You shall not pass!

--Originally published at The shield of the world

So today post is about Authentication and Access Control…which is something not so new for someone who actually respects the base configuration of Windows (Yeah…right) permissions about new software and modifications and also for the Unix base OS with sudo.

So in the more basics words Authentication is when we identify ourselves to the OS, with an username and a password. So authentication is in reality so simple, just helps the OS to verify that the individual or “user” we claim to be, is indeed ours.

Actually when you are on the same network as others computers and you want to access the information on them, you got a pop-up asking for an specific user and password. This is to authenticate that you are trying to get your own information and not someone else.

authentication
Image from Oracle

We have seen movies where the authentication is almost a ritual, first the person just stands by and uses his password of 4 digits, then in the other door he puts his fingertip, on the other one he uses his eye to authenticate himself and finally he almost have to sing or dance or pray to the gods looking for it to work and access the most secret place and treasure.

2001

Of course in real life there is a high chance that you don´t even have the user and password authentication enable. We are lazy, yes we are… but we need to know when to block our PC and avoid those email for the entire enterprise saying “DONUTS ON ME”, no, I haven´t suffered this, but someone in my group did.

200

Is not entirely necessary to implement the full ritual that I just mention to you, but a 2 factor authentication can help us to avoid getting our information filtered. When you lost

2001
windows_7_uac_signedcode
giphy
giphy1
giphy1
Continue reading "You shall not pass!"

Not so holy!

--Originally published at The shield of the world

Let´s talk about the CIA and not, this is not a post related to some Tom Clancy book or movie or whatever…

200

Yeah…CIA, we are talking about Information Security and when we refer to CIA in information security we are talking about Confidentiality, Integrity and Availability. Which are like the holy trinity.

And this is because all information security try to achieve at least one of these three.

  • Protection of confidentiality of data
  • Preserve the integrity of data
  • Promote the availability of data for authorized use

And we are gonna talk a little bit more about each of these main goals in information security.

Confidentiality

We could say that confidentiality is like privacy… we need to protect the information from people that should not be reading, playing, or doing anything with information that is not related to them. But we need to ensure that the correct people can have access to this information. Access must be restricted like the clubs when they choose who is going to enter and who is not. Data is usually in larger companies categorized according to the amount and type of damage that could be done if it falls into unintended hands.

Some methods to make the data available to the right people are usernames and password, encryption and some biometric verification, reading the retina or fingerprint. Also security tokens, key fobs or soft tokens. Keybase is a cool form of getting in touch with people and to share information encrypted to ensure that only them can decrypt and read it.

2001

Integrity

This involve maintaining the constancy, accuracy and trustworthiness of data over its entire life cycle… yeah, when you tell the teacher or anyone look I have not changed this file look at the date obviously I haven’t change it, yes you can. So

2002
2003
2004
Continue reading "Not so holy!"

YOU ARE THE 1 MILLION VISITOR!

--Originally published at The shield of the world

Hello again, today the topic is something more common or at least something everyone has lived.

As a gamer I use to play PS1, PS2. And when I make the change to the MMORPG games and some others MMO Games I use to think f*ck this game when I cannot login because I was the player 109290321890431904139804123 (yep, random number) and when I grow up I actually start to looking for an answer to this kind of stuff. In that point in my life was when I meet the Denial of Service and the Distributed Denial of Service.

giphy2

So a Denial of Service(DoS) attack is characterized by an explicit attempt by attackers to prevent legitimate users of a service from using that service. Some examples are…

  • Attempts to “flood” a network, like I said been the number 3409340934903409 to enter is a pain in the neck.
  • Attempts to disrupt connections between two machines, thereby preventing the access to a service. Here my example is when I used to play Dofus, Tibia and LoL. You were in a quest, hunting or just playing and the whole squad got disconnected.
  • Attempts to prevent an specific user from accessing a service. In Tibia when a player (don’t remember the name) was about to got to a really high level and was a competition between 2-3 other players, there are rumors that people actually attack that player to avoid him from entering the game.
  • Attempts to disrupt service to a specific system or person.

Sometimes a DoS attack may be part of a larger attack.

Also Illegitimate use of resources may result in a DoS. For example, an intruder that uses your anonymous ftp area as a place to store illegal copies of commercial software, consuming disk space and generating traffic.

Damage

DoS attacks

giphy3
giphy4
Continue reading "YOU ARE THE 1 MILLION VISITOR!"

