The various types of certifications in computer security (individual level)

--Originally published at TC2027 – Will It Blog?

Hello once more, today we are talking about some of the must’s of  a security expert in order to become a recognized professional, after all this certifications are proof that someone meets the qualifications.

Licenses (depending which one) may come from one of the following sources:

  1. Schools/Universities
  2. Vendors also known as sponsored credentials (e.g. Microsoft, Cisco)
  3. Association and Organization sponsored credentials
  4. Governmental body sponsored licenses, certifications and credentials

There are a lot of certifications out there, but here we are going to discuss just 5.

CEH Credential

Recently I discovered the Certified Ethical Hacker Credential, as discussed before in a blog post talking about Ethical Hacking, this certification ensures that the person is trained on detecting systems vulnerabilities with techniques that also hackers employ.

The exam for this type of certification has 125 questions related to penetration testing techniques, security laws and standards, malicious software coverage and hacking in general. Also there are several sites and universities that offer training in the matter.

CompTIA n’ Friends

CompTIA works as a professional certification provider in the information technology industry, once obtained; certifications they offer like A+, N+ and  Security+ have a validity duration of 3 years.

  • A+ is a basic essential IT certification, that demonstrates competence as a computer technician.
  • N+ (or Network+) well the name speaks for itself It certifies skills as a network technician
  • Security+ the one we care about inside the information security course, ensures security knowledge and skills, it covers principles for network security and risk management inside systems.

CISSP

Stands for Certified Information Systems Security Professional. This consists in an exhaustive 6 hours with 250 question examination. It is given to those who show deep knowledge and competence in new threaths and growing security attacks. It covers topics like: Identity access management, security operations

http://kenscourses.com/tc2027fall2016/wp-content/uploads/2016/10/2691a9d80415dd13a2993414655b21d9.jpg
Continue reading "The various types of certifications in computer security (individual level)"

Making the world a more secure place! ….by hacking?

--Originally published at TC2027 – Will It Blog?

 

 

Mentioning the words hacker or ‘hacking’ oftenly comes with a negative connotation. The glorious and totally reliable urban dictionary helps us to define the verb hacking:

Hacking is the gaining of access(wanted or unwanted) to a computer and viewing, copying, or creating data(leaving a trace) without the intention of destroying data or maliciously harming the computer.

See? so hackers don’t destroy or modify information, but somersetting called crackers do. Crackers are the bad guys, hackers… well hackers can be bad guys too but not always, depends on the context. The following post will cover the definition of ethical hacking.

 

Back in the 80’s just after a member of the hacker group known as Legion Doom was arrested for running a mega hack called The Phoenix Project and just after his arrest an essay talking about the guidelines of ethical hacking was released,this made the world aware that privacy laws should be applied on the internet and computers  .This document gives the word hacking the weight of ethics it carries the following is a fragment of it.

Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for.

It’s true that he was a criminal and that this is kind of creepy, but there is some true when he mentions the word ‘outsmarting’. When a system gets hacked it gets ‘outsmarted’  demonstrating that there are clear vulnerabilities on it and that it is in some way exposed to the dangers out there. This reveals a potentially research area to exploit, and gives us clear idea of what ethical hackers do.

Have you already inferred what

Continue reading "Making the world a more secure place! ….by hacking?"

The pillars of information security

--Originally published at TC2027 – Will It Blog?

If we intend to make a secure system, we might want to take a look a the CIA model of security. What? the CIA? I don’t want any trouble with the USA government. Well not that type of CIA, I’m talking about the acronym for the three key principles that provide the security in the word information security.

(I’ll land some of this concepts through php, a server side programming language where security is serious business, mainly because I’m currently learning and it will help me “study” and hey I warn you its very basic php so don’t ).

Give me a C of…. Confidentiality

Basically, protecting information from people who is not supposed to see it (well isnt is obvious?). This is the most common way of attacks and when It happens it is called a breach. Encryption methods can come to the rescue though?

In php there are several “super globals” that cannot be trusted when making a serious web application, some of them are: $_GET, $_POST, $_REQUEST.. and others. These are variables that are always accessible no matter the context so avoid them.

Also, don’t ever use POST for sensitive information.

Integrity!

Ensuring that data becomes unchangeable or does not become altered by someone who is not supposed to change it. Some attacks intercept messages and alter them before the message gets to the recipient.

Another tip for preventing session hijacking in php is to store the session as the client ip address by calling getenv ( “REMOTE_ADDR” )

Availability

Information must be accessible or visible to the ones meant to see it (previously authorized users).

A way to ensure this trough php is via two way encryption (login and files). I don’t really know how to do that so that’s all I am

?
Continue reading "The pillars of information security"

Cyber Security on demand

--Originally published at TC2027 – Will It Blog?

Just like in the real world security is needed to ensure that something gets protected, take for example a bank, a bank has security guards, cameras and sophisticate security systems like panic buttons and so on. All of that to ensure or protect the a$$ets that lay there.

gdzDk3u

Like in the bank example your information on the internet needs protection too!, any kind of personal information posted there does. You might be thinking, well who cares about my name and some facebook photos? hackers do. Maybe you haven´t made any kind of purchase on a particular site or anything that involves money and the use of bank accounts, but what you have is a computer that can be in some way “stolen”. For example, virus and malware attack silently on a computer, taking control of actions on it. They can use available memory, resend it selves from your computer, work in the background and some other scary things like encrypt your files, and the list continues.

Another approach used by attackers is the use of personal information, just think about it, in order to have a facebook page (and oh hackers love to attack from social media) you need an email, and if it is your only email It means that holds every single mail your receive, containing maybe valuable information. Something that hackers do is create this fake profile (that is actually a bot) to obtain personal information, with the proper software and information about you, your facebook password can be cracked!. If you are not careful enough and have in both (email and facebook) passwords the same password then they’ve got control over both accounts.

Remember, as long as you are on the internet, you are at risk of becoming victim of cyber attacks.

There are so

Continue reading "Cyber Security on demand"