web page can be a target for people to  attack or can have an unintentional threat within it. What are we supposed to do? Do not use the Internet?

Image result for no internet meme

As I already wrote, there are always potential vulnerabilities and threats when visiting a web page or site. When? For example, in these cases:

  • Loading a new page with dynamic content
  • Making a search (product, location, price)
  • Filling out a form
  • Searching the site’s content
  • Using a shopping cart
  • Creating an account
  • Logging in

Every time there is interaction between the user and the web site, that might involve server or external communication, is a potential threat. And let’s just remember that we trust some pages with very confidential or crucial information about us.

Image result for important information memes

Businesses have, normally, two ways to choose from, to address the security of their site. The first one involves having very professional guys working on the code of the page, which know about security and that can apply patches or updates at once when needed. And having security experts checking their job. It is like a double-check. O yes, and do not forget they will have a tight firewall, antivirus protection and will run IPS/IDS.

The second option is to run a web scanning solution to test existing equipment, applications, and web site code. They will also have a tight firewall, antivirus and run IPS/IDS, but they will also lock their front door. Why? Well, it is easier to fix the actual bugs they have, than just keep building higher walls

Image result for security memes
Continue reading "Am I secure visiting a web site?"