My penguin has no armor?

--Originally published at The shield of the world

So let’s start with this…

What is security in OS?

Is when you have issues external to OS and you would ask, why external? Because is the authentication of you, the user, validation of messages, malicious or accidental introduction of flaws, etc. So is not really about the OS.

200w

And what is Protection in OS?

Mechanisms and policies to keep programs and users from accessing or changing stuff they should not do. AND is internal to OS. The OS has to provide this.

So…Protection and Security

An Operating System (OS) is an interface between a computer user and computer hardware. An operating system is a software which performs all the basic tasks like file management, memory management, process management, handling input and output, and controlling peripheral devices such as disk drives and printers. We will call this objects.

And each object has a unique name and can be accesses through a well-defined set of operations.

Protection and security ensure that each object is accessed correctly and only by those processes of authorized users that are allowed to do so.
giphy

OS designers faces challenge of creating a protection scheme that cannot be bypasses by any software that may be created in the future.

Networking adds to the problem as it allows access to a computer and its resources without being in the same physical location.

captura

This is the correct way to access and use Resources.

OS have goals like:

  • Data confidentiality
  • Data integrity
  • System availability

And each of this has a threat:

  • Exposure of data
  • Tampering with data
  • Denial of service

One of the solutions is user authentication…you know when you type “password” to actually enter your PC and if you don’t type anything and just has all his information without any little layer of protection should use at least a

security-protection-in-operating-system-22-1024
zvybh28
uac-prompt
giphy1
Continue reading "My penguin has no armor?"

¡Un pejelagarto se metió a la cocina!

--Originally published at The shield of the world

Esta ves hablaremos acerca de los distintos tipos de Malware o Virus que podemos descargar… y digo descargar porque lo más usual es que entren a nuestro equipo de esta forma.

Malware en realidad quiere decir “Malicious Software”, que se refiere a un programa de computadora diseñado para infectar a un usuario y atacarlo de distintas formas. El malware puede llegar a tu computadora de un millón de maneras y formas distintas.

Por eso es importante que todos los usuarios sepan cómo reconocer y protegerse de el malware y todas sus formas.

Video de :http://usa.kaspersky.com/internet-security-center/internet-safety/what-is-malware-and-how-to-protect-against-it#.V7z7V5jhCUl

En el video anterior nos dan un muy buen ejemplo de qué es lo que hace cada tipo de amenaza a la cual nos enfrentamos en cuanto a seguridad informática.

Pero nos centraremos más en malware.

Con la creciente cantidad de personas que hacen uso de dispositivos que se conectan a Internet, se crea un número igual o mayor de oportunidades para criminales de atacarnos.

total-malware-evolution

Fuente: http://www.mcafee.com/us/resources/reports/rp-quarterly-threats-aug-2015.pdf

Algunos de los síntomas de que estamos infectados con malware o virus son los siguientes:

  • Lentitud del equipo, internet o ciertas aplicaciones.
  • Los famosos “Pop-UPS” esas molestas ventanas que invaden nuestra pantalla.
  • Las famosas pantallas azules en Windows y “crasheos” en otros OS.
  • Actividad extraña de un disco duro, que muestra que está escribiendo o teniendo actividad de forma constante por un amplio rango de tiempo.
  • Quedarte sin espacio de forma repentina.
  • Actividad alta en la red aunque no estés haciendo nada.
  • La más obvia, un cambio en la página de inicio de tu explorador, nuevas “toolbars” o aparecen en la dirección páginas a las cuales no has ingresado de forma explicita.
  • Nuevos programas que inician de forma automática.
  • Otra muy común con la salida de nuevas redes sociales, los famosos mensajes
    wqor4qb
    2006
    2007
    Continue reading "¡Un pejelagarto se metió a la cocina!"

Don’t be that guy

--Originally published at The shield of the world

Don’t you think you are invincible

Ya hay un post anterior a este, donde de forma conjunta hablamos los tipos de encriptación y sus inicios, así como la diferencia de encriptación por SW y HW.

Pero…olvidamos lo más importante ¿Por qué es necesario conocer y aplicar los consejos de seguridad informática? Algunas de las razones están dentro del post mencionado, pero aquí daremos el contexto más amplio.

So this will be a post where I will combine English and Spanish.

Let’s begin this… What is computer security?

200

Computer security is the process of preventing and detecting unauthorized use of your computer. It involves the process of safeguarding against intruders from using your computer resources for malicious intents or for their own gains.

It encompasses several security measures such as software programs like anti-virus suites, firewalls, and user dependent measures such as activating deactivating certain software features like Java scripts, ActiveX and being vigilant in using the computer and the network…

Free WiFi is not free!!

2001

Yes, is hard I know I was just like you an inexperienced user with an amazing amount of happiness when I get to a free WiFi. But let not use it anymore…ok?

Free WiFi is one of the most easiest ways of getting into our computers or devices and start getting information that is important, as bank accounts or any kind of accounts.

Computer security is concerned with four main areas:

  1. Confidentiality:-  Only authorized users can access the data resources and information
  2. Integrity:- Only authorized users should be able to modify the data when needed
  3. Availability:- Data should be available to users when needed.
  4. Authentication:- are you really communicating with whom you think you are communicating with

But…Why is this so important?

2002

Prevention of data theft such as bank account numbers, credit card information, passwords, work

2003
2004
2005
Continue reading "Don’t be that guy"

Glass or adamantium shield?

--Originally published at The shield of the world

So after all this information let’s continue talking about the HW encryption, shall we?

giphy

Single-user file/folder level

When an individual wishes to encrypt a single file or group of files there are several options. Most encryption software has the ability to encrypt files individually using a password or other key. Many encryption programs have the ability to create an encrypted “virtual drive”. This is an encrypted file that, when opened with the key, looks like another drive attached to the computer allowing the user to easily open and save files into an encrypted area. Some other applications, like MS Office and OpenOffice, have built-in, single-file encryption features.

Depending on how the encryption software is used, this approach can provide protection from data disclosure when transferring information over the network. E.g. an individual file can be encrypted and then sent as an email attachment, assuming the recipient has the ability to decrypt it.

Multi-user file/folder level

Allowing multiple users to simultaneously access encrypted information is more complicated than a single user. The encryption software must allow the use of either multiple keys (i.e. one for each user) or a shared key (e.g. a shared password). Additionally, the software must deal with multi-user file locking issues (this is usually a problem with the virtual drive approach mentioned in the last section).

This approach can provide an additional layer of protection against the disclosure of highly confidential data on file servers in the event they are compromised. I can also help protect against disclosure on backup media as the files would remain encrypted when backed up.

This approach can get complicated if not all users have the encryption software installed, or they are not configured consistently. This could lead users being unable to access encrypted information or incorrectly believing they

giphy (1)
giphy (2)
giphy (3)
giphy (4)
Continue reading "Glass or adamantium shield?"

10 be or not 10 be

--Originally published at The shield of the world

¿Quién soy?

Mi nombre es David, soy de una ciudad costera y estoy apunto de terminar mi carrera en Ingeniería en Tecnologías Electrónicas. Esta es una de mis clases finales y optativas.

This blog was idea of my profesor for this class, TC2027 I know, not everybody knows what this mean, this class name is Computer and Information Security so this will be the main topic, but I probably will share something else with you guys.

So, about the language in this blog…there will be post in english and in spanish, I really like them and enjoying the possibilities that this languages have to offer. Why just two? I still haven’t learned another. And my english is by any way perfect, so feel free to correct me.

Amo lo videojuegos, mi primer recuerdo al respecto es ver llegar a mis abuelos de un viaje a EU, me parece, con un PSOne en sus manos ¿Qué era eso? Uno de mis mayores hobbies y de lo que más disfruto. Jugué N64, PSOne, PS2, Wii y de ahí di el salto a la magnifica “Pc Master Race”.

giphy

Gif obtenido de Giphy

Me encanta leer, pero es realmente extraña la vez que me siente y permanezca leyendo por más de una media hora. Mi lectura actual … Trainspotting. Mi genero favorito el distópico.

giphy (1)
Gif obtenido de Giphy

De igual manera, me encanta el cine con el paso del tiempo y a partir de que entré a estudiar la universidad mi paciencia y tiempo disminuyeron exponencialmente, por lo tanto entré al mundo de las series. Pasar de ver algo de 2 horas a episodios de una hora fue algo genial.

Casi olvido uno de mis hobbies más recientes, la fotografía. Siempre había tenido curiosidad acerca de ella y hace un año tuve la oportunidad de

giphy (2)
Continue reading "10 be or not 10 be"